[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 28 Jun 2013 17:01:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 28 Jun 2013 13:02:01 -0400
In-reply-to: <046.671e2be016049bad7ee8257702cf292d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.671e2be016049bad7ee8257702cf292d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#7550: BridgeDB email responder is not interactive
----------------------+-----------------------------------------------------
 Reporter:  aagbsn    |          Owner:                   
     Type:  defect    |         Status:  needs_information
 Priority:  normal    |      Milestone:                   
Component:  BridgeDB  |        Version:                   
 Keywords:            |         Parent:                   
   Points:            |   Actualpoints:                   
----------------------+-----------------------------------------------------

Comment(by aagbsn):

 Replying to [comment:5 sysrqb]:
 > Replying to [comment:4 asn]:
 > > Is the rate limiting based on the IP of the client?
 > >
 >
 > It's based on the email address. Currently, an email address is allowed
 to request bridges every 3 hours (they won't receive new bridges with
 every request, though). If an email is received from the same address
 within a three hour period, the first email will be responded to with
 bridges, the second will contain a warning that says they are requesting
 bridges too frequently, and all subsequent emails will be ignored until
 the time period is passed.
 >
 > > Also, what is the point of rate limiting in BridgeDB? A user with a
 single IP shouldn't be able to get more than a bunch of bridges anyway,
 right?
 >
 > Right, maybe aagbsn (or arma, nickm, Karsten) have a better answer,
 because within a single time period we should return the same bridges.
 That being said, maybe the rate limiting is to reduce the number of emails
 bridgedb needs to process by disincentivizing users spamming it? I don't
 see a reason for bridgedb to respond to multiple emails within the time
 period if it will be responding with the same bridges each time.

 This. We also see a barrage of requests over HTTPS.

 Sadly, the attackers/scrapers simply register "creative" names
 (somename0001@xxxxxxxxx, somename0002@xxxxxxxxx .. somename0020@xxxxxxxxx)
 and keep at it.

 Any ideas? Text CAPTCHA? ASCII-art cats?

 --Aaron

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7550#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9166 [Tor]: Write a UTP-based channel implementation
Next by Author: [tor-bugs] #9167 [Flashproxy]: Find a more stable key pinning scheme for www.google.com
Previous by thread: Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive
Next by thread: Re: [tor-bugs] #7550 [BridgeDB]: BridgeDB email responder is not interactive
Index(es):
- Author
- Thread