[tor-dev] A way to block chinese active probe

Fabio Pietrosanti (naif) lists at infosecurity.ch
Mon Jan 9 23:49:00 UTC 2012


Hi all,

here's a second chinese-probe discrimination behavior that should allow
to detect them, and block it.

http://pastebin.com/RNcNDYcw

Like the TCP SYN one, this blocking tricks is based on the fact that the
OS & software they run on their server pool to make active-tor-probing
have to be highly optimized, as they need to manage a huge amount of
outbound connections.

Does anyone would like to re-test this behaviour (also for Windows/OSX)
and in case make a small  patch for tor.
Now i made testing with iptables && -j TARPIT .

It would be nice to have in Tor a set of configurable Timeout?

As any active probe present and future could have some timing issue, not
being able to perfectly emulate the same conditions of a client, as
active probes run on servers (and server get optimized if need to do
high traffic).

-naif


More information about the tor-dev mailing list