Hi, Thanks for running bridges!
On Wed, Dec 29, 2021 at 02:37:48PM +0000, Space Oddity via tor-relays wrote: > Hello Tor people, just me chipping in about recent event. > > Today, I discovered that somewhere around Dec, 22, all three of my recently > launched bridges have been censored on at least one network (MegaFon Moscow > AS25159). Metrics show a drastic traffic drop in the range of Dec, 21-23 for > all three bridges. > > Investigating further, I discovered (using tcptraceroute/nc) that all three > hosts > started responding with RSTs to all of their open ports (not only bridge ports > but SSH and other recently opened ports too). NATd source IP address was > unchanged from my usual one in every case. > > One of the bridges had distribution method set to HTTPS, and the other two > were distributed via Moat. All ran recent Tor 0.4.6.8 Docker image. > > NB: One of the bridges has incorrect 'First seen' date on the metrics portal - > it displays '2021-12-25' despite being launched several days prior. > > To summarize: > > 1. Bridge blocking happens via the common 'fast RST' method > 2. It happened relatively quickly (all bridges are less than 10 days uptime > by now). > 3. Somehow, all three of my recently launched bridges were blacklisted > despite > using different ASs/hosters/countries for each. Is it a coincidence, or > it's because Moat prefers to hand out newer bridges first, or due to > something else entirely? > Russia is enumerating and blocking Tor bridges. They've enumerated and blocked bridges twice: Dec 1st and during xmas (Dec 22-24). It's not clear how and how many bridges they've enumerated. Perhaps they're bypassing BridgeDB captcha[1]. I recommend following up this thread: https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021-12-01/1477 And if possible, please rotate your bridge IP address. > Also, I can not rule out that some step in my distribution chain was > compromised -- I gave out these bridges privately to a few friends. > I don't think so as I also saw my new bridges getting blocked during xmas too. > -- > Best regards, > Space Oddity. cheers, Gus [1] https://lists.torproject.org/pipermail/anti-censorship-team/2021-December/000208.html > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- The Tor Project Community Team Lead
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
