[tor-bugs] #8591 [Censorship analysis]: GFW actively probes obfs2 bridges
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 26 22:36:47 UTC 2013
#8591: GFW actively probes obfs2 bridges
-----------------------------------------------------------+----------------
Reporter: phw | Owner: phw
Type: task | Status: new
Priority: normal | Milestone:
Component: Censorship analysis | Version:
Keywords: obfs2, gfw, active probing, censorship, china | Parent:
Points: | Actualpoints:
-----------------------------------------------------------+----------------
Comment(by phw):
> Do you know what kind of probes where they? Did they actually complete
the obfs2 handshake?
I attached a log with some scanners (and slightly more verbose log
messages) in it.
I manually started pyobfsproxy with obfs2 and forwarded the traffic to a
local echo daemon. I then connected to the bridge from within .cn using
telnet and without sending any data. Tor was not involved. As a result, it
looks like obfs2's server-side traffic is enough to trigger the probes.
With respect to the attached log: it looks like some of the probes just
receive data and send nothing. Others send a little bit and the rest
completes the handshake and sends all the promised padding. However, not a
single probe seems to send actual application data. So I believe that they
are actually fingerprinting obfs2 and don't care what it transports. That
is probably smart since some people started tunneling their VPN traffic
over obfs2. The GFW can probably catch these poor folks as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8591#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list