[tor-bugs] #5028 [Ooni]: Tor bridge scanning

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 08:10:26 UTC 2012


#5028: Tor bridge scanning
---------------------+------------------------------------------------------
 Reporter:  hellais  |          Owner:  runa                     
     Type:  project  |         Status:  assigned                 
 Priority:  normal   |      Milestone:  Sponsor F: March 15, 2012
Component:  Ooni     |        Version:                           
 Keywords:           |         Parent:                           
   Points:           |   Actualpoints:                           
---------------------+------------------------------------------------------

Comment(by karsten):

 Replying to [comment:32 ioerror]:
 > The deliverable is being driven by a sponsorship item. However, the
 circumstances have since changed - active probing in China means that
 blocking happens in a different, additive, set of ways. Some IPs are on a
 blocklist, some are added by their behavior; thus any scan to a real
 bridge with a tcp connection will merely tell us that the bridge is not on
 the block list but any attempt to use it will almost certainly result in
 an active probe that in turn will probably block the bridge. Any result
 from the TCP connect scan will be either 0) possibly confirmation that the
 IP is blocked 1) a false negative where we believe the bridge is unblocked
 or 2) we will cause the bridge to be discovered and then actually blocked.
 >
 > So why risk it? Because a funder has a line item? It seems like we
 should be smarter than that and not be so hung up on line items that we
 created before the environment changed.
 >
 > Thus, my point was to be both humorous and also to be blunt - doing a
 scan of bridges may simply result in those bridges being instantly blocked
 or just as likely, I think the data will be inconclusive.

 I think I understand your concerns.  But that doesn't mean it's impossible
 to obtain "some sort of automated ground truth of bridge reachability from
 some countries" which is what we promised in the deliverable.  The TCP
 scan of HTTPS bridges may not be the best approach, but it's the best we
 have right now.  At least so far I only heard "oh noes, don't do it," not
 "here's a better way to deliver what we promised, and we can do it within
 3 days."  Until I hear the latter I'll stick with the approach we have.  I
 don't know if the results will be conclusive, but I sure want to find out.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5028#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list