[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torproject.org censorship detection using RIPE atlas?



On Tue, Feb 18, 2014 at 02:03:58PM +0100, Max Jakob Maass wrote:
> I am currently running two RIPE Atlas probes [0] and had accumulated
> some points to use their measurement API, so I set up a measurement to
> check the SSL Certificate of torproject.org from as many countries as
> possible to detect MITM attacks on the website (mostly from state
> actors). I also requested the DNS A-Record for torproject.org (to
> check for falsified DNS records).

That's quite exciting -- thanks for sharing the data!

> Then, there are some US-american probes that are returning an
> SSL-Certificate for *.opendns.com instead of the correct result. I
> have no idea what's going on there, but as opendns is a sponsor of the
> RIPE atlas, it may be that they are hosting a bunch of probes behind a
> SSL-terminating firewall for some reason. Still, if someone wants to
> look into it, it may be interesting.

The probes might be using OpenDNS as their DNS resolver.  OpenDNS can block
website categories such as "proxy/anonymiser" which happens to contain
torproject.org.  When resolving a blocked domain, you are being redirected to
an OpenDNS page explaining what happened.  Every now and then, there are exit
relays which have the same problem.

Cheers,
Philipp
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk