[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] brdgrd: Protecting bridges from the GFC

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] brdgrd: Protecting bridges from the GFC
From: Philipp Winter <identity.function@xxxxxxxxx>
Date: Sun, 15 Apr 2012 17:24:41 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 15 Apr 2012 11:24:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=GH9gzHhXH6gbInnHMC+BjB7S4Q+TAB3o7ELrQMvdfJc=; b=PmKRlYR46QcbkbLgdpDc8bx4pk8Q1chOR8UIq8qYJ6fziwWbz7kQVMPQr3HKbRvmcN 5s9KSqZrK6sA//quonpbje+JtdryO3ArATDoxbU23/vjz4BYFenE03QP/ihxE9rqNi8T 7YPfmoL+yDBacRGGy/LPssh+n68DnLtImeGHhj7LKP6qQWQZkd77TaYXIG8rV+X1aNhk 7jH1Qy+esbmejH2Rdt5bNjyPfDbjwb34TN/J0TkugXBcCSXlKnQcvpIJH4BzSS2046HF sicOI3rQ0C9pQTXsHy4xAR65LFZip65yCYviAM40CDOLGjSgM5FVvgyoJvBgqNRvrm36 4e4w==
In-reply-to: <4F7ACA4E.1030505@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=2D081E16
References: <4F7ACA4E.1030505@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

> Basically, the tool achieves two things:
> - Evading the Chinese DPI engine by rewriting the TCP window size
>   during the TCP handshake. This leads to a fragmented cipher list
>   which does not seem to be recognized by the GFC.
> - Blocking scanners with two dirty hacks.

I removed the "two dirty hacks" because they sometimes made a bridge
unusable - especially if there is lots of packet loss between client and
bridge. So the tool only conducts window size rewriting now.

I've been testing it for several days on my EC2 bridge. The bridge has
seen many Chinese users and still remains unblocked.

Cheers,
Philipp
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] brdgrd: Protecting bridges from the GFC
  - From: Philipp Winter

Prev by Author: [tor-dev] brdgrd: Protecting bridges from the GFC
Next by Author: [tor-dev] Google Summer of Code Proposal - PathSupport counterpart for Stem
Previous by thread: [tor-dev] brdgrd: Protecting bridges from the GFC
Next by thread: [tor-dev] Self Introduction for GSoC 2012
Index(es):
- Author
- Thread