Delivery-Date: Wed, 20 May 2015 11:49:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLACK autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BD8BD1E0CBF
	for <archiver@seul.org>; Wed, 20 May 2015 11:49:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6A4DD34FF9;
	Wed, 20 May 2015 15:49:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id ED36834F59
 for <tor-talk@lists.torproject.org>; Wed, 20 May 2015 15:49:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XtWj9JpwkYbF for <tor-talk@lists.torproject.org>;
 Wed, 20 May 2015 15:49:07 +0000 (UTC)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com
 [162.222.225.23])
 by eugeni.torproject.org (Postfix) with ESMTP id D24DD34CEC
 for <tor-talk@lists.torproject.org>; Wed, 20 May 2015 15:49:07 +0000 (UTC)
Received: from [0.0.0.0] (unknown [129.127.254.213])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: s7r@sky-ip.org)
 by outbound.mailhostbox.com (Postfix) with ESMTPSA id A4C6D360CDC
 for <tor-talk@lists.torproject.org>; Wed, 20 May 2015 15:49:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org;
 s=20110108; t=1432136944;
 bh=Z86TI/m+1SvH8gAgPUuJwj0wvwUGZ6I0iRnMoTcxj0I=;
 h=Date:From:Reply-To:To:Subject:References:In-Reply-To;
 b=IT4XZlP7CMK0qRjyWK+JC8A828yIbMpczmFPd+FvI9sAmxDIduKFdNcIy4lcy8+K5
 v+4CEhOWBkNd/xAfYqh+QqEzhRNH5xybhmUI4v7LPV9xt0+fq45LDP9T2QVP9kQgew
 fNV23HcEs1nJJCOMLk5H3GFSxqMhlv5sCsyZ9a4A=
Message-ID: <555CACE4.8020403@sky-ip.org>
Date: Wed, 20 May 2015 18:48:52 +0300
From: s7r <s7r@sky-ip.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CADop2NHxbKqiMVAW0uzfTGA-wa6Nuv+x6aGAGRDiE=5Af+oUPQ@mail.gmail.com>
 <20150520151004.GB30057@nymity.ch>
In-Reply-To: <20150520151004.GB30057@nymity.ch>
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=BONO1wkG c=1 sm=1 tr=0
 a=HiF5KT3hMqRx/1Jgah29RA==:117 a=HiF5KT3hMqRx/1Jgah29RA==:17
 a=-NIMs_s3AAAA:8 a=QrohdLjRRo4A:10 a=N659UExz7-8A:10 a=bvjBBkZ6AAAA:8
 a=3A2h-St1AAAA:8 a=lcfwLRa7mW1uqFU8WKMA:9 a=7qZWEJL9E9n6uSiM:21
 a=HYfgg1VyRu8vr7MI:21 a=pILNOxqGKmIA:10
X-CTCH-RefID: str=0001.0A020202.555CACF0.03B2, ss=2, re=0.000, recu=0.000,
 reip=0.000, cl=2, cld=1, fgs=64
X-CTCH-VOD: Unknown
X-CTCH-Spam: Suspect
X-CTCH-Score: 0.000
X-CTCH-Rules: 
X-CTCH-Flags: 64
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: s7r@sky-ip.org
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93
Subject: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot
 overview on Tor)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Speaking of, it's a long time I have been asking myself this, why does
a bridge with PT need a publicly open ORPort?

I understand it for a regular bridge, no PT, but when I use PTs why
should I also open the ORPort publicly? I understand the PT needs to
talk to Tor via its ORPort, but can't we make this happen on
127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't
tell what it is, just does a full port scan on the destination and
sees an ORPort open.

On 5/20/2015 6:10 PM, Philipp Winter wrote:
> On Wed, May 20, 2015 at 10:42:27AM +0800, Virgil Griffith wrote:
>> Tom: If a hostile relay receives a connection from a ip-address A
>> that is not listed in the Tor consensus, as far as I understand
>> the hostile relay stills has two possibilities about ip-address
>> A:
>> 
>> (1) A is the client (2) A is a bridge
>> 
>> I do not understand how the "reverse renumeration" attack you
>> mention (p136 of your 100-ft-summary) is able to distinguish
>> between these two cases.
> 
> If the hostile relay has no Guard flag, it shouldn't receive
> direct connections from clients.  If it does have the Guard flag,
> it could port scan the previous hop to see if it has an open (OR)
> port.  (Active probing-resistant bridges would leave some
> uncertainty, though.)
> 
> Some more details about this attack are in Section III.D of: 
> <http://www.cs.uml.edu/~xinwenfu/paper/Bridge.pdf>
> 
> Cheers, Philipp
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVXKzkAAoJEIN/pSyBJlsR4F8IAJHw5iXWkWlA9jUirPEpsSwy
DcRlkE1r+Rs8ameaztQSabXdGFlFcFBmYq6qmILJlgm/a8jhfOo2TmlX0fvJypX2
jUobgqulxO5lTgdPDWZhCNWXFNcTUyER8WF/wTirBBG1lRyl/mgtmwSkLODYSlkp
42RDwSryB+0CMbIdK0QCKxQ2y8iS0LGHHxM4ReXHPH2g8OYtnR9Cwp0gV9bG7Siw
hYyiYBtNGjGr+NB9770LinL7Ct8NzZ1qpBM4yG4fXtEM4JWKLADrd0cyx7c5Nq4w
paLbbiN55jErRBtrOyDLdGS8bRuFEsJlgzUZCBBkFe/IA0ApNeCCX9iNRwrdgFc=
=uxxl
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

