[tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 11 07:42:21 UTC 2013


#8591: GFW actively probes obfs2 bridges
-----------------------------------------------------------+----------------
 Reporter:  phw                                            |          Owner:  phw
     Type:  task                                           |         Status:  new
 Priority:  normal                                         |      Milestone:     
Component:  Censorship analysis                            |        Version:     
 Keywords:  obfs2, gfw, active probing, censorship, china  |         Parent:     
   Points:                                                 |   Actualpoints:     
-----------------------------------------------------------+----------------

Comment(by phw):

 Replying to [comment:9 arma]:

 > Replying to [comment:6 phw]:
 > > I quickly tested obfs3. It also gets probed but not blocked. The
 probes think it's talking obfs2 and send obfs2 handshake data to it. Since
 the handshake fails, it's probably not getting blocked.
 >
 > phw: did you figure out what triggers the obfs2 probe? Is it a number of
 characters? Or a lack of protocol identification? It seems non-obvious to
 me what they would DPI on to decide to do a probe. (If we're lucky,
 they're looking for redundancy in the protocol by basically doing a
 passive mitm on it -- if so, it means DPIing for obfs3 will be
 significantly messier, even if it isn't any more resistant to the follow-
 up probe.)

 I didn't. They might not even have a fingerprint. While testing, I got
 inconsistent results for many different setups. And as far as I know,
 David has even seen probes targeting telnet and plain-text HTTP. It looks
 like there is a lot of experimentation going on and their infrastructure
 might scale well. If you can afford to probe a lot, the fingerprints can
 become less accurate. So I would expect obfs3 to last as long as it'll
 take them to write active probing code for it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8591#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list