[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Pluggable Transports and DPI

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Pluggable Transports and DPI
From: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Wed, 11 May 2016 19:40:17 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 May 2016 22:40:38 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=ZphZ6HIHwoZqQoawcisYBCp+uze3g/jyUI03Mjabv5o=; b=q0AsLLffDRwT3fX0mlL1scMVwL0+9cvpnrRALHBALSlmfBaB7PkLrOLzVxptludIqDUcMtDlO1pnG8OlrITsukwK4jz8OJd0lWi197KmMTD64cFBh9/yfeFtHE+HCrriKvg0iJX2b8GatNbAPCtCySwhbGsAqQKge77WmXjTLGw=;
In-reply-to: <20160508203747.GA25441@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-talk@xxxxxxxxxxxxxxxxxxxx, Justin <davisjustin002@xxxxxxxxx>
References: <C32F85D1-4226-4650-B38C-237D860D4F56@xxxxxxxxx> <20160508203747.GA25441@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.6.0 (2016-04-01)

On Sun, May 08, 2016 at 01:37:47PM -0700, David Fifield wrote:
> With the meek blocking, it might be that they are doing some kind of
> timing analysis, or it might be that we screwed up something simple like
> the TLS signature. Could you try it in these configurations?
> 	Tor Browser 5.5.5 https://blog.torproject.org/blog/tor-browser-555-released
> 	Tor Browser 6.0a5 https://blog.torproject.org/blog/tor-browser-60a5-released
> 	meek_lite in obfs4proxy
> TB 6.0a5 uses a different version of Firefox than 5.5.5, so the TLS
> signature might be different (I haven't checked yet). To run meek_lite,
> use a torrc file like this one:
> 	UseBridges 1
> 	ClientTransportPlugin meek_lite exec ./obfs4proxy
> 	Bridge meek_lite 0.0.3.0:5 url=https://meek-reflect.appspot.com/ front=www.google.com

Justin helped me by running some tests and we think we know how this
Cyberoam device is blocking meek connections. It blocks TLS connections
that have the Firefox 38's TLS signature and that have an SNI field that
is one of our front domains: www.google.com, a0.awsstatic.com,
ajax.aspnetcdn.com.

This blocking policy incurs some collateral damage: it blocks ordinary
Firefox 38 when visiting one of the above domains (we tried it)--but
changing the name even slightly, such as using google.com in place of
www.google.com, works. Perhaps there are few enough users of Firefox 38
that the level of false blocking is acceptable.
http://gs.statcounter.com/ says that Firefox 38 is now only 0.38% of
browsers (compared to 11.36% in June 2015 and Firefox 45's 9.73% now).

If this blocking affects you, one way to solve it is to use the 6.0a5
alpha release, which is based on Firefox 45 and has a different TLS
signature.
https://blog.torproject.org/blog/tor-browser-60a5-released
Another solution is to change the front domain to something else, for
exmaple using google.com instead of www.google.com. Instructions for
changing the front domain are here:
https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtochangethefrontdomain
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Pluggable Transports and DPI
  - From: Blake Hadley
- Re: [tor-talk] Pluggable Transports and DPI
  - From: David Fifield
- Re: [tor-talk] Pluggable Transports and DPI
  - From: Roger Dingledine

References:
- [tor-talk] Pluggable Transports and DPI
  - From: Justin
- Re: [tor-talk] Pluggable Transports and DPI
  - From: David Fifield

Prev by Author: Re: [tor-talk] Pluggable Transports and DPI
Next by Author: Re: [tor-talk] Pluggable Transports and DPI
Previous by thread: Re: [tor-talk] Pluggable Transports and DPI
Next by thread: Re: [tor-talk] Pluggable Transports and DPI
Index(es):
- Author
- Thread