[tor-bugs] #4185 [Tor Bridge]: Bridge easily detected by GFW

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Dec 29 13:12:48 UTC 2011

#4185: Bridge easily detected by GFW
 Reporter:  hrimfaxi    |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: unspecified  
Component:  Tor Bridge  |        Version:  Tor:
 Keywords:  blocking    |         Parent:                    
   Points:              |   Actualpoints:                    
Changes (by naif):

 * cc: naif (added)


 Checked several IP of them,  it seems that most of them are dynamic IP
 addresses of DSL and PPP running variety of OS, from Windows 2003 with
 Terminal Service, Linux with Mysql, cheap home router.

 Some questions:
 a) After the SSL negotiation, does the GFW probes also send an HTTP
 request or just finish the SSL handshake and close it?

 b) Does the prober announce a specific/detectable set of SSL/TLS

 c) Does anyone checked actively with OS fingerprinting tools if the
 "prober's OS" can be recognized?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4185#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list