On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote: > Speaking of, it's a long time I have been asking myself this, why does > a bridge with PT need a publicly open ORPort? > > I understand it for a regular bridge, no PT, but when I use PTs why > should I also open the ORPort publicly? I understand the PT needs to > talk to Tor via its ORPort, but can't we make this happen on > 127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't > tell what it is, just does a full port scan on the destination and > sees an ORPort open.
Correct. This is https://trac.torproject.org/projects/tor/ticket/7349 You might also enjoy the other tickets linked from https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports > > If the hostile relay has no Guard flag, it shouldn't receive > > direct connections from clients. If it does have the Guard flag, > > it could port scan the previous hop to see if it has an open (OR) > > port. For more bridge discovery attacks, a good first reading material is https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
