Hi all,
here's a second chinese-probe discrimination behavior that should allow to detect them, and block it.
Like the TCP SYN one, this blocking tricks is based on the fact that the OS & software they run on their server pool to make active-tor-probing have to be highly optimized, as they need to manage a huge amount of outbound connections.
Does anyone would like to re-test this behaviour (also for Windows/OSX) and in case make a small patch for tor. Now i made testing with iptables && -j TARPIT .
It would be nice to have in Tor a set of configurable Timeout?
As any active probe present and future could have some timing issue, not being able to perfectly emulate the same conditions of a client, as active probes run on servers (and server get optimized if need to do high traffic).
-naif