-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Speaking of, it's a long time I have been asking myself this, why does a bridge with PT need a publicly open ORPort?
I understand it for a regular bridge, no PT, but when I use PTs why should I also open the ORPort publicly? I understand the PT needs to talk to Tor via its ORPort, but can't we make this happen on 127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't tell what it is, just does a full port scan on the destination and sees an ORPort open. On 5/20/2015 6:10 PM, Philipp Winter wrote: > On Wed, May 20, 2015 at 10:42:27AM +0800, Virgil Griffith wrote: >> Tom: If a hostile relay receives a connection from a ip-address A >> that is not listed in the Tor consensus, as far as I understand >> the hostile relay stills has two possibilities about ip-address >> A: >> >> (1) A is the client (2) A is a bridge >> >> I do not understand how the "reverse renumeration" attack you >> mention (p136 of your 100-ft-summary) is able to distinguish >> between these two cases. > > If the hostile relay has no Guard flag, it shouldn't receive > direct connections from clients. If it does have the Guard flag, > it could port scan the previous hop to see if it has an open (OR) > port. (Active probing-resistant bridges would leave some > uncertainty, though.) > > Some more details about this attack are in Section III.D of: > <http://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf> > > Cheers, Philipp > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJVXKzkAAoJEIN/pSyBJlsR4F8IAJHw5iXWkWlA9jUirPEpsSwy DcRlkE1r+Rs8ameaztQSabXdGFlFcFBmYq6qmILJlgm/a8jhfOo2TmlX0fvJypX2 jUobgqulxO5lTgdPDWZhCNWXFNcTUyER8WF/wTirBBG1lRyl/mgtmwSkLODYSlkp 42RDwSryB+0CMbIdK0QCKxQ2y8iS0LGHHxM4ReXHPH2g8OYtnR9Cwp0gV9bG7Siw hYyiYBtNGjGr+NB9770LinL7Ct8NzZ1qpBM4yG4fXtEM4JWKLADrd0cyx7c5Nq4w paLbbiN55jErRBtrOyDLdGS8bRuFEsJlgzUZCBBkFe/IA0ApNeCCX9iNRwrdgFc= =uxxl -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
