On Friday, December 16, 2022, 8:07:46 AM PST, meskio <meskio@torproject.org> wrote:

Quoting Gary C. New via tor-relays (2022-12-10 04:20:48)
>> What is the status of Bug #7349 - Obfsbridges should be able to "disable"
>> their ORPort?
>> https://bugs.torproject.org/tpo/core/tor/7349
>> I recently setup a loadbalanced OBFS4 bridge and would prefer not to expose the ORPort to the World.
>> I've noticed that some of the tasks to make this possible have been implemented, but it isn't clear whether everything needed is in place as I receive a bridge/relay down status on metrics.torproject.org when the ORPort isn't exposed to the World.

> We do still need the ORPort reachable. The bridge authority does use that port
> to check if the bridge is running (marking the 'running' flag to it). We are
> still using that flag to decide what bridges are distributed, we'll like to
> revisit that in the future. But for now, please expose the ORPort to the world.

meskio,

Presently, it sounds like security through obscurity (hide the Tor listener on a publicly-facing port, not within nmap's default top-1000 most scanned ports, and among a number of publicly-facing, non-Tor ports with a touch of Snort or Suricata IPS is the best solution for now)?

Hopefully, it won't take another 10 years to implement this security request and improve Tor Bridge survival rates.

I appreciate the status update of Bug #7349.

BTW... My bridge has been running for about a week. I am able to successfully connect to it manually. When should I expect to see stats for my bridge? Currently, I continue to receive the message "no resources for the given id."

Thank you for your assistance.

Respectfully,


Gary

This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)