On Sun, Apr 29, 2018 at 03:41:47PM -0400, Nathaniel Suchy (Lunorian) wrote: > Thank you for clarifying that. The obfs4 bridges you can get at > bridges.torproject.org also pose an interesting risk, the ports each > Bridge IP Address is using seem to be non-standard, I'm in the US and > most networks I am at do not censor although sometimes certain ports at > public wifi networks are blocked, could a threat actor threatening you > or tor users in general realize an IP Address was a Tor Bridge by > identifying a large amount of traffic to a non-standard port on random > datacenter IP Addresses?
Yes, it is possible. There's nothing magical about how Tor sends the traffic and none of the currently-deployed pluggable transports significantly modify a users traffic pattern. A network operator could observe strange traffic from a client, where the destination is a rarely used IP address and the port number is non-standard. This could be a Tor connection or it could be a brand-new up-and-coming app which could revolutionalize the world. What does the network operator do? Do they block the traffic because it *could* be a connection into the Tor network? Of course, there is the next step the network operator could take - active probing. If they suspect a connection is into a Tor bridge, then they can try connecting to it, and if it responds like a Tor relay then they can classify it as "Tor". The obfs4 pluggable transport includes active probing protection where the client must have the bridge's non-public second identity key as requirement for establishing a connection with the bridge. If the client does not have this identity key, then the initial obfs4 connection will fail and the server will not leak the fact there is a Tor bridge underneath it. > > You can tell Tor Browser your Firewall only allows connections to > certain ports which I assume when used with bridges would help further > hide the fact you are using Tor. Not necessarily. That option only tells Tor "don't choose a relay as my first-hop (guard/entry relay) if I know it will be blocked". This simply avoids choosing a relay listening on port 9999 when we already know the network firewall only allows ports 443 and 80. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
