Opened 19 months ago

Last modified 11 days ago

#23089 new defect

Most of bridges share the same 3 subnets. What if this subnets got blocked? It will be devastating!

Reported by: cypherpunks Owned by:
Priority: Very High Milestone:
Component: Obfuscation/Pluggable transport Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

Change History (11)

comment:1 Changed 19 months ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 get blocked?What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/32 got blocked?

comment:2 Changed 19 months ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/32 got blocked?What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?

comment:3 Changed 19 months ago by cypherpunks

Summary: What if 194.132.0.0/16 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?What if 194.132.209.0/24 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?

comment:4 Changed 19 months ago by cypherpunks

It seems like you disclose some information fetched from bridges.tpo, please don't do that.

If bridge got blocked you can to request new one.

comment:5 Changed 19 months ago by yawning

Resolution: invalid
Status: newclosed

Then other people should step up and run bridges, instead of just Torservers. But this isn't a bug, it's more an outreach problem.

comment:6 Changed 19 months ago by cypherpunks

Summary: What if 194.132.209.0/24 and 149.202.98.0/24 and 192.36.31.0/24 got blocked?What if 0.0.0.0/0 got blocked?

comment:7 Changed 19 months ago by cypherpunks

Resolution: invalid
Status: closedreopened
Summary: What if 0.0.0.0/0 got blocked?Most of bridges share the same 3 subnets. What if this subnets got blocked? It will be devastating!

It seems like you disclose some information fetched from bridges.tpo, please don't do that.

Why? It's easy for everyone to download some bridges' addresses, look at them, spot common subnets and create just 3 firewall rules to block most of them, even unknown? Its not a bug, its a vuln!

If bridge got blocked you can to request new one.

How can I request a new one if TPO websites are blocked? And what if I requested a new one and would be given the new one already blocked?

Last edited 19 months ago by cypherpunks (previous) (diff)

comment:8 Changed 19 months ago by cypherpunks

Why? It's easy for everyone to download some bridges' addresses, look at them, spot common subnets and create just 3 firewall rules to block most of them, even unknown? Its not a bug, its a vuln!

First:

Then other people should step up and run bridges, instead of just Torservers. But this isn't a bug, it's more an outreach problem.

Second, reality is different. For me only 1/10 bridges from bridges.tpo was affected by your "3 firewall rules".

How can I request a new one if TPO websites are blocked? And what if I requested a new one and would be given the new one already blocked?

Try e-mail?

comment:9 Changed 19 months ago by cypherpunks

Try e-mail?

Assume that email, SMS, social networks, messengers, forums, phone (both binary and voice communications), any other unencrypted channels are censored too and that people trying to acquire bridges using such personalized channels are prosecuted. Bridges must be acquired stealthy. Noone must know that you are using a bridge except the bridge itself.

Second, reality is different. For me only 1/10 bridges from bridges.tpo was affected by your "3 firewall rules".

Maybe.

Last edited 19 months ago by cypherpunks (previous) (diff)

comment:10 Changed 2 weeks ago by teor

Owner: asn deleted
Status: reopenedassigned

asn does not need to own any obfuscation tickets any more. Default owners are trouble.

comment:11 Changed 11 days ago by cohosh

Status: assignednew

tickets were assigned to asn, setting them as unassigned (new) again.

Note: See TracTickets for help on using tickets.