[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4743 [Pluggable transport]: obfsproxy: obfs2 server sends handshake message on client connection
#4743: obfsproxy: obfs2 server sends handshake message on client connection
------------------------------------+---------------------------------------
Reporter: asn | Owner: asn
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
------------------------------------+---------------------------------------
Changes (by asn):
* status: closed => reopened
* resolution: wontfix =>
Comment:
Another reason to do this, is that obfs2 with a shared secret and this
ticket implemented can act as a poor man's bridge password, without us
changing tor.git at all.
An attacker who connects to obfs2 and doesn't know the shared secret, will
get a TCP RST from the server, which is not too unusual in the Internet.
And if a TCP RST is too sketchy, we can probably also patch it so that the
server closes the connection gracefully.
Of course, this is just a silly temporary solution till 189/190/191 (or
any other bridge password scheme) gets implemented, since it's not a
really flexible solution and there are still active fingerprints to be
exploited (like the fact that obfsproxy always reads
`OBFUSCATE_SEED_LENGTH+8` bytes before deciding whether to accept or reset
a connection). Still, it seems to me that it would help in real life.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4743#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs