Hi,
Thanks for running bridges!
On Wed, Dec 29, 2021 at 02:37:48PM +0000, Space Oddity via tor-relays wrote:
Hello Tor people, just me chipping in about recent event.
Today, I discovered that somewhere around Dec, 22, all three of my recently launched bridges have been censored on at least one network (MegaFon Moscow AS25159). Metrics show a drastic traffic drop in the range of Dec, 21-23 for all three bridges.
Investigating further, I discovered (using tcptraceroute/nc) that all three hosts started responding with RSTs to all of their open ports (not only bridge ports but SSH and other recently opened ports too). NATd source IP address was unchanged from my usual one in every case.
One of the bridges had distribution method set to HTTPS, and the other two were distributed via Moat. All ran recent Tor 0.4.6.8 Docker image.
NB: One of the bridges has incorrect 'First seen' date on the metrics portal - it displays '2021-12-25' despite being launched several days prior.
To summarize:
- Bridge blocking happens via the common 'fast RST' method
- It happened relatively quickly (all bridges are less than 10 days uptime by now).
- Somehow, all three of my recently launched bridges were blacklisted despite using different ASs/hosters/countries for each. Is it a coincidence, or it's because Moat prefers to hand out newer bridges first, or due to something else entirely?
Russia is enumerating and blocking Tor bridges. They've enumerated and blocked bridges twice: Dec 1st and during xmas (Dec 22-24). It's not clear how and how many bridges they've enumerated. Perhaps they're bypassing BridgeDB captcha[1].
I recommend following up this thread: https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021-...
And if possible, please rotate your bridge IP address.
Also, I can not rule out that some step in my distribution chain was compromised -- I gave out these bridges privately to a few friends.
I don't think so as I also saw my new bridges getting blocked during xmas too.
-- Best regards, Space Oddity.
cheers, Gus
[1] https://lists.torproject.org/pipermail/anti-censorship-team/2021-December/00...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays