Hi David, Couldn't I firewall the non-obfs port so only looback addresses may access it?
Cordially, Nathaniel Suchy On Tue, Aug 21, 2018 at 11:37 AM David Fifield <[email protected]> wrote: > On Mon, Aug 20, 2018 at 02:25:40PM -0400, Nathaniel Suchy wrote: > > Interesting. Is there any reason to not use an obfuscated bridge? > > No, not really. obfs4 resists active probing without any special > additional steps. But I can think of one reason why the MSS trick is > worth trying, anyway. Due to a longstanding bug (really more of a design > issue that's hard to repair), you can't run an obfs4 bridge without also > running a vanilla (unobfuscated) bridge on a different port on the same > IP address. So if anyone ever connects to that vanilla port, the bridge > will get probed and the entire IP address blocked, including the obfs4 > port. > https://bugs.torproject.org/7349 > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
