[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Protecting the bridge port from active probes



On Thu, 28 Mar 2019 17:08:38 +0000
Marek Szuba <scriptkiddie@xxxxx> wrote:
 
> Anyway, here is my logic. In order to operate properly, my bridge must
> have its ORPort reachable from the Internet.

I might be wrong, but I got impression that if bridge is using
pluggable transports (obfs3, obfs4, meek, snowflake, etc) then ORPort is
only useful for bridge authority and users which want to use the bridge
without pluggable transports. Communication between pluggable transport
and Tor process is going via ExtORPort which isn't public by default
(binds to localhost). Clients connect to pluggable transport port and
their traffic is obufscated by the transport.

Since your bridge is private then bridge authority is none of your
concerns. In that case you need ORPort reachable only if you have
bridge clients which use bridge without pluggable transports.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays