[tor-relays] Protecting the bridge port from active probes

[Marek Szuba]

Hello,

I run a private obfuscated Tor bridge for myself and some friends. All
in all it has worked fine so far but having recently run some security
scans on the bridge host, I now wonder how resistant to active probing
my bridge is. Apologies if this has already been asked, I have yet to
find a searchable archive of this list.

Anyway, here is my logic. In order to operate properly, my bridge must
have its ORPort reachable from the Internet. I have chosen a port to be
used for this purpose at random but these days, scanning all 64k TCP
ports on a host takes mere minutes. The X.509 server certificate offered
on the ORPort is rather suspicious, if only because of the randomly
generated name; I suspect there might be other peculiarities as well.
Therefore, I strongly suspect that it wouldn't take more than a few
minutes for any attacker employing active probing to detect my bridge
and block access to it.

Does this make sense? And in any case, is there anything else I could do
to protect my bridge against active probing? The best I could come up
with is to make the bridge host periodically change the ORPort, I reckon
wouldn't really help because if I had to restart tor on the bridge every
few minutes the it wouldn't be of much use connectivity-wise. Having the
border firewall block or slow down suspected port scans might perhaps
make it possible to change the ORPort less frequently but alas, I have
no control over the border firewall beyond being able to ask to open or
close specific ports on my host.

Thank you in advance for your time.

-- 
MS