[tor-bugs] #30441 [Circumvention/BridgeDB]: Stop BridgeDB from handing out offline bridges
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 31 01:32:32 UTC 2019
#30441: Stop BridgeDB from handing out offline bridges
-------------------------------------------------+-------------------------
Reporter: phw | Owner: phw
Type: defect | Status:
| assigned
Priority: Very High | Milestone:
Component: Circumvention/BridgeDB | Version:
Severity: Major | Resolution:
Keywords: user-feedback, blog, anti- | Actual Points:
censorship-roadmap |
Parent ID: | Points: 2
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by phw):
Replying to [comment:7 phw]:
> 2. In parallel, we should test if the TCP port of all of our obfs4
bridges is reachable. For those that aren't, we should contact the
operator, or, as a last resort, remove them from BridgeDB.
I built a tool that takes Serge's bridge files as input and scans the TCP
port of obfs4 bridges: https://github.com/NullHypothesis/bridgeauth-
obfs4-scanner
I believe one problem is that Serge's cached-extrainfo and cached-
extrainfo.new do not contain ''all'' bridges that are in networkstatus-
bridges, so the results only represent a lower bound of unreachable obfs4
bridges.
Here's the output for a Serge dump from 2019-05-31 00:34:50:
{{{
[+] 1,304 bridges in network status; 1,024 (78.5%) have 'Running' flag.
[+] 581 (56.7%) of 1,024 bridges with 'Running' flag support obfs4.
[+] 75 (12.9%) of 581 running obfs4 bridges fail to establish TCP
connection.
[+] 47 (62.7%) of 75 unreachable obfs4 bridges have contact info.
}}}
I will send an email to the operators of these bridges and periodically
re-run the script to catch new obfs4 bridges that are unreachable.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30441#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list