[tor-bugs] #19487 [Obfuscation/meek]: Meek and ReachableAddresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 23 00:22:08 UTC 2016


#19487: Meek and ReachableAddresses
----------------------------------+-----------------
     Reporter:  cypherpunks       |      Owner:  dcf
         Type:  defect            |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Obfuscation/meek  |    Version:
     Severity:  Normal            |   Keywords:
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+-----------------
 This came to my attention through an old StackExchange ticket that the
 Community accound had bumped: http://tor.stackexchange.com/q/9500

 The user appears to have setup some combination of
 `ReachableAddresses`,`FirewallPorts`, and `FascistFirewall`. While the
 ports they can reach might be set correctly, when using `meek` `tor` sees
 the destination address as a fake destination. You end up with a log that
 looks like this:
 {{{
 NOTICE: Bridge at '0.0.2.0:1' isn't reachable by our firewall policy.
 Skipping.
 }}}
 This happens because they haven't defined `0.0.2.0:1` as being a reachable
 address, while in reality it's using (most likely) port 443 on some CDN,
 which might actually be defined reachable.

 Maybe not a common issue but an interesting edge case that may be
 clarified, avoided, or documented somewhere.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19487>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list