[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15198 [Censorship analysis]: Cyberoam blocking connections to Tor
#15198: Cyberoam blocking connections to Tor
-------------------------------------+----------------------
Reporter: ioerror | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Censorship analysis | Version:
Resolution: | Keywords: cyberoam
Actual Points: | Parent ID:
Points: |
-------------------------------------+----------------------
Comment (by ioerror):
My upstream router is 10.1.79.254:
{{{
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
|_ssh-hostkey: 2048 d9:87:8d:95:bc:1f:39:8d:de:ac:39:1a:6c:09:6f:02 (RSA)
23/tcp open telnet Cisco or Edge-core switch telnetd
53/tcp filtered domain
443/tcp open ssl/https?
| ssl-cert: Subject:
commonName=10.1.1.102/organizationName=Company/stateOrProvR
| Issuer:
commonName=10.1.1.102/organizationName=Company/stateOrProvinceName=TRR
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2012-01-01 00:40:28
| Not valid after: 2030-01-01 23:59:59
| MD5: 4b3f 4f84 9829 5999 a8f4 2f9b 7e2c aa96
|_SHA-1: fa53 a205 d594 8d10 f2f2 e4c3 3a3a 4642 00f2 da46
|_http-favicon: Unknown favicon MD5: 18D5AC51642E84F0B7E8F6815743FC50
2 services unrecognized despite returning data. If you know the
service/version:
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port22-TCP:V=6.00%I=7%D=3/9%Time=54FD93A1%P=i686-pc-linux-gnu%r(NULL,18
SF:,"SSH-2\.0-Mocana\x20SSH\x205\.8\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=6.00%T=SSL%I=7%D=3/9%Time=54FD93A7%P=i686-pc-linux-gnu%r(
SF:GetRequest,18B,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20eHTTP\x20v2\.0\r\n
SF:Connection:\x20close\r\nContent-Type:\x20text/html\r\nContent-Length:\x
SF:20115\r\nCache-Control:\x20no-cache\r\nX-Frame-Options:\x20SAMEORIGIN\r
SF:\nSet-Cookie:\x20sessionId\x20=B7EOzZZKNE4eHGJJwyDa5AdaS4ZnZWWSMinhJYuR
SF:HAPTpu3so6Tg9y23rmXDyp3;path=/;\x20Secure,\x20postId=;\x20Secure;\x20\r
SF:\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=\"Refresh\"\r\ncontent=\"
SF:1;url=html/login\.html\">\r\n</head>\r\n\r\n<body>\r\n</body>\r\n</html
SF:>\r\n")%r(FourOhFourRequest,619,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20e
SF:HTTP\x20v2\.0\r\nConnection:\x20close\r\nContent-Type:\x20text/html\r\n
SF:Content-Length:\x201402\r\nCache-Control:\x20no-cache\r\nX-Frame-Option
SF:s:\x20SAMEORIGIN\r\n\r\n<html>\n<head>\n<script\x20type=\"text/javascri
SF:pt\">\n/\*\x20clearing\x20the\x20cookies\x20when\x20session\x20timed\x2
SF:0out\x20\*/\nfunction\x20delete_cookie\x20\(\x20cookie_name\x20\)\n{\n\
SF:x20\x20var\x20cookie_date\x20=\x20new\x20Date\x20\(\x20\);\x20\x20//\x2
SF:0current\x20date\x20&\x20time\n\x20\x20cookie_date\.setTime\x20\(\x20co
SF:okie_date\.getTime\(\)\x20-\x201\x20\);\n\x20\x20document\.cookie\x20=\
SF:x20cookie_name\x20\+=\x20\"=;\x20expires=\"\x20\+\x20cookie_date\.toGMT
SF:String\(\);\n}\ndelete_cookie\x20\(\x20\"sessionId\"\x20\);\nvar\x20ssl
SF:\x20=\x202;\nvar\x20port=\x20443;\nvar\x20ipv6Redirect;\nfunction\x20is
SF:Ipv6\(\)\n\x20\x20\x20\x20{\n\x20\x20\x20\x20\x20\x20\x20\x20var\x20ip=
SF:\x20\"10\.1\.79\.254\";\n\x20\x20\x20\x20if\x20\(ip\.indexOf\(\":\"\)\x
SF:20>=\x200\)\n\t{\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
SF:x20\x20\x20var\x20str=ip\.toString\(\);\n\t\tif\(str\.indexOf\(\"%\"\)\
SF:x20>=\x200\)\n\t\t{\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\tipv6Redirect=str\.substring\(0,str\.indexOf\(\"%\"\)\);
SF:\n\t\t}\n\t\telse\n\t\t{\n\t\t\tipv6Redirect=str;\n\t\t}\n\x20\x20\x20\
SF:x20\x20\x20\x20\x20\treturn\x20true;\n\t}\n\x20\x20\x20\x20return\x20fa
SF:lse;\n\x20\x20\x20\x20}\x20\nif\(ssl\x20==\x202\)\n{\n\tif\(isI");
MAC Address: 24:BE:05:31:C7:00 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see
http://.
