[tor-bugs] #30472 [Circumvention/Pluggable transport]: Implement a mechanism for PT reachability testing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 21 20:30:58 UTC 2019
#30472: Implement a mechanism for PT reachability testing
-----------------------------------------------+---------------------------
Reporter: phw | Owner: phw
Type: project | Status:
| needs_review
Priority: High | Milestone:
Component: Circumvention/Pluggable transport | Version:
Severity: Major | Resolution:
Keywords: reachability | Actual Points:
Parent ID: #30471 | Points:
Reviewer: | Sponsor: Sponsor19
-----------------------------------------------+---------------------------
Comment (by cohosh):
Replying to [comment:7 phw]:
> Replying to [comment:6 cohosh]:
> > - A nicer way to express the timeout
[https://github.com/NullHypothesis/obfs4PortScan/blob/master/handlers.go#L43
here] would be
> > {{{ timeout := 3* time.Second }}}, but even better would be to set a
commented constant at the beginning of the file.
> [[br]]
> Good point, fixed in the following branch:
https://github.com/NullHypothesis/obfs4PortScan/tree/fix/30472
I think the `timeout` input to
[https://github.com/NullHypothesis/obfs4PortScan/blob/fix/30472/handlers.go#L70
isTCPPortReachable] is redudant now.
> [[br]]
> > - Do you also want timestamps in your logs?
> [[br]]
> I would like to keep timestamps because they tell us how much (ab)use
the service is seeing. Do you see any issues with timestamps?
>
As long as you're not logging IP addresses, this seems fine to me. You're
also not exporting the data, it's mostly a consideration in the case that
the machine or service is compromised. I don't see issues with an attacker
getting ahold of the number of requests made and the times at which they
are made. There are probably easier ways to find out whatever information
they would hope to find out from these logs anyway.
> On a related note: I noticed that the http package can log error
messages that include the client's IP address. I included snowflake's safe
logger to prevent this from happening.
> [[br]]
Oh good point, I'm glad the package is useful here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30472#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list