[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32026 [Circumvention/Censorship analysis]: Using An Alternative To TCP To Avoid Packet Injection?



#32026: Using An Alternative To TCP To Avoid Packet Injection?
-----------------------------------------------+------------------------
 Reporter:  Aphrodites1995                     |          Owner:  (none)
     Type:  enhancement                        |         Status:  new
 Priority:  Medium                             |      Milestone:
Component:  Circumvention/Censorship analysis  |        Version:
 Severity:  Normal                             |     Resolution:
 Keywords:                                     |  Actual Points:
Parent ID:                                     |         Points:
 Reviewer:                                     |        Sponsor:
-----------------------------------------------+------------------------

Comment (by dcf):

 Replying to [comment:2 Aphrodites1995]:
 > So how exactly does the GFW get the IPs to ban?

 That's a big topic. See [https://research.torproject.org/techreports/ten-
 ways-discover-tor-bridges-2011-10-31.pdf Ten ways to discover Tor
 bridges]. In China, it's some combination of at least the following
 techniques:
  * Harvesting addreses from BridgeDB (this is private obfs4 bridges work,
 but ones from BridgeDB do not).
  * Extracting hard-coded addresses from source code or executable
 packages.
  * Running a client copy of Tor or Tor Browser in a black-box fashion and
 recording the addresses it connects to.
  * Running middle nodes and recording the addresses that connect to them.
  * Identifying the Tor protocol by its TLS handshake (when pluggable
 transports are not used).
  * Active probing to check whether a server really is a Tor bridge (works
 on plain Tor and obfs3, does not work on meek and obfs4).

 The blocking techniques affect more than Tor. Here is some of the
 background research.
  * [https://censorbib.nymity.ch/#Winter2012a How the Great Firewall of
 China is Blocking Tor] - active probing
  * [https://censorbib.nymity.ch/#Ling2012a Extensive Analysis and Large-
 Scale Empirical Evaluation of Tor Bridge Discovery] - harvesting from
 BridgeDB and running middle nodes (not about the GFW specifically)
  * [https://censorbib.nymity.ch/#Matic2017a Dissecting Tor Bridges: a
 Security Evaluation of Their Private and Public Infrastructures] -
 Internet-wide port scanning (not about the GFW specifically)
  * [https://www.bamsoftware.com/papers/thesis/#chap:proxy-probe Time
 delays in censor's reactions] - extracting addresses from code
  * [https://censorbib.nymity.ch/#Dunna2018a Analyzing China's Blocking of
 Unpublished Tor Bridges] - active probing

 There are short summaries of some of these papers at
 https://www.bamsoftware.com/papers/thesis/summaries.txt and
 https://groups.google.com/d/msg/traffic-obf/-z0gzKONGtI/r07EA8hUAAAJ.

 > How do you avoid them getting these IPs now?

 By using pluggable transports that are resistant to active probing and
 passive detection, which at the moment is obfs4 and meek.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32026#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs