[tor-bugs] #30579 [Circumvention/Snowflake]: Add more STUN servers to the default snowflake configuration in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 31 23:00:48 UTC 2019


#30579: Add more STUN servers to the default snowflake configuration in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cohosh                               |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/Snowflake              |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  stun, anti-censorship-roadmap-       |  Actual Points:
  october                                        |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor30-can
-------------------------------------------------+-------------------------

Comment (by arlolra):

 > Can we exploit this?

 From my limited understanding, no.  It's not enough to just know the
 external ip.  The client needs to make an outgoing request in order for
 the NAT to add a mapping entry in its table between external ip:port pair
 and the client.  That pair, returned in the response from the STUN server,
 is then communicated to the peer via some signalling method so that
 packets it sends to the external ip are translated to the client.

 See https://en.wikipedia.org/wiki/STUN#Limitations and
 https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30579#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list