There are even better solutions than this: 1. Port knocking: https://wiki.archlinux.org/index.php/Port_Knocking 2. Single-packet authorization: http://www.cypherpunks.ca/~iang/pubs/bridgespa-wpes.pdf
ScrambleSuit has implemented something like #2, and its paper (http://www.cs.kau.se/philwint/pdf/wpes2013.pdf) describes its authentication mechanisms as preventing detecting via network-wide scanning. However, I can’t say how it actually got implemented.
Aaron
On Dec 13, 2014, at 3:40 AM, Fabio Pietrosanti (naif) - lists lists@infosecurity.ch wrote:
On 12/13/14 1:33 AM, Vlad Tsyrklevich wrote:
I've attached a patch to warn bridge operators running with ORPort set to 443 or 9001 as a stop-gap measure.
IMHO the real point is that Tor, is not employing the techniques that used since decades by the COMSEC solutions in the radio-frequency, that is "frequency hopping".
On the internet we have TCP ports, on the radio-spectrum we have frequency.
Just apply the various, multiple, available, well documented techniques used to provide additional L1/L2 safety to the radio-frequency transmission techniques to Tor, et voilà, Tor would acquire important resiliency properties against massive scanning.
That's just a concept and approach, it would require a bit more of research, but i'm quite confident that would provide very important benefit compared to the minor performance issues introduced.
-- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev