[tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)
s7r
s7r at sky-ip.org
Wed May 20 15:48:52 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Speaking of, it's a long time I have been asking myself this, why does
a bridge with PT need a publicly open ORPort?
I understand it for a regular bridge, no PT, but when I use PTs why
should I also open the ORPort publicly? I understand the PT needs to
talk to Tor via its ORPort, but can't we make this happen on
127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't
tell what it is, just does a full port scan on the destination and
sees an ORPort open.
On 5/20/2015 6:10 PM, Philipp Winter wrote:
> On Wed, May 20, 2015 at 10:42:27AM +0800, Virgil Griffith wrote:
>> Tom: If a hostile relay receives a connection from a ip-address A
>> that is not listed in the Tor consensus, as far as I understand
>> the hostile relay stills has two possibilities about ip-address
>> A:
>>
>> (1) A is the client (2) A is a bridge
>>
>> I do not understand how the "reverse renumeration" attack you
>> mention (p136 of your 100-ft-summary) is able to distinguish
>> between these two cases.
>
> If the hostile relay has no Guard flag, it shouldn't receive
> direct connections from clients. If it does have the Guard flag,
> it could port scan the previous hop to see if it has an open (OR)
> port. (Active probing-resistant bridges would leave some
> uncertainty, though.)
>
> Some more details about this attack are in Section III.D of:
> <http://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf>
>
> Cheers, Philipp
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJVXKzkAAoJEIN/pSyBJlsR4F8IAJHw5iXWkWlA9jUirPEpsSwy
DcRlkE1r+Rs8ameaztQSabXdGFlFcFBmYq6qmILJlgm/a8jhfOo2TmlX0fvJypX2
jUobgqulxO5lTgdPDWZhCNWXFNcTUyER8WF/wTirBBG1lRyl/mgtmwSkLODYSlkp
42RDwSryB+0CMbIdK0QCKxQ2y8iS0LGHHxM4ReXHPH2g8OYtnR9Cwp0gV9bG7Siw
hYyiYBtNGjGr+NB9770LinL7Ct8NzZ1qpBM4yG4fXtEM4JWKLADrd0cyx7c5Nq4w
paLbbiN55jErRBtrOyDLdGS8bRuFEsJlgzUZCBBkFe/IA0ApNeCCX9iNRwrdgFc=
=uxxl
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list