TCP/IP fingerprint:
OS:SCAN(V=6.00%E=4%D=3/9%OT=22%CT=1%CU=35625%PV=Y%DS=1%DC=D%G=Y%M=24BE05%TM
OS:=54FD941E%P=i686-pc-linux-
gnu)SEQ(SP=72%GCD=1%ISR=96%TI=I%CI=I%II=I%SS=S
OS:%TS=A)SEQ(SP=8E%GCD=1%ISR=96%TI=I%CI=I%TS=A)OPS(O1=M5B4NW1NNSNNT11%O2=M5
OS:78NW1NNSNNT11%O3=M280NW1NNT11%O4=M5B4NW1NNSNNT11%O5=M218NW1NNSNNT11%O6=M
OS:109NNSNNT11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%
OS:DF=Y%T=41%W=FFFF%O=M5B4NW1NNS%CC=N%Q=)T1(R=Y%DF=Y%T=41%S=O%A=S+%F=AS%RD=
OS:0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF
OS:=N%T=1%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=1%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T7(R=Y%DF=N%T=1%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=100%IP
OS:L=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=100%CD=S)
Uptime guess: 11.383 days (since Thu Feb 26 03:25:44 2015)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=136 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Device: switch
TRACEROUTE
HOP RTT ADDRESS
1 26.19 ms 10.1.79.254
NSE: Script Post-scanning.
Initiating NSE at 12:37
Completed NSE at 12:37, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at
http.
Nmap done: 1 IP address (1 host up) scanned in 135.55 seconds
Raw packets sent: 1134 (54.692KB) | Rcvd: 1085 (46.188KB)
}}}
Attempting to use normal bridges also fails:
{{{
UseBridges 1
bridge 193.28.228.45:443
bridge 87.238.161.57:444
bridge [2a00:7000:3:0:216:3eff:fe9f:34d7]:443
}}}
Route table:
{{{
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 10.1.79.254 0.0.0.0 UG 0 0 0
wlan0
10.1.64.0 0.0.0.0 255.255.240.0 U 0 0 0
wlan0
}}}
Log:
{{{
Mar 09 12:45:37.000 [notice] Tor 0.2.5.10 (git-43a5f3d91e726291) opening
log file.
Mar 09 12:45:37.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Mar 09 12:45:37.000 [notice] Parsing GEOIP IPv6 file
/usr/share/tor/geoip6.
Mar 09 12:45:37.000 [notice] Bootstrapped 0%: Starting
Mar 09 12:45:38.000 [notice] Delaying directory fetches: No running
bridges
Mar 09 12:45:39.000 [notice] Bootstrapped 5%: Connecting to directory
server
Mar 09 12:45:39.000 [warn] Problem bootstrapping. Stuck at 5%: Connecting
to directory server. (Network is unreachable; NOROUTE; count 1;
recommendation warn)
Mar 09 12:45:39.000 [notice] Bootstrapped 10%: Finishing handshake with
directory server
Mar 09 12:47:46.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing
handshake with directory server. (Connection timed out; TIMEOUT; count 3;
recommendation warn)
Mar 09 12:47:46.000 [warn] 1 connections have failed:
Mar 09 12:47:46.000 [warn] 1 connections died in state handshaking (Tor,
v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
}}}
pcap generated like so:
{{{
tcpdump -v -i wlan0 -s0 -w cyberoam-regular-bridge-000.pcap
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15198#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs