[tor-dev] Internet-wide scanning for bridges

Vlad Tsyrklevich vlad at tsyrklevich.net
Sun Dec 14 19:06:43 UTC 2014


I'm not against keeping some around, but this warning is unlikely to turn
around the thousands that currently match this configuration--hopefully
it'll just encourage future bridge operators to use a 'safer'
configuration. The obfs4proxy README shows users how to set-up obfs4
running over port 443 which is probably the most desirable option: those
users can evade network restrictions without enabling discovery by scanning.

On Sun Dec 14 2014 at 10:35:16 AM Philipp Winter <phw at nymity.ch> wrote:

> On Fri, Dec 12, 2014 at 04:33:05PM -0800, Vlad Tsyrklevich wrote:
> > I've attached a patch to warn bridge operators running with ORPort set to
> > 443 or 9001 as a stop-gap measure.
>
> You are raising good points here but keep in mind that we also want at
> least *some* (vanilla) bridges which run on port 443.  There are some
> adversaries such as captive portals which only allow communication over
> a small set of ports and 443 is one of these ports.  While these bridges
> would easily fall prey to Internet-wide scanning, they would still be
> useful for users behind captive portals.
>
> Cheers,
> Philipp
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141214/0895a7e7/attachment.html>


More information about the tor-dev mailing list