[tor-bugs] #30579 [Circumvention/Snowflake]: Add more STUN servers to the default snowflake configuration in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 31 23:00:48 UTC 2019
#30579: Add more STUN servers to the default snowflake configuration in Tor Browser
-------------------------------------------------+-------------------------
Reporter: cohosh | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Circumvention/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: stun, anti-censorship-roadmap- | Actual Points:
october |
Parent ID: | Points: 1
Reviewer: | Sponsor:
| Sponsor30-can
-------------------------------------------------+-------------------------
Comment (by arlolra):
> Can we exploit this?
From my limited understanding, no. It's not enough to just know the
external ip. The client needs to make an outgoing request in order for
the NAT to add a mapping entry in its table between external ip:port pair
and the client. That pair, returned in the response from the STUN server,
is then communicated to the peer via some signalling method so that
packets it sends to the external ip are translated to the client.
See https://en.wikipedia.org/wiki/STUN#Limitations and
https://en.wikipedia.org/wiki/Network_address_translation#Methods_of_translation
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30579#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list