[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30500 [Circumvention/Censorship analysis]: Can the GFW still do DPI for "new" vanilla Tor?
#30500: Can the GFW still do DPI for "new" vanilla Tor?
-------------------------------------------------+-------------------------
Reporter: phw | Owner: (none)
Type: task | Status: assigned
Priority: Low | Milestone:
Component: Circumvention/Censorship | Version:
analysis |
Severity: Normal | Keywords: gfw, china
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
I heard from a team of researchers that they failed to get their vanilla
bridge probed by the GFW, despite connections from several vantage points
in China. I set out to test this myself. Here are the results:
1. I repeatedly established a vanilla Tor connection from a VPS in China
(running 0.3.2.10) to a bridge in the U.S. (running 0.2.9.16, and later
0.4.1.0-alpha-dev).
2. All bridge connections bootstrapped to 100%. There was neither active
probing nor blocking.
3. I then used the tool [https://github.com/nullhypothesis/tcis tcis] on
the China VPS to simulate a Tor handshake. The tool creates a TLS client
hello as sent by a rather old Tor version -- I don't remember how old,
exactly.
4. After running tcis, I immediately got my bridge probed and blocked.
The above makes me wonder if newer Tor versions changed their TLS
handshake in a way that the GFW's DPI rules haven't caught up yet. It
would be interesting to test this hypothesis and, if it's true, to find
out what Tor changed in its TLS handshake.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30500>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs