[tor-dev] automatically detect many new identical/similar bridges

isis agora lovecruft isis at torproject.org
Fri Dec 16 02:10:46 UTC 2016


nusenu transcribed 3.9K bytes:
> > Or, alternately, if they submit a bridge descriptor from an AS they
> > are watching, then they know all the bridges in that AS.
> > 
> > And they don't actually need to be in the AS to submit a descriptor
> > with an IP address from that AS.
> 
> Ok that makes it bad to a point where it is pointless. I'm surprised
> that you can get bridge auth to distribute fake bridges for arbitrary
> IPs - I assume that is not actually the case.

Hi nusenu!

Right, these bridges do not actually get distributed.

The BridgeAuthority accepts the descriptor, and, assuming it can't open a
connection to the bridge on the IP:port within the signed bridge descriptor,
it doesn't mark the bridge with the "Running" flag.  Later, BridgeDB receives
a tarball of all the new descriptors from the BridgeAuthority, and BridgeDB
chucks out the bridges without the Running flag (i.e. they don't get added to
the hashring). [0]

[0]: https://gitweb.torproject.org/user/isis/bridgedb.git/tree/bridgedb/Bridges.py?id=78e352ec18bc55bbb519747a1b1d9e909e3640d7#n453

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161216/bba85bdb/attachment.sig>


More information about the tor-dev mailing list