[tor-bugs] #7349 [Tor]: Obfsbridges should be able to "disable" their ORPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 9 19:43:55 UTC 2012
#7349: Obfsbridges should be able to "disable" their ORPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version:
Keywords: tor-bridge | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by arma):
Replying to [ticket:7349 asn]:
> In the future, we will want obfsbridges to only expose their obfsports
and not their ORPort, otherwise an adversary can launch an active-scanning
attack against the ORPort.
>
> We should spec and implement a torrc option that hides the ORPort of
obfsbridges.
Suggestions on what to call it?
> Maybe it should make the ORPort bind on localhost. But what happens if
the transport proxy is not on the same host as the ORPort?
I think "bind just to localhost" is a fine default. For people who put
their transport somewhere else, they should be able to follow directions
(as long as we write said directions and they're not too complex).
This config option should also disable the ORPort reachability testing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7349#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list