[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses

Subject: Re: [tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 05 Sep 2013 21:21:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Sep 2013 17:22:11 -0400
In-reply-to: <047.66d1ebf634920846f226c7bf2d3b49c3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.66d1ebf634920846f226c7bf2d3b49c3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9601: Cyberoam firewall blocks obfs2/3 bridge addresses
---------------------------+-----------------
     Reporter:  Sherief    |      Owner:  asn
         Type:  task       |     Status:  new
     Priority:  normal     |  Milestone:
    Component:  Obfsproxy  |    Version:
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+-----------------

Comment (by asn):

 Replying to [comment:13 phw]:
 > Replying to [comment:9 asn]:
 >
 > > What's the actual fpr of the bridge at 212.112.[xx:443 xx:443]?
 >
 > This is actually 212.112.245.170:443 which is gabelmoo (it's a public
 relay address, hence no need to keep it secret). The user's Tor client
 expected `F2044413DAC2E02E3D6BCF4735A19BCA1DE97281` which is gabelmoo's
 fingerprint.
 >
 > > Also, what's up with the bridge at 109.91.xx? Why does it have the
 same fpr with the one that appeared in the first log? Did that guy mix up
 his torrc lines? Do you recognize the FA00CC092639AC.. fingerprint? Does
 it belong to one of the bridges you gave him?
 >
 > My theory is that `FA00CC092639AC62C03E148F4A10C2787C129668` is the
 fingerprint of the cyberoam certificate which is used to MitM the users
 behind the firewall. It might be an HTTPS proxy. gabelmoo's fingerprint is
 known from the consensus but the bridge's fingerprint was unknown.
 Therefore, the spoofed certificate was apparently accepted by the user's
 Tor client.
 >

 What confused me is that identity certificate of the bridge is presented:
 * In the v2 link handshake, during the SSL renegotiation.
 * In the v3 link handshake, using Tor cells (`AUTHENTICATE`, etc.)

 If Cyberoam was simply MITMing the SSL of HTTPS, why did Tor interpret
 `FA00CC0926...` as the identity fingerprint of the bridge? Or am I
 confused?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9601#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #9683 [Tor]: circuit_unlink_all_from_channel() is a performance bottleneck?
Next by Author: Re: [tor-bugs] #9599 [EFF-HTTPS Everywhere]: HTTPS Everywhere builds should be deterministic
Previous by thread: Re: [tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses
Next by thread: Re: [tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses
Index(es):
- Author
- Thread