[tor-relays] Protecting the bridge port from active probes

Marek Szuba scriptkiddie at wp.pl
Thu Mar 28 17:08:38 UTC 2019


I run a private obfuscated Tor bridge for myself and some friends. All
in all it has worked fine so far but having recently run some security
scans on the bridge host, I now wonder how resistant to active probing
my bridge is. Apologies if this has already been asked, I have yet to
find a searchable archive of this list.

Anyway, here is my logic. In order to operate properly, my bridge must
have its ORPort reachable from the Internet. I have chosen a port to be
used for this purpose at random but these days, scanning all 64k TCP
ports on a host takes mere minutes. The X.509 server certificate offered
on the ORPort is rather suspicious, if only because of the randomly
generated name; I suspect there might be other peculiarities as well.
Therefore, I strongly suspect that it wouldn't take more than a few
minutes for any attacker employing active probing to detect my bridge
and block access to it.

Does this make sense? And in any case, is there anything else I could do
to protect my bridge against active probing? The best I could come up
with is to make the bridge host periodically change the ORPort, I reckon
wouldn't really help because if I had to restart tor on the bridge every
few minutes the it wouldn't be of much use connectivity-wise. Having the
border firewall block or slow down suspected port scans might perhaps
make it possible to change the ORPort less frequently but alas, I have
no control over the border firewall beyond being able to ask to open or
close specific ports on my host.

Thank you in advance for your time.


More information about the tor-relays mailing list