[tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 8 16:54:48 UTC 2019
#31103: Support ORPort picking a random port that persists across restarts
------------------------------+--------------------
Reporter: phw | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: 0.5 | Reviewer:
Sponsor: |
------------------------------+--------------------
A bridge's transport port and OR port are semi-secret. We don't want a
bridge to listen on port 9001 because it would facilitate Internet-wide
scanning: a censor could scan the entire IPv4 address space for port 9001
and block all bridges they discover this way. We therefore encourage
operators to not set `ServerTransportListenAddr`, which makes Tor pick a
random port and write it to its state file, so it persists across
restarts. Bridge operators can then whitelist this port in their firewall
configuration.
Bridge operators may welcome a similar option for `ORPort`. However, when
setting `ORPort` to auto, Tor attempts to find a new port each time it
starts. This means that operators would have to re-configure their
firewalls after each restart.
In the short term, we should instruct operators to pick their own ports
and explicitly set them for both `ORPort` and `ServerTransportListenAddr`
but in the long term we may want `ORPort` to be able to pick a random port
and save it to Tor's state file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31103>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list