[tor-dev] Internet-wide scanning for bridges
aaron.m.johnson at nrl.navy.mil
Sat Dec 13 13:54:29 UTC 2014
There are even better solutions than this:
1. Port knocking: <https://wiki.archlinux.org/index.php/Port_Knocking>
2. Single-packet authorization: <http://www.cypherpunks.ca/~iang/pubs/bridgespa-wpes.pdf>
ScrambleSuit has implemented something like #2, and its paper (http://www.cs.kau.se/philwint/pdf/wpes2013.pdf) describes its authentication mechanisms as preventing detecting via network-wide scanning. However, I can’t say how it actually got implemented.
> On Dec 13, 2014, at 3:40 AM, Fabio Pietrosanti (naif) - lists <lists at infosecurity.ch> wrote:
> On 12/13/14 1:33 AM, Vlad Tsyrklevich wrote:
>> I've attached a patch to warn bridge operators running with ORPort set
>> to 443 or 9001 as a stop-gap measure.
> IMHO the real point is that Tor, is not employing the techniques that
> used since decades by the COMSEC solutions in the radio-frequency, that
> is "frequency hopping".
> On the internet we have TCP ports, on the radio-spectrum we have frequency.
> Just apply the various, multiple, available, well documented techniques
> used to provide additional L1/L2 safety to the radio-frequency
> transmission techniques to Tor, et voilà, Tor would acquire important
> resiliency properties against massive scanning.
> That's just a concept and approach, it would require a bit more of
> research, but i'm quite confident that would provide very important
> benefit compared to the minor performance issues introduced.
> Fabio Pietrosanti (naif)
> HERMES - Center for Transparency and Digital Human Rights
> http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi
> tor-dev mailing list
> tor-dev at lists.torproject.org
More information about the tor-dev