[tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 26 13:58:37 UTC 2013 

#9601: Cyberoam firewall blocks obfs2/3 bridge addresses
---------------------------+-----------------
     Reporter:  Sherief    |      Owner:  asn
         Type:  task       |     Status:  new
     Priority:  normal     |  Milestone:
    Component:  Obfsproxy  |    Version:
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+-----------------
Description changed by Sherief:

Old description:

> A user reported that his University uses Cyberoam firewall[0] and he
> can't establish any Tor connections since then. So I gave him the PT
> bundle with four working bridges one obfs2 and three obfs3, later he
> replied back with a log that shows that the firewall blocked all the
> bridges[1]
>
> isis said that it could be an sslmitm[2][3]. But according to sysrqb
> there is no ssl handshake to mitm. so something else was used.
>
> '''UPDATE''':
>
> I received another ticket complaining about Cyberoam, I pointed the user
> to normal TBB with normal bridges and it didn't work. Next I gave him PT
> bundle with 4 unpublished bridges and again he can't connect.
>
> I asked him to send me the debug log (see attached: VidaliaLog1.txt).
>
> [0]: https://rt.torproject.org/Ticket/Display.html?id=13271
> [1]: Log attached.
> [2]: https://blog.torproject.org/blog/security-vulnerability-found-
> cyberoam-dpi-devices-cve-2012-3372
> [3]: http://blogs.law.harvard.edu/herdict/2012/07/11/cyberoam-fixes-flaw-
> threatening-tor-users/

New description:

 User(s) reported that his University uses Cyberoam firewall[0] and he/she
 can't establish any Tor connections since then. So I gave him the PT
 bundle with four working bridges one obfs2 and three obfs3, later he
 replied back with a log that shows that the firewall blocked all the
 bridges[1]

 isis said that it could be an sslmitm[2][3]. But according to sysrqb there
 is no ssl handshake to mitm. so something else was used.

 '''UPDATE''':

 I received another ticket complaining about Cyberoam, I pointed the user
 to normal TBB with normal bridges and it didn't work. Next I gave him PT
 bundle with 4 unpublished bridges and again he can't connect.

 I asked him to send me the debug log (see attached: VidaliaLog1.txt).

 [0]: Help desk tickets related to Cyberoam #13271 #14345 #13563 #13786
 [1]: Log attached.
 [2]: https://blog.torproject.org/blog/security-vulnerability-found-
 cyberoam-dpi-devices-cve-2012-3372
 [3]: http://blogs.law.harvard.edu/herdict/2012/07/11/cyberoam-fixes-flaw-
 threatening-tor-users/

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9601#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list