Delivery-Date: Wed, 20 May 2015 17:32:33 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C0D391E1382
	for <archiver@seul.org>; Wed, 20 May 2015 17:32:31 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A2E3E34A83;
	Wed, 20 May 2015 21:32:27 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7D04734A58
 for <tor-talk@lists.torproject.org>; Wed, 20 May 2015 21:32:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 871KqtTgACIL for <tor-talk@lists.torproject.org>;
 Wed, 20 May 2015 21:32:24 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 12BB834970
 for <tor-talk@lists.torproject.org>; Wed, 20 May 2015 21:32:24 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id 77F511E1382; Wed, 20 May 2015 17:32:21 -0400 (EDT)
Date: Wed, 20 May 2015 17:32:21 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20150520213221.GK7800@moria.seul.org>
References: <CADop2NHxbKqiMVAW0uzfTGA-wa6Nuv+x6aGAGRDiE=5Af+oUPQ@mail.gmail.com>
 <20150520151004.GB30057@nymity.ch> <555CACE4.8020403@sky-ip.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <555CACE4.8020403@sky-ip.org>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot
 overview on Tor)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote:
> Speaking of, it's a long time I have been asking myself this, why does
> a bridge with PT need a publicly open ORPort?
> 
> I understand it for a regular bridge, no PT, but when I use PTs why
> should I also open the ORPort publicly? I understand the PT needs to
> talk to Tor via its ORPort, but can't we make this happen on
> 127.0.0.1? Right now if a 'watcher' sees obfs4proxy traffic and can't
> tell what it is, just does a full port scan on the destination and
> sees an ORPort open.

Correct.

This is
https://trac.torproject.org/projects/tor/ticket/7349

You might also enjoy the other tickets linked from
https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorS/PluggableTransports

> > If the hostile relay has no Guard flag, it shouldn't receive
> > direct connections from clients.  If it does have the Guard flag,
> > it could port scan the previous hop to see if it has an open (OR)
> > port.

For more bridge discovery attacks, a good first reading material is
https://blog.torproject.org/blog/research-problems-ten-ways-discover-tor-bridges

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

