[tor-talk] Pluggable Transports and DPI

Roger Dingledine arma at mit.edu
Thu May 12 04:19:29 UTC 2016


On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote:
> Justin helped me by running some tests and we think we know how this
> Cyberoam device is blocking meek connections. It blocks TLS connections
> that have the Firefox 38's TLS signature and that have an SNI field that
> is one of our front domains: www.google.com, a0.awsstatic.com,
> ajax.aspnetcdn.com.

Good stuff!

It's clear that they had a person look at the topic and decide on a way
to block it -- accepting some collateral damage and making a guess about
how many unhappy people it would produce. They benefited from the fact
that the customers behind this Cyberoam weren't an entire country, meaning
they were betting that a low collateral damage was not many people at all.

Do we know anything about how they decided to detect obfs4 (and what
collateral damage they decided was acceptable there)?

--Roger



More information about the tor-talk mailing list