[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 11 Apr 2013 07:42:21 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Apr 2013 03:42:29 -0400
In-reply-to: <043.18ff6d319b8767e70237ae92a0c5275d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.18ff6d319b8767e70237ae92a0c5275d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8591: GFW actively probes obfs2 bridges
-----------------------------------------------------------+----------------
 Reporter:  phw                                            |          Owner:  phw
     Type:  task                                           |         Status:  new
 Priority:  normal                                         |      Milestone:     
Component:  Censorship analysis                            |        Version:     
 Keywords:  obfs2, gfw, active probing, censorship, china  |         Parent:     
   Points:                                                 |   Actualpoints:     
-----------------------------------------------------------+----------------

Comment(by phw):

 Replying to [comment:9 arma]:

 > Replying to [comment:6 phw]:
 > > I quickly tested obfs3. It also gets probed but not blocked. The
 probes think it's talking obfs2 and send obfs2 handshake data to it. Since
 the handshake fails, it's probably not getting blocked.
 >
 > phw: did you figure out what triggers the obfs2 probe? Is it a number of
 characters? Or a lack of protocol identification? It seems non-obvious to
 me what they would DPI on to decide to do a probe. (If we're lucky,
 they're looking for redundancy in the protocol by basically doing a
 passive mitm on it -- if so, it means DPIing for obfs3 will be
 significantly messier, even if it isn't any more resistant to the follow-
 up probe.)

 I didn't. They might not even have a fingerprint. While testing, I got
 inconsistent results for many different setups. And as far as I know,
 David has even seen probes targeting telnet and plain-text HTTP. It looks
 like there is a lot of experimentation going on and their infrastructure
 might scale well. If you can afford to probe a lot, the fingerprints can
 become less accurate. So I would expect obfs3 to last as long as it'll
 take them to write active probing code for it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8591#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #8683 [Tor]: moria1 isn't voting for Fast flag when it should
Next by Author: Re: [tor-bugs] #3875 [Firefox Patch Issues]: TBB's Firefox should use optimistic data socks handshake variant
Previous by thread: Re: [tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges
Next by thread: Re: [tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges
Index(es):
- Author
- Thread