[tor-talk] Pluggable Transports and DPI

Justin davisjustin002 at gmail.com
Fri May 6 23:47:10 UTC 2016


Hi,
I have a DPI box that I use to test pluggable transports with.  I also test other circumvention tools against it just to see how good it is.  Manufacturer is Cyberoam.  About 6 or 8 weeks ago, Cyberoam released a DPI engine update that could filter normal Tor and the following pluggable transports:
OBFS3
OBFS4
Scramblesuit
About a week ago, Cyberoam released another update to its application filter.  This update allows it to filter all Meek connections without doing a man in the middle on the TLS or anything.  When I try to load www.google.com <http://www.google.com/>, it loads fine in a normal Firefox.  When I use Meek, it fails and the Cyberoam logs a Tor Proxy attempt.  The only transport that still works is FTE.  I was talking with Arma on the Tor IRC channel a wile ago, and he suggested that I use Tcpreplay and send in a copy of what Cyberoam is fingerprinting.  I will have to wait a wile until I do this, because the school year hasn’t ended yet.  I’m sending out this message to alert Tor users of the new threat and also to see what some solutions may be, E.G new transports in the works.
Thanks, and stay safe.
Justin.


More information about the tor-talk mailing list