[tor-bugs] #15198 [Censorship analysis]: Cyberoam blocking connections to Tor

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 9 12:49:13 UTC 2015


#15198: Cyberoam blocking connections to Tor
-------------------------------------+----------------------
     Reporter:  ioerror              |      Owner:
         Type:  defect               |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Censorship analysis  |    Version:
   Resolution:                       |   Keywords:  cyberoam
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+----------------------

Comment (by ioerror):

 My upstream router is 10.1.79.254:

 {{{
 PORT    STATE    SERVICE    VERSION
 22/tcp  open     ssh        (protocol 2.0)
 |_ssh-hostkey: 2048 d9:87:8d:95:bc:1f:39:8d:de:ac:39:1a:6c:09:6f:02 (RSA)
 23/tcp  open     telnet     Cisco or Edge-core switch telnetd
 53/tcp  filtered domain
 443/tcp open     ssl/https?
 | ssl-cert: Subject:
 commonName=10.1.1.102/organizationName=Company/stateOrProvR
 | Issuer:
 commonName=10.1.1.102/organizationName=Company/stateOrProvinceName=TRR
 | Public Key type: rsa
 | Public Key bits: 1024
 | Not valid before: 2012-01-01 00:40:28
 | Not valid after:  2030-01-01 23:59:59
 | MD5:   4b3f 4f84 9829 5999 a8f4 2f9b 7e2c aa96
 |_SHA-1: fa53 a205 d594 8d10 f2f2 e4c3 3a3a 4642 00f2 da46
 |_http-favicon: Unknown favicon MD5: 18D5AC51642E84F0B7E8F6815743FC50
 2 services unrecognized despite returning data. If you know the
 service/version:
 ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
 SF-Port22-TCP:V=6.00%I=7%D=3/9%Time=54FD93A1%P=i686-pc-linux-gnu%r(NULL,18
 SF:,"SSH-2\.0-Mocana\x20SSH\x205\.8\r\n");
 ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
 SF-Port443-TCP:V=6.00%T=SSL%I=7%D=3/9%Time=54FD93A7%P=i686-pc-linux-gnu%r(
 SF:GetRequest,18B,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20eHTTP\x20v2\.0\r\n
 SF:Connection:\x20close\r\nContent-Type:\x20text/html\r\nContent-Length:\x
 SF:20115\r\nCache-Control:\x20no-cache\r\nX-Frame-Options:\x20SAMEORIGIN\r
 SF:\nSet-Cookie:\x20sessionId\x20=B7EOzZZKNE4eHGJJwyDa5AdaS4ZnZWWSMinhJYuR
 SF:HAPTpu3so6Tg9y23rmXDyp3;path=/;\x20Secure,\x20postId=;\x20Secure;\x20\r
 SF:\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=\"Refresh\"\r\ncontent=\"
 SF:1;url=html/login\.html\">\r\n</head>\r\n\r\n<body>\r\n</body>\r\n</html
 SF:>\r\n")%r(FourOhFourRequest,619,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20e
 SF:HTTP\x20v2\.0\r\nConnection:\x20close\r\nContent-Type:\x20text/html\r\n
 SF:Content-Length:\x201402\r\nCache-Control:\x20no-cache\r\nX-Frame-Option
 SF:s:\x20SAMEORIGIN\r\n\r\n<html>\n<head>\n<script\x20type=\"text/javascri
 SF:pt\">\n/\*\x20clearing\x20the\x20cookies\x20when\x20session\x20timed\x2
 SF:0out\x20\*/\nfunction\x20delete_cookie\x20\(\x20cookie_name\x20\)\n{\n\
 SF:x20\x20var\x20cookie_date\x20=\x20new\x20Date\x20\(\x20\);\x20\x20//\x2
 SF:0current\x20date\x20&\x20time\n\x20\x20cookie_date\.setTime\x20\(\x20co
 SF:okie_date\.getTime\(\)\x20-\x201\x20\);\n\x20\x20document\.cookie\x20=\
 SF:x20cookie_name\x20\+=\x20\"=;\x20expires=\"\x20\+\x20cookie_date\.toGMT
 SF:String\(\);\n}\ndelete_cookie\x20\(\x20\"sessionId\"\x20\);\nvar\x20ssl
 SF:\x20=\x202;\nvar\x20port=\x20443;\nvar\x20ipv6Redirect;\nfunction\x20is
 SF:Ipv6\(\)\n\x20\x20\x20\x20{\n\x20\x20\x20\x20\x20\x20\x20\x20var\x20ip=
 SF:\x20\"10\.1\.79\.254\";\n\x20\x20\x20\x20if\x20\(ip\.indexOf\(\":\"\)\x
 SF:20>=\x200\)\n\t{\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
 SF:x20\x20\x20var\x20str=ip\.toString\(\);\n\t\tif\(str\.indexOf\(\"%\"\)\
 SF:x20>=\x200\)\n\t\t{\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
 SF:20\x20\x20\x20\tipv6Redirect=str\.substring\(0,str\.indexOf\(\"%\"\)\);
 SF:\n\t\t}\n\t\telse\n\t\t{\n\t\t\tipv6Redirect=str;\n\t\t}\n\x20\x20\x20\
 SF:x20\x20\x20\x20\x20\treturn\x20true;\n\t}\n\x20\x20\x20\x20return\x20fa
 SF:lse;\n\x20\x20\x20\x20}\x20\nif\(ssl\x20==\x202\)\n{\n\tif\(isI");
 MAC Address: 24:BE:05:31:C7:00 (Unknown)
 No exact OS matches for host (If you know what OS is running on it, see
 http://.
 TCP/IP fingerprint:
 OS:SCAN(V=6.00%E=4%D=3/9%OT=22%CT=1%CU=35625%PV=Y%DS=1%DC=D%G=Y%M=24BE05%TM
 OS:=54FD941E%P=i686-pc-linux-
 gnu)SEQ(SP=72%GCD=1%ISR=96%TI=I%CI=I%II=I%SS=S
 OS:%TS=A)SEQ(SP=8E%GCD=1%ISR=96%TI=I%CI=I%TS=A)OPS(O1=M5B4NW1NNSNNT11%O2=M5
 OS:78NW1NNSNNT11%O3=M280NW1NNT11%O4=M5B4NW1NNSNNT11%O5=M218NW1NNSNNT11%O6=M
 OS:109NNSNNT11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%
 OS:DF=Y%T=41%W=FFFF%O=M5B4NW1NNS%CC=N%Q=)T1(R=Y%DF=Y%T=41%S=O%A=S+%F=AS%RD=
 OS:0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF
 OS:=N%T=1%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=1%W=0%S=A%A=Z%F=R%O=%R
 OS:D=0%Q=)T7(R=Y%DF=N%T=1%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=100%IP
 OS:L=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=100%CD=S)

