[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5866 [Ooni]: Research on test to write.
#5866: Research on test to write.
--------------------+-------------------------------------------------------
Reporter: phobos | Owner: hellais
Type: task | Status: new
Priority: normal | Milestone: Sponsor H: June 2012
Component: Ooni | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Comment(by phobos):
Initial tests are:
* TTL Walking. This means that we do a UDP, TCP, ICMP traceroute to a
certain destination that we hypothesize is being blocked or the traffic to
it is being intercepted. If there is a noticable discrepancy between the
traceroutes to common ports (0, 53, 80, 123, 443), we presume that
filtering is going on and it is being performed on an (IP, port) pair
basis.
* Keyword injection. This means injecting keywords into certain data or
header fields of packets and detect if behavior changes between "good
keywords" and "bad keywords". We know for a fact that for example China
is doing keyword detection in skype and it is trivial to obtain the list
of "bad keywords".
* DNS Probing. This means taking a set of hostnames and trying to resolve
them with a set of DNS resolvers. If there is a difference between the
result for the same hostname across different DNS resolvers then something
wrong is happening. This technique has been used in Italy to detect and
map censorship across the country.
* HTTP requests. This means manipulating HTTP request headers and
checking if they are being mangled by the intercepting proxy. An example
of what can be done is capitalization of certain request fields. The back-
end server that receives the result should check to see if the
capitalization remains or it has been removed by the proxy. Another method
is to simply send requests and check for added headers in the response.
This technique was used to detect the squid proxy in use on Amtrak and
VIARail.
* URL lists. This is simply doing a GET request to a certain HTTP server
and checking if the returned content matches what is expected. This is
basically what most censorship detection tools do (Herdict, alkasir, etc.)
* Network latency. This means checking if the latency of the connection
to a certain server is congruent with its location. This method generally
does not perform as well as the others as it requires the discrepancy to
be very visible, but it has been used successfully in countries such as
Lebanon.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5866#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs