[tor-bugs] #5028 [Ooni]: Tor bridge scanning

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 23:53:08 UTC 2012 

#5028: Tor bridge scanning
---------------------+------------------------------------------------------
 Reporter:  hellais  |          Owner:  runa                     
     Type:  project  |         Status:  assigned                 
 Priority:  normal   |      Milestone:  Sponsor F: March 15, 2012
Component:  Ooni     |        Version:                           
 Keywords:           |         Parent:                           
   Points:           |   Actualpoints:                           
---------------------+------------------------------------------------------

Comment(by ioerror):

 Replying to [comment:33 karsten]:
 > Replying to [comment:32 ioerror]:
 > > The deliverable is being driven by a sponsorship item. However, the
 circumstances have since changed - active probing in China means that
 blocking happens in a different, additive, set of ways. Some IPs are on a
 blocklist, some are added by their behavior; thus any scan to a real
 bridge with a tcp connection will merely tell us that the bridge is not on
 the block list but any attempt to use it will almost certainly result in
 an active probe that in turn will probably block the bridge. Any result
 from the TCP connect scan will be either 0) possibly confirmation that the
 IP is blocked 1) a false negative where we believe the bridge is unblocked
 or 2) we will cause the bridge to be discovered and then actually blocked.
 > >
 > > So why risk it? Because a funder has a line item? It seems like we
 should be smarter than that and not be so hung up on line items that we
 created before the environment changed.
 > >
 > > Thus, my point was to be both humorous and also to be blunt - doing a
 scan of bridges may simply result in those bridges being instantly blocked
 or just as likely, I think the data will be inconclusive.
 >
 > I think I understand your concerns.  But that doesn't mean it's
 impossible to obtain "some sort of automated ground truth of bridge
 reachability from some countries" which is what we promised in the
 deliverable.

 We already have that ground truth, don't we?

 Obfu bridges are generally reachable, tls bridges are generally blocked
 either before we test or by confirmation with a follow up probe. Has that
 changed? Are we doing a scan of the obfu bridges? Or just the normal
 HTTPS/TLS bridges?

 > The TCP scan of HTTPS bridges may not be the best approach, but it's the
 best we have right now.  At least so far I only heard "oh noes, don't do
 it," not "here's a better way to deliver what we promised, and we can do
 it within 3 days."  Until I hear the latter I'll stick with the approach
 we have.  I don't know if the results will be conclusive, but I sure want
 to find out.

 My suggestion is to deliver the news that we know without impacting the
 resources which are scarce. The fact that the ground truth is now "active
 probing" is really quite a thing! If that is indeed still happening, of
 course.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5028#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list