[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
From: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Tue, 21 Aug 2018 08:36:46 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Aug 2018 11:37:01 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=In-Reply-To:Content-Type:MIME-Version:References :Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding :Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9ICjFrosDKmKuA93kSoueDXeMcRgnf3B8Bifb6lP9lw=; b=lm8hueG2w1H67wUKZnpXX9NeDF W8nCZpKepoaew3KfoCbLg7rbqM4j0MbbOe3s888Q1Wxbo+sVlkexVf5JaV2TXoN2URwKpCFmtK8nK G3Dk006FYFUYpCTaSo4fhprjPvA2V3ZOgLV54URmfWZP5VaeMtKI8Jkf+mWSb9zO+mrc=;
In-reply-to: <CAKNc95GGtH+iM5SrJy-Nt5z5AsL9fYKba7iqr7zLnh2OCXz2Ow@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
References: <20180819225708.7somazpgjr7y63sv@bamsoftware.com> <CAKNc95Fq0iH5p88EH9QzvT7CyOTJv5f32LhPQR1PkMUkB3mO0A@mail.gmail.com> <20180820181553.kqgqm6hsguuw7wcy@bamsoftware.com> <CAKNc95GGtH+iM5SrJy-Nt5z5AsL9fYKba7iqr7zLnh2OCXz2Ow@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: NeoMutt/20180716

On Mon, Aug 20, 2018 at 02:25:40PM -0400, Nathaniel Suchy wrote:
> Interesting. Is there any reason to not use an obfuscated bridge?

No, not really. obfs4 resists active probing without any special
additional steps. But I can think of one reason why the MSS trick is
worth trying, anyway. Due to a longstanding bug (really more of a design
issue that's hard to repair), you can't run an obfs4 bridge without also
running a vanilla (unobfuscated) bridge on a different port on the same
IP address. So if anyone ever connects to that vanilla port, the bridge
will get probed and the entire IP address blocked, including the obfs4
port.
https://bugs.torproject.org/7349
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
  - From: Nathaniel Suchy

References:
- [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
  - From: David Fifield
- Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
  - From: Nathaniel Suchy
- Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
  - From: David Fifield
- Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
  - From: Nathaniel Suchy

Prev by Author: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
Next by Author: Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
Previous by thread: Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
Next by thread: Re: [tor-relays] Dropping packets with TCP MSS=1400 to foil GFW active probing
Index(es):
- Author
- Thread