[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6140 [Tor Bridge]: Kazakhstan uses DPI to block Tor

To: undisclosed-recipients:;
Subject: [tor-bugs] #6140 [Tor Bridge]: Kazakhstan uses DPI to block Tor
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 13 Jun 2012 12:20:39 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 13 Jun 2012 08:20:58 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6140: Kazakhstan uses DPI to block Tor
------------------------+---------------------------------------------------
 Reporter:  runa        |          Owner:     
     Type:  task        |         Status:  new
 Priority:  normal      |      Milestone:     
Component:  Tor Bridge  |        Version:     
 Keywords:  dpi         |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------
 Two blog posts published in the beginning of March talks about Kazakhstan
 using DPI to block Tor. The posts say that Kazakhstan is identifying and
 blocking the SSL client key exchange during the setup of an SSL
 connection. It seems the Kazakhstan firewall finds something unique in the
 TLS "Server Hello" message as sent by the Tor relay or bridge and
 therefore blocks subsequent communications. IP address and TCP port are
 irrelevant to the censorship.

 From #6045 (where we discuss Ethiopia blocking Tor based on ServerHello),
 we know that:

   * The normal Tor Browser Bundle with a special bridge works; the bridge
 with the patch that causes the final hello done TLS record to be sent in a
 separate packet.
   * The three bridges in  https://blog.torproject.org/blog/update-
 censorship-ethiopia are also working in Kazakhstan. These are bridges with
 a patch that removes 0x0039 from SERVER_CIPHER_LIST.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6140>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #4935 [Company]: Need a host to serve webstats tarballs from
Next by Author: Re: [tor-bugs] #6045 [Tor Bridge]: Ethiopia blocks Tor based on ServerHello
Previous by thread: Re: [tor-bugs] #4935 [Company]: Need a host to serve webstats tarballs from
Next by thread: Re: [tor-bugs] #6140 [Censorship analysis]: Kazakhstan uses DPI to block Tor
Index(es):
- Author
- Thread