[tor-bugs] #20348 [Metrics/Censorship analysis]: cyberoam assists bloody dictatorships.

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 5 19:48:50 UTC 2016


#20348: cyberoam assists bloody dictatorships.
-----------------------------------------+-------------------------
 Reporter:  dcf                          |          Owner:
     Type:  project                      |         Status:  closed
 Priority:  Medium                       |      Milestone:
Component:  Metrics/Censorship analysis  |        Version:
 Severity:  Normal                       |     Resolution:  invalid
 Keywords:  censorship block kz          |  Actual Points:
Parent ID:                               |         Points:
 Reviewer:                               |        Sponsor:
-----------------------------------------+-------------------------

Comment (by dcf):

 Replying to [comment:130 dcf]:
 > Replying to [comment:128 cypherpunks]:
 > > How to reliably confirm/deny vendor of censorship box? It can be
 fortinet, cyberoam, bluecoat, something yet.
 >
 > Here is one paper on the subject:
 >   http://conferences.sigcomm.org/imc/2013/papers/imc112s-dalekA.pdf
 > They do an Internet-wide search (using e.g. [https://www.shodan.io/
 Shodan], [https://censys.io/ Censys], or [https://scans.io/ scans.io]
 data) for known strings. Then they submit new URLs and see whether they
 get blocked.
 >
 > Here's an example of using the technique to identify Netsweeper in
 Pakistan:
 >   https://citizenlab.org/2013/06/o-pakistan/

 Another way to do it is to make a list of what URLs are blocked, and
 compare them to the blocking categories of each hardware vendor. Of
 course, this only works if the censors are using the vendor-provided
 categories. I haven't ever done this kind of experiment myself, but I
 think some people have.

 Even if the DPI boxes are transparent, they might expose a web interface
 over an IP address or something. Even a transparent HTTP proxy will have
 implementation-specific differences in the way it treats strange HTTP
 headers, for example. I think there are ways to fingerprint the censorship
 device if we try.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:138>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list