[tor-talk] Tor bridges over ICMP or DNS
a.krey at gmx.de
Fri Sep 8 05:27:42 UTC 2017
On Thu, 07 Sep 2017 21:47:24 +0000, Ben Tasker wrote:
> > Same. Basically, you just need any bridge and a means to tunnel ssh,
> > and the you can 'ssh -L port:bridgeip:bridgeport', and configure
> > tor to use the bridge at localhost:port. This will work as long
> > as not too many people do it.
> In principle, yes. In practice, not so much. SSH to and from China can be
> an absolute pain even for low traffic levels (like, for example, a standard
> SSH session).
There is no plain ssh session on the net here - it is encapsulated in
DNS or ICMP, and supposedly the tunneling does its own flow control
(as in (self-plug) https://github.com/apk/udpmob).
> Sometimes it's might be deliberate interference, but most of
> the time it's a case of combining the headaches of TCP-over-TCP
There is no TCP-over-TCP here, not even TCP. (And no VPN.) The
connection to the bridge is port-forwarded in an SSH session
which in turn is tunneled via UDP/DNS/ICMP.
> Things like sshuttle (https://github.com/apenwarr/sshuttle)
The readme fails to say what it actually does. :-)
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
More information about the tor-talk