[tor-bugs] #20348 [Metrics/Censorship analysis]: Kazakhstan blocking of vanilla Tor and obfs4, 2016-06
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 19 05:12:33 UTC 2016
#20348: Kazakhstan blocking of vanilla Tor and obfs4, 2016-06
-----------------------------------------+--------------------------
Reporter: dcf | Owner:
Type: project | Status: reopened
Priority: Medium | Milestone:
Component: Metrics/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: censorship block kz | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Comment (by dcf):
Here are Nmap scans of 92.63.88.128 and 92.62.192.41. 92.63.88.128 is the
server that blocked sites are redirected to (comment:145, comment:149) and
92.62.192.41 is the IP address to which 92.63.88.128 redirects when it
doesn't get the `?NTDzLZ` part.
* attachment:20161218-103025.nmap.gz
* attachment:20161218-103025.xml.gz
92.63.88.128 has two open ports: 22 and 80. SSH claims to be OpenSSH from
Debian. The best OS guess is Linux 3.
{{{
Nmap scan report for ip88-128.mwtv.lv (92.63.88.128)
Host is up, received user-set (0.38s latency).
Scanned at 2016-12-18 10:30:32 PST for 140s
Not shown: 543 filtered ports
Reason: 543 no-responses
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack OpenSSH 6.7p1 Debian
5+deb8u3 (protocol 2.0)
80/tcp open http syn-ack nginx
|_http-methods: No Allow or Public header in OPTIONS response (status code
405)
|_http-title: Did not follow redirect to http://92.62.192.41
Device type: general purpose|firewall|terminal|WAP|security-misc|printer
|storage-misc|webcam
OS fingerprint not ideal because: Host distance (12 network hops) is
greater than five
Aggressive OS guesses: Linux 3.11 - 3.13 (94%), Linux 3.2 - 3.8 (91%),
Linux 3.12 (90%), Linux 2.6.32 (90%), IPFire firewall 2.11 (Linux 2.6.32)
(89%), Linux 2.6.18 - 2.6.22 (89%), IGEL UD3 thin client (Linux 2.6)
(89%), Linux 2.6.35 (89%), Linux 3.1 - 3.2 (89%), Linux 2.6.32 - 2.6.39
(88%)
Uptime guess: 3.529 days (since Wed Dec 14 21:51:44 2016)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 291.51 ms 10.11.0.1
2 291.51 ms 185.120.77.1
3 294.56 ms telecom.gohost.kz (88.204.195.89)
4 316.18 ms 82.200.252.77
5 360.10 ms 92.47.151.204
6 361.46 ms 95.59.172.43
7 330.22 ms 95.59.172.19
8 363.46 ms mosc-mx-1.online.kz (92.47.145.110)
9 377.98 ms msk-ix2.lattelecom.lv (195.208.208.24)
10 378.19 ms 87.110.223.130
11 381.26 ms 91.90.249.194
12 370.74 ms ip88-128.mwtv.lv (92.63.88.128)
}}}
92.62.192.41 was completely non-responsive.
{{{
Nmap scan report for 92-62-192-41.customer.fuzion.dk (92.62.192.41)
Host is up, received user-set.
All 1000 scanned ports on 92-62-192-41.customer.fuzion.dk (92.62.192.41)
are filtered because of 1000 no-responses
Too many fingerprints match this host to give specific OS details
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 291.51 ms 10.11.0.1
2 ...
3 ...
4 ...
5 ...
6 296.49 ms 95.59.172.35
7 314.09 ms ebg02.transtelecom.net (217.150.44.14)
8 ...
9 376.32 ms de-cix.ip.nianet.net (80.81.194.79)
10 422.49 ms 93.176.94.188
11 ...
12 ...
13 ...
14 ...
15 ...
16 ...
17 ...
18 ...
19 ...
20 ...
21 ...
22 ...
23 ...
24 ...
25 ...
26 ...
27 ...
28 ...
29 ...
30 ...
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:167>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list