[tor-bugs] #27435 [Obfuscation/Censorship analysis]: Poland, PLAY operator and OBFS4

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 25 10:33:08 UTC 2019 

#27435: Poland, PLAY operator and OBFS4
---------------------------------------------+---------------------
 Reporter:  VeryVeryBadUser                  |          Owner:  dcf
     Type:  defect                           |         Status:  new
 Priority:  High                             |      Milestone:
Component:  Obfuscation/Censorship analysis  |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:                                   |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+---------------------
Changes (by anadahz):

 * cc: anadahz (added)


Comment:

 Could you please provide more details such as the type of connection
 (broadband or mobile) use, the AS number and any other information that
 could help us better understand this?

 Below an excerpt from a **Tor vanilla** successful bootstrap using Tor
 Browser from PLAY ISP in Poland:
 {{{
 2/25/19, 10:02:07.410 [NOTICE] Bootstrapped 10%: Finishing handshake with
 directory server
 2/25/19, 10:02:07.420 [NOTICE] Bootstrapped 80%: Connecting to the Tor
 network
 2/25/19, 10:02:07.208 [NOTICE] Bootstrapped 90%: Establishing a Tor
 circuit
 2/25/19, 10:02:08.910 [NOTICE] Bootstrapped 100%: Done
 2/25/19, 10:02:08.922 [NOTICE] New control connection opened from
 127.0.0.1.
 2/25/19, 10:02:09.500 [NOTICE] New control connection opened from
 127.0.0.1.
 2/25/19, 10:04:41.971 [NOTICE] Switching to guard context "bridges" (was
 using "default")
 2/25/19, 10:04:41.971 [NOTICE] Delaying directory fetches: No running
 bridges
 2/25/19, 10:04:44.274 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 2/25/19, 10:04:45.498 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 2/25/19, 10:04:45.796 [NOTICE] new bridge descriptor 'dragon' (fresh):
 $D9A82D2F9C2F65A18407B1D2B764F130847F8B5D~dragon at 37.218.245.14
 2/25/19, 10:04:45.796 [NOTICE] Our directory information is no longer up-
 to-date enough to build circuits: We're missing descriptors for 1/2 of our
 primary entry guards (total microdescriptors: 6446/6446).
 2/25/19, 10:04:45.948 [NOTICE] new bridge descriptor 'zipfelmuetze'
 (fresh): $91A6354697E6B02A386312F68D82CF86824D3606~zipfelmuetze at
 85.31.186.26
 2/25/19, 10:04:46.216 [NOTICE] new bridge descriptor 'griinchux' (fresh):
 $011F2599C0E9B27EE74B353155E244813763C3E5~griinchux at 85.31.186.98
 2/25/19, 10:04:46.307 [NOTICE] new bridge descriptor 'ndnop3' (fresh):
 $8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E~ndnop3 at 109.105.109.165
 2/25/19, 10:04:46.386 [NOTICE] new bridge descriptor 'ndnop5' (fresh):
 $BBB28DF0F201E706BE564EFE690FE9577DD8386D~ndnop5 at 109.105.109.147
 2/25/19, 10:04:46.426 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6
 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on
 the configured Bridge address.
 2/25/19, 10:04:46.426 [NOTICE] new bridge descriptor 'NX01' (fresh):
 $FC259A04A328A07FED1413E9FC6526530D9FD87A~NX01 at 85.17.30.79
 2/25/19, 10:04:46.511 [NOTICE] new bridge descriptor 'cymrubridge31'
 (fresh): $C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4~cymrubridge31 at
 38.229.1.78
 2/25/19, 10:04:46.604 [NOTICE] new bridge descriptor 'smallerRichard'
 (fresh): $FB70B257C162BF1038CA669D568D76F5B7F0BABB~smallerRichard at
 144.217.20.138
 2/25/19, 10:04:46.783 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 2/25/19, 10:04:46.854 [NOTICE] new bridge descriptor 'cymrubridge33'
 (fresh): $0BAC39417268B96B9F514E7F63FA6FBA1A788955~cymrubridge33 at
 38.229.33.83
 2/25/19, 10:04:46.916 [NOTICE] new bridge descriptor 'noisebridge01'
 (fresh): $0DB8799466902192B6C7576D58D4F7F714EC87C1~noisebridge01 at
 216.252.162.21
 2/25/19, 10:05:06.594 [NOTICE] New control connection opened from
 127.0.0.1.
 2/25/19, 10:06:54.649 [WARN] Proxy Client: unable to connect to
 154.35.22.10:15937 ("general SOCKS server failure")
 2/25/19, 10:06:54.650 [WARN] Proxy Client: unable to connect to
 154.35.22.13:16815 ("general SOCKS server failure")
 2/25/19, 10:06:54.652 [WARN] Proxy Client: unable to connect to
 154.35.22.9:12166 ("general SOCKS server failure")
 2/25/19, 10:06:54.653 [WARN] Proxy Client: unable to connect to
 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure")
 2/25/19, 10:06:54.653 [WARN] Proxy Client: unable to connect to
 154.35.22.12:4304 ("general SOCKS server failure")
 2/25/19, 10:06:54.654 [WARN] Proxy Client: unable to connect to
 154.35.22.11:80 ("general SOCKS server failure")
 2/25/19, 10:06:54.655 [WARN] Proxy Client: unable to connect to
 192.99.11.54:443 ("general SOCKS server failure")
 }}}

