Opened 5 years ago

Last modified 18 months ago

#17057 new enhancement

add reverse proxy to bridges

Reported by: elypter Owned by:
Priority: Medium Milestone:
Component: Circumvention/Pluggable transport Version:
Severity: Normal Keywords: tor-bridges tor-pt needs-design term-project-ideas
Cc: Samdney Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


pluggable transports mimic normal traffic like http.
an adversary who is scanning all http traffic in his country could make a list of all the http servers that produce legit amounts of traffic. he then scans all the servers and exclude those which provide legit services. the only servers left now are bridges and a few hidden or password protected services.

he then can block the connection and wait if the client connects to a similar service. if he does the adversary can repeat and collect more bridges until the user gives up.

this could be prevented if the bridge provided an actual service. but this cannot be something like a generic website because it could easily be identified. if the bridge provided a reverse proxy instead then a real web service could be connected. it would look like normal load balancing or normal hosting if the site was only available under the bridge ip.

Child Tickets

Change History (7)

comment:1 Changed 5 years ago by dgoulet

Keywords: bridges added
Milestone: Tor: unspecified
Priority: majornormal

comment:2 Changed 3 years ago by nickm

Keywords: tor-bridges tor-pt needs-design term-project-ideas added; bridges removed
Severity: Normal

comment:3 Changed 3 years ago by nickm

Component: Core Tor/TorObfuscation/Pluggable transport
Owner: set to asn

comment:4 Changed 3 years ago by nickm

Milestone: Tor: unspecified

comment:5 Changed 22 months ago by Samdney

Cc: Samdney added

comment:6 Changed 19 months ago by teor

Owner: asn deleted
Status: newassigned

asn does not need to own any obfuscation tickets any more. Default owners are trouble.

comment:7 Changed 18 months ago by cohosh

Status: assignednew

tickets were assigned to asn, setting them as unassigned (new) again.

Note: See TracTickets for help on using tickets.