 Uptime guess: 11.383 days (since Thu Feb 26 03:25:44 2015)
 Network Distance: 1 hop
 TCP Sequence Prediction: Difficulty=136 (Good luck!)
 IP ID Sequence Generation: Incremental
 Service Info: Device: switch

 TRACEROUTE
 HOP RTT      ADDRESS
 1   26.19 ms 10.1.79.254

 NSE: Script Post-scanning.
 Initiating NSE at 12:37
 Completed NSE at 12:37, 0.00s elapsed
 Read data files from: /usr/bin/../share/nmap
 OS and Service detection performed. Please report any incorrect results at
 http.
 Nmap done: 1 IP address (1 host up) scanned in 135.55 seconds
            Raw packets sent: 1134 (54.692KB) | Rcvd: 1085 (46.188KB)
 }}}


 Attempting to use normal bridges also fails:

 {{{
 UseBridges 1
 bridge 193.28.228.45:443
 bridge 87.238.161.57:444
 bridge [2a00:7000:3:0:216:3eff:fe9f:34d7]:443
 }}}

 Route table:
 {{{
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use
 Iface
 0.0.0.0         10.1.79.254     0.0.0.0         UG    0      0        0
 wlan0
 10.1.64.0       0.0.0.0         255.255.240.0   U     0      0        0
 wlan0
 }}}

 Log:
 {{{
 Mar 09 12:45:37.000 [notice] Tor 0.2.5.10 (git-43a5f3d91e726291) opening
 log file.
 Mar 09 12:45:37.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Mar 09 12:45:37.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Mar 09 12:45:37.000 [notice] Bootstrapped 0%: Starting
 Mar 09 12:45:38.000 [notice] Delaying directory fetches: No running
 bridges
 Mar 09 12:45:39.000 [notice] Bootstrapped 5%: Connecting to directory
 server
 Mar 09 12:45:39.000 [warn] Problem bootstrapping. Stuck at 5%: Connecting
 to directory server. (Network is unreachable; NOROUTE; count 1;
 recommendation warn)
 Mar 09 12:45:39.000 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Mar 09 12:47:46.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing
 handshake with directory server. (Connection timed out; TIMEOUT; count 3;
 recommendation warn)
 Mar 09 12:47:46.000 [warn] 1 connections have failed:
 Mar 09 12:47:46.000 [warn]  1 connections died in state handshaking (Tor,
 v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
 }}}

 pcap generated like so:
 {{{
 tcpdump -v -i wlan0 -s0 -w cyberoam-regular-bridge-000.pcap
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15198#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list