Re: [tor-dev] Internet-wide scanning for bridges

[Vlad Tsyrklevich <vlad@xxxxxxxxxxxxxxx>]

I'm not against keeping some around, but this warning is unlikely to turn around the thousands that currently match this configuration--hopefully it'll just encourage future bridge operators to use a 'safer' configuration. The obfs4proxy README shows users how to set-up obfs4 running over port 443 which is probably the most desirable option: those users can evade network restrictions without enabling discovery by scanning.

On Sun Dec 14 2014 at 10:35:16 AM Philipp Winter <phw@xxxxxxxxx> wrote:

On Fri, Dec 12, 2014 at 04:33:05PM -0800, Vlad Tsyrklevich wrote:
> I've attached a patch to warn bridge operators running with ORPort set to
> 443 or 9001 as a stop-gap measure.

You are raising good points here but keep in mind that we also want at
least *some* (vanilla) bridges which run on port 443. There are some
adversaries such as captive portals which only allow communication over
a small set of ports and 443 is one of these ports. While these bridges
would easily fall prey to Internet-wide scanning, they would still be
useful for users behind captive portals.

Cheers,
Philipp
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev