[tor-bugs] #5866 [Ooni]: Research on test to write.

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 23 20:59:05 UTC 2012 

#5866: Research on test to write.
--------------------+-------------------------------------------------------
 Reporter:  phobos  |          Owner:  hellais             
     Type:  task    |         Status:  new                 
 Priority:  normal  |      Milestone:  Sponsor H: June 2012
Component:  Ooni    |        Version:                      
 Keywords:          |         Parent:                      
   Points:          |   Actualpoints:                      
--------------------+-------------------------------------------------------

Comment(by phobos):

 Initial tests are:

  * TTL Walking. This means that we do a UDP, TCP, ICMP traceroute to a
 certain destination that we hypothesize is being blocked or the traffic to
 it is being intercepted. If there is a noticable discrepancy between the
 traceroutes to common ports (0, 53, 80, 123, 443), we presume that
 filtering is going on and it is being performed on an (IP, port) pair
 basis.

  * Keyword injection. This means injecting keywords into certain data or
 header fields of packets and detect if behavior changes between "good
 keywords" and "bad keywords".  We know for a fact that for example China
 is doing keyword detection in skype and it is trivial to obtain the list
 of "bad keywords".

  * DNS Probing. This means taking a set of hostnames and trying to resolve
 them with a set of DNS resolvers. If there is a difference between the
 result for the same hostname across different DNS resolvers then something
 wrong is happening. This technique has been used in Italy to detect and
 map censorship across the country.

  * HTTP requests. This means manipulating HTTP request headers and
 checking if they are being mangled by the intercepting proxy. An example
 of what can be done is capitalization of certain request fields. The back-
 end server that receives the result should check to see if the
 capitalization remains or it has been removed by the proxy. Another method
 is to simply send requests and check for added headers in the response.
 This technique was used to detect the squid proxy in use on Amtrak and
 VIARail.

  * URL lists. This is simply doing a GET request to a certain HTTP server
 and checking if the returned content matches what is expected. This is
 basically what most censorship detection tools do (Herdict, alkasir, etc.)

  * Network latency. This means checking if the latency of the connection
 to a certain server is congruent with its location. This method generally
 does not perform as well as the others as it requires the discrepancy to
 be very visible, but it has been used successfully in countries such as
 Lebanon.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5866#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list