[tor-bugs] #31701 [Circumvention/Obfs4]: Reachability tests for new obfs4 bridges

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 9 16:17:46 UTC 2020 

#31701: Reachability tests for new obfs4 bridges
---------------------------------------+--------------------------
 Reporter:  cohosh                     |          Owner:  cohosh
     Type:  defect                     |         Status:  assigned
 Priority:  Medium                     |      Milestone:
Component:  Circumvention/Obfs4        |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  reachability, measurement  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+--------------------------

Comment (by cohosh):

 Replying to [comment:4 sigvids]:
 > > I just re-ran these tests and looks like at least 2 bridges that were
 previously unreachable in China are now reachable again.
 >
 > I have seen some reports saying that the GFW will unblock blocked IP
 addresses after a period of time. One report for Outline (i.e.,
 Shadowsocks) says unblocking can happen after as little as three days.
 However, if you start reusing the server for the same purpose, it will be
 blocked again:
 >
 > https://github.com/Jigsaw-Code/outline-
 server/issues/193#issuecomment-405042583
 >
 > It's possible that this unblocking rule applies also to IP addresses
 scraped from web/email/moat.
 >
 Thanks! This is a useful link. Indeed, blocking seems to be very
 intermittent for all of our bridges.
 > > So perhaps the block list populated by BridgeDB scraping is not
 static.
 >
 > Are the reachability tests based on a single connection, or on multiple
 connections with a realistic volume of traffic? It's possible that the GFW
 uses other detection methods in addition to scraping. A thread on Github
 suggests that blocking can be triggered by factors that include (1) volume
 of traffic, (2) traffic being fully encrypted, (3) very high entropy, and
 (4) use of popular VPS locations. The pattern is initially an IP/port ban,
 and then if you change ports multiple times, you get a full IP ban:
 >
 > https://github.com/shadowsocks/shadowsocks-libev/issues/2288
 You can see the test script
 [https://github.com/cohosh/bridgetest/blob/master/obfs4test here]. This is
 run approximately 4x a day from our probe point.

 We do download a large(ish) file, but it's possible it doesn't look like
 realistic traffic to a censor. As far as blocking based on use or
 suspicious traffic patterns, that's possible but as far as we know private
 obfs4 bridges are still working in China, which leads us to believe that
 they are not blocking based on traffic patterns.
 >
 > > It also looks like there are some bridges that are no longer reachable
 in North America. Might be worth checking into that.
 >
 > Is it possible that the bridges that are no longer reachable in North
 America have been taken offline? I sometimes see complaints by volunteers
 that their bridges don't get any traffic. For example:
 Yes I suspect it is because the bridges are
 misconfigured/unmaintained/down etc.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31701#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list