[tor-bugs] #15198 [Censorship analysis]: Cyberoam blocking connections to Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 9 22:20:37 UTC 2015
#15198: Cyberoam blocking connections to Tor
-------------------------------------+----------------------
Reporter: ioerror | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Censorship analysis | Version:
Resolution: | Keywords: cyberoam
Actual Points: | Parent ID:
Points: |
-------------------------------------+----------------------
Comment (by yawning):
With what I believe to be an uncensored residential connection, one of the
3 scramblesuit bridges is down (`194.xxx.xxx.xxx:8455`), the rest
bootstrap fully. For the record, it's not a great idea to paste full
bridge configs like that but oh well, at least I can test them. If the
bad guys follow all of our track, that's a bunch of bridges burnt....
> it filters conections by protocol, ip address and port number - I
haven't yet fingerprinted the device upstream but I'll add information as
I find it.
Looking at the pcap file:
* `tcp.stream eq 0` (<-> `198.xxx.xxx.xxx:32784), SYN and 4 SYN
retransmissions. No SYN/ACK.
* `tcp.stream eq 1` (<-> `194.xxx.xxx.xxx:8455`), SYN and 4 SYN
retransmissions. No SYN/ACK. This is to be expected as the bridge
appears to be down, or at least not accepting any scramblesuit traffic.
* `tcp.stream eq 2` (<-> `95.xxx.xxx.xxx:57584`), SYN and 4 SYN
retransmissions. No SYN/ACK.
So, yes. All the PTs are getting caught either by a destination IP or
destination port filter, and no DPI is involved. You could try
scramblesuit, obfs3 and obfs4 to bridges that are running on 443, but all
of those protocols are clearly identifiable as "not TLS" so I would be
doubtful as if that would work unless the box is terrible.
Meek should work if the box doesn't do TLS MITM. You could also try using
meek without the domain fronting if they do do HTTPS MITM (as in all your
traffic just gets jammed into HTTP requests). It's blatantly obvious,
trivial to block, and if your threat model includes "thugs at the door for
using Tor", it would be a really bad idea, but it's an option.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15198#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list