[tor-talk] allow ssl-encapsulated connections to all tor relays. Stop L7

Aeris aeris+tor at imirhil.fr
Fri Mar 17 15:49:22 UTC 2017


> I think Ural means the initial handshake when connecting to the entry node
> is easily detectable and identifiable by a L7 firewall (which it is).

Initial handshake is L3 detectable too, and easier on L3 than on L7.
Guard node and directory servers IPs and ports are public.

For example, no need of DPI if you see traffic from not Tor node IP to 
212.47.237.95:9001. This is a Tor client connecting to one of my guards, here 
kitten3.
Or connection from not Tor node IP to 128.31.0.34:9131, this is a client 
looking for consensus data from moria1, one of the Tor directory authorities.

Adding STUNNEL encapsulation or obfuscation here change nothing.

Regards,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20170317/77120581/attachment.sig>


More information about the tor-talk mailing list