[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] torproject.org censorship detection using RIPE atlas?

Hash: SHA512

Hello everyone,

I am currently running two RIPE Atlas probes [0] and had accumulated
some points to use their measurement API, so I set up a measurement to
check the SSL Certificate of torproject.org from as many countries as
possible to detect MITM attacks on the website (mostly from state
actors). I also requested the DNS A-Record for torproject.org (to
check for falsified DNS records).

The results are preliminary, as a bunch of probes were completely
unable to connect to torproject.org (possibly due to censorship,
possibly due to bad luck in the selection of probes), but a few
interesting things surfaced so far:

First off, chinas results are actually quite interesting. A bunch of
probes got the correct certificate, one got a certificate signed by
apac.proxy.dsv.com, and a bunch of probes got no result at all
(probably being blocked). I'd have expected some sort of MITM or just
plain old blocking from China, but at least the SSL certificate seems
to be retrievable in many cases.

Then, there are some US-american probes that are returning an
SSL-Certificate for *.opendns.com instead of the correct result. I
have no idea what's going on there, but as opendns is a sponsor of the
RIPE atlas, it may be that they are hosting a bunch of probes behind a
SSL-terminating firewall for some reason. Still, if someone wants to
look into it, it may be interesting.

The results for the global SSL Measurements can be found at [1] and
[2], the one specific to china at [3]. Be careful when opening them in
your browser, as they contain large json-formatted strings, so you may
want to wget or curl them instead. Note that "no result" does not
necessarily mean that torproject.org is filtered, as the Atlas API
allows to schedule requests for offline probes, which will then fail
in this way.

As for the DNS survey, I have not had a chance to properly parse the
results yet, but you can download them at [4] (again, large JSON ahead).

Now for the real purpose of this mail: Has someone from the Tor
Project considered using the RIPE Atlas API to schedule these
measurements (a daily measurement ought to be enough) and
automatically parse the results to check for MITM, Censorship, and
maybe just plain old bad routing? The necessary API credits are easily
earned by hosting a single probe [5], or maybe someone is a member of
the RIPE NCC anyway, in which case he / she has basically unlimited
credits [6] anyway.

If someone wants to play around with the API without hosting a probe,
get in touch and I'll transfer you a bunch of credits (you'll have to
have an account with the RIPE NCC and have to be willing to disclose
the associated eMail address to me, as I need it for the transfer).

Feel free to use the data from the measurements and find more
interesting things in them, I'm curious what you can find.


[0] https://atlas.ripe.net
[1] https://atlas.ripe.net/api/v1/measurement/1443162/result/
[2] https://atlas.ripe.net/api/v1/measurement/1443266/result/
[3] https://atlas.ripe.net/api/v1/measurement/1443369/result/
[4] https://atlas.ripe.net/api/v1/measurement/1443161/result/
[5] https://atlas.ripe.net/get-involved/become-a-host/
[6] https://atlas.ripe.net/get-involved/members/
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to