[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] brdgrd: Protecting bridges from the GFC



> Basically, the tool achieves two things:
> - Evading the Chinese DPI engine by rewriting the TCP window size
>   during the TCP handshake. This leads to a fragmented cipher list
>   which does not seem to be recognized by the GFC.
> - Blocking scanners with two dirty hacks.

I removed the "two dirty hacks" because they sometimes made a bridge
unusable - especially if there is lots of packet loss between client and
bridge. So the tool only conducts window size rewriting now.

I've been testing it for several days on my EC2 bridge. The bridge has
seen many Chinese users and still remains unblocked.

Cheers,
Philipp
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev