[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor is out

     On Fri, 4 Apr 2008 18:28:35 +1100 (EST) bao song <michaelwprx@xxxxxxxxxxxx>
>> Yeah. We assume you have some way around your
>> firewall (e.g. open proxies,
>> friends, etc) but it's inconvenient and you don't
>> want to use it all
>> the time. But hopefully it's enough to get Tor
>> itself.
>The hard-working people at the firewall have managed
>to block every open proxy I'd been able to find in the
>past. If it's listed on any site that says it's
>listing 'open proxies,' it's blocked. Keeping Tor
>running was my last way around the firewall. I managed
>to download an early version of Tor when it was easier
>to find open proxies, then used Tor to keep Tor
>I'm not sure why I can't get bridges at this e-mail
>address, or (last Wednesday when Tor was running) by
>accessing bridges.torproject.org. I only got a single
>bridge, not a list, and the same bridge when I
>refreshed. If I checked 'use bridges' in Vidalia, Tor
>could not open a circuit using just the one bridge. So
>I unchecked the 'My ISB blocks Tor' button in Vidalia,
>and Tor built a circuit from the information it
>already had.
>Now, with Tor unable to build a circuit, the site to
>get bridges is, of course, blocked.
>> (We're looking into setting up a gmail autoresponder
>> -- apparently gmail
>> messages can be 20 megabytes. Handy.)
>> > b) Tor cannot easily 'bootstrap,' since the
>> > authoritative directory servers are all blocked.
>> Is that also true for Tor
>I'm running on Darwin, and on
>XP. Both were able to create a circuit Wednesday, but
>neither can create a circuit today.
>A few weeks ago, when I downloaded, I got
>about six bridges on the XP machine, but didn't bother
>(since it was working without them) on the Darwin
>machine. But now neither machine can build a circuit.
>> If so, can you describe your firewall in more detail
>> for us?
>According to an old, but still unblocked post, they
>use the SmartFilter filtering software.
>This is a Middle-East firewall that uses a US firm
>that provides them a list of every known site on the
>Internet (all numerical IP addresses are blocked, so
>only named sites can be accessed). All sites in the

    When you write, "all numerical IP addressed are
blocked", what do you mean exactly?  Numerical IP
addresses are, after all, the only way that TCP
connections of any kind do get made.  If all you have
is a host+domain name, you have to resolve it to an IP
address in order to establish a connection.  TCP and
IP know nothing about names.
     Also, SmartFilter would have to maintain a *lot*
of state information to keep track of the content of
all the resolver traffic and use a *lot* of CPU cycles
to use that state information to permit/deny forwarding
of SYN packets.  I doubt it could be done in any manner
that would be very practical for scaling up to a national
firewall's traffic load.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *