[tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 20 17:54:45 UTC 2020


#7349: Obfsbridges should be able to "disable" their ORPort
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  (none)
     Type:  project                              |         Status:  new
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-bridge, SponsorZ, tor-pt,        |  Actual Points:
  proposal-needed, censorship, sponsor19, 040    |
  -roadmap-proposed, anti-censorship-roadmap     |
Parent ID:                                       |         Points:  10
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor28-can
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:50 dfiguera]:
 > > Is it an inbound or outbound firewall?
 > The rule to filter the ORPort was applied to ingress.
 > The bridge has permission to open outbound connections to any address.
 >
 > > Bridges need to accept inbound connections to their ORPort from the
 bridge authority (for its
 > > reachability checks), and from other relays (for the bridge's ORPort
 reachability self-treats),
 > > and from clients. (So any address on the Internet.)
 > A client using a bridge needs to connect to that bridge's ORPort and not
 only to the PT port?

 It depends. I think obfs4 bridges are only distributed by BridgeDB as
 obfs4, and not plain bridges.

 > I was trying to make my bridge a little less vulnerable to detection.
 > Thanks for the clarification, I'll keep an eye on tickets related to
 this to see the progress.

 You'll need to allow at least the bridge authority and most relays to
 connect to your ORPort, for the various reachability checks.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7349#comment:51>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list