[tor-talk] torproject.org censorship detection using RIPE atlas?
Max Jakob Maass
max at velcommuta.de
Tue Feb 18 13:03:58 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello everyone,
I am currently running two RIPE Atlas probes [0] and had accumulated
some points to use their measurement API, so I set up a measurement to
check the SSL Certificate of torproject.org from as many countries as
possible to detect MITM attacks on the website (mostly from state
actors). I also requested the DNS A-Record for torproject.org (to
check for falsified DNS records).
The results are preliminary, as a bunch of probes were completely
unable to connect to torproject.org (possibly due to censorship,
possibly due to bad luck in the selection of probes), but a few
interesting things surfaced so far:
First off, chinas results are actually quite interesting. A bunch of
probes got the correct certificate, one got a certificate signed by
apac.proxy.dsv.com, and a bunch of probes got no result at all
(probably being blocked). I'd have expected some sort of MITM or just
plain old blocking from China, but at least the SSL certificate seems
to be retrievable in many cases.
Then, there are some US-american probes that are returning an
SSL-Certificate for *.opendns.com instead of the correct result. I
have no idea what's going on there, but as opendns is a sponsor of the
RIPE atlas, it may be that they are hosting a bunch of probes behind a
SSL-terminating firewall for some reason. Still, if someone wants to
look into it, it may be interesting.
The results for the global SSL Measurements can be found at [1] and
[2], the one specific to china at [3]. Be careful when opening them in
your browser, as they contain large json-formatted strings, so you may
want to wget or curl them instead. Note that "no result" does not
necessarily mean that torproject.org is filtered, as the Atlas API
allows to schedule requests for offline probes, which will then fail
in this way.
As for the DNS survey, I have not had a chance to properly parse the
results yet, but you can download them at [4] (again, large JSON ahead).
Now for the real purpose of this mail: Has someone from the Tor
Project considered using the RIPE Atlas API to schedule these
measurements (a daily measurement ought to be enough) and
automatically parse the results to check for MITM, Censorship, and
maybe just plain old bad routing? The necessary API credits are easily
earned by hosting a single probe [5], or maybe someone is a member of
the RIPE NCC anyway, in which case he / she has basically unlimited
credits [6] anyway.
If someone wants to play around with the API without hosting a probe,
get in touch and I'll transfer you a bunch of credits (you'll have to
have an account with the RIPE NCC and have to be willing to disclose
the associated eMail address to me, as I need it for the transfer).
Feel free to use the data from the measurements and find more
interesting things in them, I'm curious what you can find.
Max
[0] https://atlas.ripe.net
[1] https://atlas.ripe.net/api/v1/measurement/1443162/result/
[2] https://atlas.ripe.net/api/v1/measurement/1443266/result/
[3] https://atlas.ripe.net/api/v1/measurement/1443369/result/
[4] https://atlas.ripe.net/api/v1/measurement/1443161/result/
[5] https://atlas.ripe.net/get-involved/become-a-host/
[6] https://atlas.ripe.net/get-involved/members/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJ8BAEBCgBmBQJTA1o8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx
NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJeh4gQAI1wlaq9rtG15GfI1vr7wb7p
5VIpQwyL9RCVd0V83VhzNSiOSK/4pEVB6Xv9YPpq/cSjlmOjsjl2+dx/8Xab4o7I
2IYiCbs3ozlRqNVOIccGJPbsIFIpsVGPbiH6rU/86xDV3FXym3aaYKemm8OVetNk
VK3xrzQYXvYrkqy1Z2q2KwEZRYPCJ+UBBfsDa7qiel1/1mvWA/NLmyFKGuYV0Y+W
xnvuyUV1iD3sVKm71ARs1dlX/aiWZhleIGVtBsdygibBvromIM11dVX80PrLXU9Q
L86nx2NslUgymmuXE+20fMJwjRmCR0OxtjTwPkHIKzOuA9Gkiwa8wFuYWdZZgW2M
UTvfpC/65h52iFKa387DX7P3QUNYMk5exnrP1yxlw0mIzvJITM/yH4Ig3K/8Sq78
2PtcdXYFDIcyWcdlg0mm+d1ZkDmlUco9NZu05hjHgkefzgrt+ofKClpCC9GO5w/6
QFDcKvxtTVba+85ml3xtQvL8zLJMtkjqgk2ezw4TjXsi1gQN1O+KQFmTqWX6OCv8
/Jast91/Tn4JjlT6OK131E76PL3AcOnDy/13ANOiPlJJUvPpThgT5bTJmGHIOjh1
KVl8woKDWPCF5eZ+qZgMvmgbXFLcZaiHRHDSwJLhrudrbuqIZHTzpPJwtueeDbFh
9Y2OQYxLMx7WX0kzvi3V
=myeI
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list