[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Cisco firewall filtering Tor?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Cisco firewall filtering Tor?
- From: "Jay Goodman Tamboli" <jay@xxxxxxxxxx>
- Date: Fri, 15 Jun 2007 18:02:13 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 15 Jun 2007 18:02:29 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=fr6b6B4zYhrjaJNKigEqDVYqws0TqD3jmoPxMJjzBGrymtAzBwBFyqmaV3UWoKh3/ucSLh/olHASuWSRAfgkmsHLbJLC6z7uNEz+nwMEJkJh7n2vjCZ7BMeitP931q7+jsFLXobSIIOU8k8YrB8c22p4U02Eb7FAm4xtyKj1M1k=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=CVBM4FDwlaxISYTAfNGwsB02HCPWen/yxXpo8W0EVvywc5eroTTX+r2VXMt9yrB/CS1S/ChsFv7p8pBKRepXxJswhEZSBCrb7DDaAC17fMceLgHZu5t/SVgNwnp1x6LKuOATatYZ0nXo23oitF3m0gautkijIuhT3f7/rxA6XLY=
- In-reply-to: <20070615013641.GE8429@xxxxxxxxxx>
- References: <b6bd62cf0706141711r15e54d50u1eb92479a617c35c@xxxxxxxxxxxxxx> <20070615013641.GE8429@xxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 6/14/07, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
Hey Jay!
Hey Mike!
AUTHENTICATE
SETEVENTS EXTENDED CIRC ORCONN
I'm not completely sure how to read this, but it's cleaner than the
debug log. I see various "failed" messages, like the following:
650 ORCONN kgabertgoldmine2 FAILED REASON=DONE NCIRCS=2
650 CIRC 1721 FAILED REASON=OR_CONN_CLOSED
650 CIRC 1722 FAILED REASON=TIMEOUT
It appears all the CIRC ... FAILED messages are due to OR_CONN_CLOSED
or TIMEOUT.
Might also be a good idea to kill tor, fire up wireshark
(www.wireshark.org), start a network capture, start tor, and let it
try to make some circuits for a bit. Then save the capture, and post
it and the control port info and possibly logs somewhere so we can
look at the results.
Oddly, Wireshark examination of tcpdump shows communications in both
directions, so it appears the firewall isn't blocking connections
completely.
Even more oddly, I set my home SSH server to listen on port 443, and
that works fine. That same machine is running as a tor server, so
either the firewall is blocking tor servers only on tor ports (but
then why can I see connections in the dump?) or they're not blocking
tor and something else is wrong.
If they are doing content-based filtering like this, it is likely they
are also blocking directory connections too..
I don't think so. I can telnet to BostonUCompSci (128.197.11.30) port
80 and send "GET /", and I get back what looks like Tor stuff. This is
another reason I suspect that it's a Tor issue rather than the
firewall blocking outright.
For what it's worth, I tried running with ReachableAddresses *:443
from an open network earlier today, and it worked fine.
Thanks for your help, everybody!
/jgt
--
http://tamboli.cx/