Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • P pluggable transports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 5
    • Issues 5
    • List
    • Boards
    • Service Desk
    • Milestones
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Jobs
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Anti-censorship
  • Pluggable Transports
  • pluggable transports
  • Issues
  • #17057
Closed
Open
Issue created Sep 14, 2015 by Trac@tracbot

add reverse proxy to bridges

pluggable transports mimic normal traffic like http. an adversary who is scanning all http traffic in his country could make a list of all the http servers that produce legit amounts of traffic. he then scans all the servers and exclude those which provide legit services. the only servers left now are bridges and a few hidden or password protected services.

he then can block the connection and wait if the client connects to a similar service. if he does the adversary can repeat and collect more bridges until the user gives up.

this could be prevented if the bridge provided an actual service. but this cannot be something like a generic website because it could easily be identified. if the bridge provided a reverse proxy instead then a real web service could be connected. it would look like normal load balancing or normal hosting if the site was only available under the bridge ip.

Trac:
Username: elypter

Assignee
Assign to
Time tracking