[metrics-bugs] #21014 [Metrics/Censorship analysis]: Turkey blocking of direct connections, 2016-12-12
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 18 19:11:09 UTC 2016
#21014: Turkey blocking of direct connections, 2016-12-12
-------------------------------------------+------------------------------
Reporter: mrphs | Owner: metrics-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Metrics/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: censorship block tr Turkey UX | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+------------------------------
Old description:
> After getting some reports on twitter about Tor being blocked in Turkey
> and some chat on IRC, <bypassemall> aka <trdpi> aka <kzdpi> ran some
> tests and found some interesting information about how Turkey is blocking
> vanilla Tor connections. I paste their findings here:
>
> {{{
>
> 16:48 < trdpi> 10 connections died in state handshaking (TLS) with SSL
> state SSLv2/v3 read server hello A in HANDSHAKE
> 16:48 < trdpi> after less than 10 seconds
> ...
> 16:55 < trdpi> this isp injects rst it seems
> 16:56 < trdpi> to both side, as i got 2 rst one legit and 2 not
> 16:57 < mrphs> oh apparently today is an special day in turkey
> ...
> 17:00 < trdpi> telneting to or port, no rsts. it triggered by something
> more than ip:port connection
> 17:01 < trdpi> yay, window trick for split req works for tr
> 17:02 < trdpi> magic tool allows to bypass vanilla tor censorship
> 17:04 < trdpi> so it's about ciphersuits or something
> 17:07 < trdpi> it's like kz, but obfs4 works
> 17:07 < trdpi> and kz do not rsts
> 17:07 < trdpi> it controlls connection
> 17:07 < trdpi> and tr like do not controlls and to inject fraud only
>
> }}}
New description:
Turkey Blocks article: https://turkeyblocks.org/2016/12/18/tor-blocked-in-
turkey-vpn-ban/
After getting some reports on twitter about Tor being blocked in Turkey
and some chat on IRC, <bypassemall> aka <trdpi> aka <kzdpi> ran some tests
and found some interesting information about how Turkey is blocking
vanilla Tor connections. I paste their findings here:
{{{
16:48 < trdpi> 10 connections died in state handshaking (TLS) with SSL
state SSLv2/v3 read server hello A in HANDSHAKE
16:48 < trdpi> after less than 10 seconds
...
16:55 < trdpi> this isp injects rst it seems
16:56 < trdpi> to both side, as i got 2 rst one legit and 2 not
16:57 < mrphs> oh apparently today is an special day in turkey
...
17:00 < trdpi> telneting to or port, no rsts. it triggered by something
more than ip:port connection
17:01 < trdpi> yay, window trick for split req works for tr
17:02 < trdpi> magic tool allows to bypass vanilla tor censorship
17:04 < trdpi> so it's about ciphersuits or something
17:07 < trdpi> it's like kz, but obfs4 works
17:07 < trdpi> and kz do not rsts
17:07 < trdpi> it controlls connection
17:07 < trdpi> and tr like do not controlls and to inject fraud only
}}}
--
Comment (by dcf):
dgoulet points to this Turkey Blocks article:
https://turkeyblocks.org/2016/12/18/tor-blocked-in-turkey-vpn-ban/. They
tested vanilla, obfs3, and obfs4, and also noted that the apparent rise in
the metrics graphs may be caused by miscounting. I append some quotations.
> The Turkey Blocks internet censorship watchdog has identified and
verified that restrictions on the Tor anonymity network and Tor Browser
are now in effect throughout Turkey.
> Other circumvention methods, including Tor’s bridged modes built to
evade [https://dlshad.net/bypassing-censorship-by-using-obfsproxy-and-
openvpn-ssh-tunnel/ similar restrictions imposed by the regime in Syria],
as well as custom VPN deployments, continue to remain available to
technically skilled users in the short-term.
> Turkey Blocks finds that the Tor direct access mode is now restricted
for most internet users throughout the country; Tor usage via bridges
including obfs3 and obfs4 remains viable, although we see indications that
obfs3 is being downgraded by some service providers with scope for similar
on restrictions obfs4. The restrictions are being implemented in tandem
with apparent degradation of commercial VPN service traffic.
> Direct Tor access restrictions started around 12 December 2016. Tor’s
direct mode is now entirely unusable via providers TTNet and UyduNet on
the residential broadband connections we tested. Deep Packet Inspection
(DPI) is likely used to disrupt the connection phase, which stalls around
the 10% mark.
>
> Connection is possible using obfs3 and obfs4 Tor bridges with both
providers. While obfs4 is effective across all configurations, obfs3
intermittently fails with TTNet.
> Where we expected a ''fall'' in usage corresponding to widespread
reports of failure to access the Tor network, charts instead show a huge
''increase'' in Tor usage over the same period.
> During tests we saw over a hundred connection attempts associated with a
single user connection request, leading us to favour the theory Tor
metrics have incorrectly counted these failed attempts in their overall
usage tally.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21014#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the metrics-bugs
mailing list