[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Iran



On Sun, May 05, 2013 at 04:18:56PM +0300, George Kadianakis wrote:
> tor-admin <tor-admin@xxxxxxxxxx> writes:
> 
> > On Sunday 05 May 2013 14:50:51 George Kadianakis wrote:
> >> It would be interesting to learn which ports they currently whitelist,
> >> except from the usual HTTP/HTTPS.
> >> 
> >> I also wonder if they just block based on TCP port, or whether they
> >> also have DPI heuristics.
> >> 
> >> On the Tor side, it seems like we should start looking into #7875:
> >> https://trac.torproject.org/projects/tor/ticket/7875
> >> _______________________________________________
> > I am wondering if here is there a way for a user to ask bridgedb for a bridge 
> > with a specific port?
> > _______________________________________________
> > tor-dev mailing list
> > tor-dev@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 
> If I remember correctly BridgeDB tries (in a best-effort manner) to
> give users bridges that are listening on port 443. Obfuscated bridges
> that bind on 443 are not very common (because of #7875) so I guess
> that not many obfuscated bridges on 443 are given out.
> 
> In any case, I don't think that a user can explicitly ask BridgeDB for
> a bridge on a specific port, but this might be a useful feature
> request (especially if this "filtering based on TCP port" tactic
> continues).

This may be a good feature to have, in general, but it does not sound like
this will solve the current problem in Iran. The last report says
they're whitelisting ports *and* protocols[1]. So even if a user attempts
to use obfs3 on port 443 it'll likely be blocked because obfs3 is not a
look-like-https protocol. If we had a PT that encapsulated obfs3 inside
the body of http then this may work. CDA also says SSL/TLS connections
are throttled to 5% of the normal speed [2], so that's no fun either.

[1] https://twitter.com/CDA/status/331006059923795968
[2] https://twitter.com/CDA/status/331040305648369664
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev