On Wed, Oct 03, 2018 at 12:25:52PM +0000, ithor wrote:
> So a meek request is sent in clear-text. What exact information is given ?
> The exact ip address of the Azure server, its geolocation ?
The IP address of the Azure server you're connecting to. In the case of
meek-azure the firewall would also see that you supposedly want to connect to
"ajax.aspnetcdn.com", which is a common domain used by websites that are
hosted on Azure. The domain delivers some JavaScript code and whatnot. So you
should just look like a harmless web browser surfing the web on first sight.
> Could the DPI find out that this is being used for bootstrapping Tor ?
Perhaps with some clever traffic correlation or timing attacks, but not so
easily.
To also answer your question from the other mail in the thread: With encrypted
SNI, the firewall couldn't even see the fake destination (ajax.aspnetcdn.com)
your meek client sends.
This might be interesting in the future, but isn't in use with meek yet. For
more info on that topic, have a look at this thread:
https://lists.torproject.org/pipermail/tor-dev/2018-September/013452.html
--
OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
https://www.parckwart.de/pgp_key
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk