[tor-bugs] #12727 [Tor Browser]: Vanilla Tor Connectivity Issues In Iran -- Directory Authorities Blocked?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 29 00:29:40 UTC 2014
#12727: Vanilla Tor Connectivity Issues In Iran -- Directory Authorities Blocked?
-------------------------+-------------------------------------
Reporter: cda | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version: Tor: 0.2.4.13-alpha
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+-------------------------------------
Social media users and @mttp report that vanilla Tor no longer works.
Confirmed that Tor v0.2.2.35 out of the box fails to progress beyond:
{{{
Bootstrapped 5%: Connecting to directory server.
}}}
Same behavior confirmed on v0.2.4.23 built from source.
Fetched random bridge from bridges.tpo and applied to torrc, quickly
bootstrapped through bridge and successfully confirmed access through
check.tpo.
With stem-listed DAs, wrote python script to check connectivity to DAs
based on a simple TCP connect(). For OR port, if successful, the cert sha1
was retrieved.
Connect Test Results for directory authorities:
{{{
Tonga 82.94.251.203 (OR: 443 ,
14:C7:A1:55:82:1C:D4:81:5C:55:8F:25:E5:7F:CF:F0:3E:BF:67:30 ), (Dir: 80 ,
successful )
turtles 76.73.17.194 (OR: 9090 , timeout ), (Dir: 9030 , timeout )
dizum 194.109.206.212 (OR: 443 , timeout ), (Dir: 80 , timeout )
gabelmoo 212.112.245.170 (OR: 443 , timeout ), (Dir: 80 , timeout )
urras 208.83.223.34 (OR: 80 , timeout ), (Dir: 443 , timeout )
tor26 86.59.21.38 (OR: 443 , timeout ), (Dir: 80 , timeout )
moria1 128.31.0.39 (OR: 9101 ,
97:4B:DD:96:D3:21:1F:52:F9:8C:0A:BB:7C:27:3B:19:7F:02:5A:1D ), (Dir: 9131
, successful )
dannenberg 193.23.244.244 (OR: 443 , timeout ), (Dir: 80 , timeout )
Faravahar 154.35.32.5 (OR: 443 , timeout ), (Dir: 80 , timeout )
maatuska 171.25.193.9 (OR: 80 , timeout ), (Dir: 443 , timeout )
}}}
TCP traceroute to Faravahar dies at the Telecommunications Company of Iran
for all TCP ports (ICMP is fine).
{{{
traceroute to 154.35.32.5 (154.35.32.5), 30 hops max, 60 byte packets
1 [hop-1, responsive]
2 [hop-2, unresponsive]
3 [hop-3, responsive]
4 [hop-4, responsive]
5 78.38.255.100 (78.38.255.100) 1.300 ms 1.127 ms 1.334 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
[...]
}}}
Taken against the successful ICMP traceroute, the next hop hits
10.10.53.209 then exits Iran through PCCW Global. Based on the TCI's
history in past disruptions, that this would occur at the international
gateway is unsurprising and indicates that all users on unprivileged
networks are likely blocked unless using a bridge.
For posterity, 10.10.53.209 only has one open port, HTTP on 80, which
returns the "level 15 access" authentication message indicative that it is
a Cisco router.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12727>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list