[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] OBFS4 Blocking

On Thu, Nov 17, 2016 at 05:16:49AM -0600, Justin wrote:
> OBFS4 is blocked behind both filters. Cyberoam is doing some sort of
> timing attack, but I’m not sure what. When a bridge is used by lots of
> people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t
> fix the issue.

When you say a bridge has to be used by lots of people, how many is a
lot? Do those users also have to be behind the Cyberoam firewall, or can
they be somewhere else? (I wonder if the firewall is counting users, or

In https://bugs.torproject.org/20348 we are investigating the Kazakh
firewall that shows behavior consistent with your Cyberoam observations:
obfs4 bridges with lots of users are somehow dynamically detected and
blocked. For example,

https://bugs.torproject.org/20348#comment:60 suggests hacking the server
code to add some extra delays. Do you think something like that would
help? I suppose you would need it to be running on a heavily used bridge
in order to make a meaningful test.

> When I tried a bridge with not many users, it worked no
> matter what Iat mode was set at. Behind iBoss, they are fingerprinting
> Packet Interarrival times. Iat mode 1 and 2 worked no matter how much
> load the bridges had on them.

The next release of Tor Browser will have a few iat-mode=1 and
iat-mode=2 default bridges. See:
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to