[tor-bugs] #4771 [BridgeDB]: bridgedb should make clearer in its logs which addresses it knows are from bulk-exitlist
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 30 08:50:38 UTC 2015
#4771: bridgedb should make clearer in its logs which addresses it knows are from
bulk-exitlist
--------------------------+--------------------------------------------
Reporter: arma | Owner: isis
Type: defect | Status: needs_review
Priority: minor | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: isis2015Q1Q2, isisExB, isisExC
Actual Points: | Parent ID:
Points: |
--------------------------+--------------------------------------------
Comment (by isis):
Replying to an email from Robert Ransom:
> Replying to [comment:18 isis]:
> > Replying to an email from Robert Ransom:
> > > Replying to
[https://trac.torproject.org/projects/tor/ticket/4771#comment:14 isis]:
> > > > * Should we still be grouping clients by `/24`s? What adversary
is that effective against? I realise that it isn't very difficult to get a
class C subnet, but it isn't very difficult to get addresses in different
`/24`s. Should we make the groups bigger, i.e. group clients by which
`/16` they are coming from?
> > >
> > > I thought it was /16, or at least intended to be /16, once, but I
was probably confusing BridgeDB with Tor's implicit IP-based ‘families’
(i.e. no two relays in the same /16 will be chosen for the circuit).
> >
> > Do you think it should be changed to /16? Truncating to /24 just
seems like it would stop someone at Noisebridge from getting multiple sets
of lines (Noisebridge has a /24). I don't really see what that
accomplishes. I thought that the NSA has a bunch of /8s? And China has
even crazier, they can just spoof the IP of *anything* in China.
> >
> > I kind of think we should be grouping clients according to what
country they are coming from… that is at least marginally difficult to
change.
> >
>
> Think about it this way: If BridgeDB splits the bridge supply by /24,
then every bridge provided by HTTPS to a user in China can be obtained by
Chinese censors. If BridgeDB splits the bridge supply by /16, then every
bridge provided by HTTPS to a user in China can be obtained by Chinese
censors. If BridgeDB splits the bridge supply by GeoIP country, then
every bridge provided by HTTPS to a user in China can be obtained by
Chinese censors, *and* every HTTPS-over-Tor bridge user in China will DDoS
the snot out of the same few bridges with honest connection attempts and
GFW RST packets.
Yeah, you're right, using the `countryCode` as the `area` would be a bad
idea. It would give the government of country which doesn't already have
the power to pretend to be any IP within their country that power.
I'm still somewhat inclined to change /24 to /16, if for nothing else than
to mimic Tor's behaviour with respect to what constitutes addresses which
could feasibly be under the control of the same adversary.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4771#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list