[tor-bugs] #7141 [Censorship analysis]: How is Pars Online blocking Tor?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 18 18:13:51 UTC 2012
#7141: How is Pars Online blocking Tor?
------------------------------------------+---------------------------------
Reporter: phw | Owner: phw
Type: task | Status: new
Priority: normal | Milestone:
Component: Censorship analysis | Version:
Keywords: dpi, censorship, block, iran | Parent:
Points: | Actualpoints:
------------------------------------------+---------------------------------
Some users reported that the Iranian ISP
"[https://en.wikipedia.org/wiki/Pars_Online Pars Online]" is (partially?)
blocking Tor.
One user looked into it and believes that Tor is identified based on the
server_name extension in the TLS client hello. It looks like DPI boxes
extract the domain and do a DNS lookup for it. If the domain resolves and
the relay/bridge is listening on port 443, the connection passes.
Apparently, an omitted server_name or a server_name rewritten to
`www.google.com` passed the filter.
Obfsproxy seems to work.
Some open questions:
* Can we reproduce and verify the existing hypothesis?
* Is this an attempt to only allow HTTPS and no other SSL/TLS-based
protocols? Or is it targeting only Tor?
* Can we modify [https://gitweb.torproject.org/brdgrd.git brdgrd] to
evade the server_name extraction?
* Is this type of block limited to Pars Online?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7141>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list