Opened 11 months ago

Last modified 6 weeks ago

#31103 new enhancement

Support ORPort picking a random port that persists across restarts

Reported by: phw Owned by:
Priority: Medium Milestone:
Component: Core Tor/Tor Version:
Severity: Normal Keywords: network-team-roadmap-2020Q1, network-team-roadmap-2020Q2
Cc: ahf, gaba, catalyst Actual Points:
Parent ID: #30471 Points: 1
Reviewer: Sponsor: Sponsor28-must

Description

A bridge's transport port and OR port are semi-secret. We don't want a bridge to listen on port 9001 because it would facilitate Internet-wide scanning: a censor could scan the entire IPv4 address space for port 9001 and block all bridges they discover this way. We therefore encourage operators to not set ServerTransportListenAddr, which makes Tor pick a random port and write it to its state file, so it persists across restarts. Bridge operators can then whitelist this port in their firewall configuration.

Bridge operators may welcome a similar option for ORPort. However, when setting ORPort to auto, Tor attempts to find a new port each time it starts. This means that operators would have to re-configure their firewalls after each restart.

In the short term, we should instruct operators to pick their own ports and explicitly set them for both ORPort and ServerTransportListenAddr but in the long term we may want ORPort to be able to pick a random port and save it to Tor's state file.

Child Tickets

Change History (11)

comment:1 Changed 11 months ago by phw

Parent ID: #30471

comment:2 Changed 11 months ago by teor

Cc: gaba added

Gaba, this seems important, should we put it in the PT sponsor?

comment:3 Changed 10 months ago by gaba

Keywords: anti-censorship-roadmap-november added
Points: 0.51
Sponsor: Sponsor28-can

comment:4 Changed 10 months ago by gaba

Keywords: network-team-roadmap-november added; anti-censorship-roadmap-november removed

comment:5 Changed 10 months ago by gaba

Sponsor: Sponsor28-canSponsor28-must

comment:6 Changed 4 months ago by gaba

Keywords: network-team-roadmap-2020Q1 added; network-team-roadmap-november removed

Leftover from roadmap in November. Move into the roadmap for this year as this is a must for sponsor 28.

comment:7 Changed 2 months ago by gaba

Cc: catalyst added

comment:8 Changed 7 weeks ago by gaba

Keywords: network-team-roadmap-2020Q2 added

move tickets into the 2020 Q2 roadmap for the network team

comment:9 in reply to:  description ; Changed 7 weeks ago by catalyst

Replying to phw:

Bridge operators may welcome a similar option for ORPort. However, when setting ORPort to auto, Tor attempts to find a new port each time it starts. This means that operators would have to re-configure their firewalls after each restart.

By this, do you mean non-PT ("vanilla") bridges? I think there's a separate ticket(#7349) for PT bridges to be able to disable their ORPort to mitigate some bridge confirmation attacks.

comment:10 Changed 7 weeks ago by teor

I think it would be helpful for both ORPort (relays, non-PT bridges) and ServerTransportListenAddr (PT bridges) to save their random ports in the state file.

I also think it's important that we implement this code for all ORPorts, not just the IPv4 ORPort. While it's harder to scan the entire allocated IPv6 address space, targeted scanning is still possible.

comment:11 in reply to:  9 Changed 6 weeks ago by phw

Replying to catalyst:

Replying to phw:

Bridge operators may welcome a similar option for ORPort. However, when setting ORPort to auto, Tor attempts to find a new port each time it starts. This means that operators would have to re-configure their firewalls after each restart.

By this, do you mean non-PT ("vanilla") bridges? I think there's a separate ticket(#7349) for PT bridges to be able to disable their ORPort to mitigate some bridge confirmation attacks.


I mean both vanilla and obfuscated bridges because both expose an OR port (as long as #7349 isn't fixed yet).

However, if we fix #7349 and obfuscated bridges no longer need an open OR port, this ticket becomes less relevant.

Note: See TracTickets for help on using tickets.