Opened 7 years ago

Closed 6 years ago

#6874 closed task (not a bug)

Bridge Testing: Indirect Scans

Reported by: isis Owned by: isis
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Keywords: ooni, bridge reachability
Cc: Actual Points:
Parent ID: #6414 Points:
Reviewer: Sponsor:


These need to be further researched and tested. There may also be new methods discovered as time goes on, since some of these methods are pretty obscure.

Summary from the parent ticket:

  1. "Nmap stealth scan" style indirect scan: Send a TCP SYN with a forged IP address header to the bridge, the IP should should actually point to some in-country publicly observable service with sequential or otherwise predictable fields.
  2. Use any website which allows free content upload to give the bridge address as "content" and wait to see if the page times out. This is basically a variant of the vanilla TLS handshake test; however, a downside is that contact with the bridge is measured from wherever the localized server for the content upload site is and may not be in-country.
  3. Use FTP proxies or some similar weird bounce mechanism in-country to obfuscate the purpose of the connection.
  4. Use the canary to force probes to check for us, without the probes actually checking. I'm just going to start calling this idea "quis-custodiet-ipsos-custodes-now-f?!?!?!"
  5. There were other ideas which were as entertaining as they were ridiculous, and there are probably a lot that I haven't thought of yet.

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by isis

Keywords: ooni added
Milestone: Deliverable-Nov2011

The deliverables on these tickets have always been inaccurate; they should have been 'Nov2012'. I'm removing them.

comment:2 Changed 6 years ago by hellais

Resolution: not a bug
Status: newclosed

This ticket is no longer relevant.

Note: See TracTickets for help on using tickets.