Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-team-roadmap-2020Q1, |  Actual Points:
  network-team-roadmap-2020Q2|
Parent ID:  #30471   | Points:  1
 Reviewer:   |Sponsor:
 |  Sponsor28-must
-+-

Comment (by phw):

 Replying to [comment:9 catalyst]:
 > Replying to [ticket:31103 phw]:
 > > Bridge operators may welcome a similar option for `ORPort`. However,
 when setting `ORPort` to auto, Tor attempts to find a new port each time
 it starts. This means that operators would have to re-configure their
 firewalls after each restart.
 >
 > By this, do you mean non-PT ("vanilla") bridges? I think there's a
 separate ticket(#7349) for PT bridges to be able to disable their `ORPort`
 to mitigate some bridge confirmation attacks.
 [[br]]
 I mean both vanilla ''and'' obfuscated bridges because both expose an OR
 port (as long as #7349 isn't fixed yet).

 However, if we fix #7349 and obfuscated bridges no longer need an open OR
 port, this ticket becomes less relevant.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-team-roadmap-2020Q1, |  Actual Points:
  network-team-roadmap-2020Q2|
Parent ID:  #30471   | Points:  1
 Reviewer:   |Sponsor:
 |  Sponsor28-must
-+-

Comment (by teor):

 I think it would be helpful for both ORPort (relays, non-PT bridges) and
 ServerTransportListenAddr (PT bridges) to save their random ports in the
 state file.

 I also think it's important that we implement this code for all ORPorts,
 not just the IPv4 ORPort. While it's harder to scan the entire allocated
 IPv6 address space, targeted scanning is still possible.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
-+-
 Reporter:  phw  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-team-roadmap-2020Q1, |  Actual Points:
  network-team-roadmap-2020Q2|
Parent ID:  #30471   | Points:  1
 Reviewer:   |Sponsor:
 |  Sponsor28-must
-+-

Comment (by catalyst):

 Replying to [ticket:31103 phw]:
 > Bridge operators may welcome a similar option for `ORPort`. However,
 when setting `ORPort` to auto, Tor attempts to find a new port each time
 it starts. This means that operators would have to re-configure their
 firewalls after each restart.

 By this, do you mean non-PT ("vanilla") bridges? I think there's a
 separate ticket(#7349) for PT bridges to be able to disable their `ORPort`
 to mitigate some bridge confirmation attacks.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
-+
 Reporter:  phw  |  Owner:  (none)
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  network-team-roadmap-2020Q1  |  Actual Points:
Parent ID:  #30471   | Points:  1
 Reviewer:   |Sponsor:  Sponsor28-must
-+
Changes (by gaba):

 * cc: catalyst (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
---+---
 Reporter:  phw|  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  network-team-roadmap-november  |  Actual Points:
Parent ID:  #30471 | Points:  1
 Reviewer: |Sponsor:
   |  Sponsor28-must
---+---
Changes (by gaba):

 * sponsor:  Sponsor28-can => Sponsor28-must


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
---+---
 Reporter:  phw|  Owner:  (none)
 Type:  enhancement| Status:  new
 Priority:  Medium |  Milestone:
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  network-team-roadmap-november  |  Actual Points:
Parent ID:  #30471 | Points:  1
 Reviewer: |Sponsor:  Sponsor28-can
---+---
Changes (by gaba):

 * keywords:  anti-censorship-roadmap-november => network-team-roadmap-
 november


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:  anti-censorship-roadmap-november  |  Actual Points:
Parent ID:  #30471| Points:  1
 Reviewer:|Sponsor:
  |  Sponsor28-can
--+
Changes (by gaba):

 * keywords:   => anti-censorship-roadmap-november
 * points:  0.5 => 1
 * sponsor:   => Sponsor28-can


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #30471| Points:  0.5
 Reviewer:|Sponsor:
--+
Changes (by teor):

 * cc: gaba (added)


Comment:

 Gaba, this seems important, should we put it in the PT sponsor?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:  #30471| Points:  0.5
 Reviewer:|Sponsor:
--+
Changes (by phw):

 * parent:   => #30471


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #31103 [Core Tor/Tor]: Support ORPort picking a random port that persists across restarts

[Tor Bug Tracker & Wiki]

#31103: Support ORPort picking a random port that persists across restarts
--+
 Reporter:  phw   |  Owner:  (none)
 Type:  enhancement   | Status:  new
 Priority:  Medium|  Milestone:
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:  0.5   |   Reviewer:
  Sponsor:|
--+
 A bridge's transport port and OR port are semi-secret. We don't want a
 bridge to listen on port 9001 because it would facilitate Internet-wide
 scanning: a censor could scan the entire IPv4 address space for port 9001
 and block all bridges they discover this way. We therefore encourage
 operators to not set `ServerTransportListenAddr`, which makes Tor pick a
 random port and write it to its state file, so it persists across
 restarts. Bridge operators can then whitelist this port in their firewall
 configuration.

 Bridge operators may welcome a similar option for `ORPort`. However, when
 setting `ORPort` to auto, Tor attempts to find a new port each time it
 starts. This means that operators would have to re-configure their
 firewalls after each restart.

 In the short term, we should instruct operators to pick their own ports
 and explicitly set them for both `ORPort` and `ServerTransportListenAddr`
 but in the long term we may want `ORPort` to be able to pick a random port
 and save it to Tor's state file.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs