[tor-relays] Protecting the bridge port from active probes

Dmitrii Tcvetkov demfloro at demfloro.ru
Thu Mar 28 17:43:34 UTC 2019

On Thu, 28 Mar 2019 17:08:38 +0000
Marek Szuba <scriptkiddie at wp.pl> wrote:
> Anyway, here is my logic. In order to operate properly, my bridge must
> have its ORPort reachable from the Internet.

I might be wrong, but I got impression that if bridge is using
pluggable transports (obfs3, obfs4, meek, snowflake, etc) then ORPort is
only useful for bridge authority and users which want to use the bridge
without pluggable transports. Communication between pluggable transport
and Tor process is going via ExtORPort which isn't public by default
(binds to localhost). Clients connect to pluggable transport port and
their traffic is obufscated by the transport.

Since your bridge is private then bridge authority is none of your
concerns. In that case you need ORPort reachable only if you have
bridge clients which use bridge without pluggable transports.

More information about the tor-relays mailing list