 Similar Tor Browser bootstraped using **obfs4**:
 {{{
 2/25/19, 10:10:02.624 [NOTICE] DisableNetwork is set. Tor will not make or
 accept non-control network connections. Shutting down all existing
 connections.
 2/25/19, 10:10:02.624 [NOTICE] Opening Socks listener on 127.0.0.1:9150
 2/25/19, 10:10:02.624 [NOTICE] Opened Socks listener on 127.0.0.1:9150
 2/25/19, 10:10:04.675 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6
 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on
 the configured Bridge address.
 2/25/19, 10:10:04.675 [NOTICE] Bootstrapped 5%: Connecting to directory
 server
 2/25/19, 10:10:04.686 [NOTICE] Bootstrapped 10%: Finishing handshake with
 directory server
 2/25/19, 10:10:04.687 [NOTICE] Bootstrapped 80%: Connecting to the Tor
 network
 2/25/19, 10:10:04.688 [NOTICE] Bootstrapped 85%: Finishing handshake with
 first hop
 2/25/19, 10:10:05.580 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 2/25/19, 10:10:05.958 [NOTICE] new bridge descriptor 'ndnop5' (fresh):
 $BBB28DF0F201E706BE564EFE690FE9577DD8386D~ndnop5 at 109.105.109.147
 2/25/19, 10:10:06.180 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 2/25/19, 10:10:06.380 [NOTICE] Bootstrapped 90%: Establishing a Tor
 circuit
 2/25/19, 10:10:06.163 [NOTICE] Bridge 'NX01' has both an IPv4 and an IPv6
 address.  Will prefer using its IPv4 address (85.17.30.79:443) based on
 the configured Bridge address.
 2/25/19, 10:10:06.163 [NOTICE] new bridge descriptor 'NX01' (fresh):
 $FC259A04A328A07FED1413E9FC6526530D9FD87A~NX01 at 85.17.30.79
 2/25/19, 10:10:06.743 [NOTICE] Bootstrapped 100%: Done
 2/25/19, 10:10:07.585 [NOTICE] New control connection opened from
 127.0.0.1.
 2/25/19, 10:10:07.872 [NOTICE] New control connection opened from
 127.0.0.1.
 2/25/19, 10:10:08.173 [WARN] Proxy Client: unable to connect to
 37.218.240.34:40035 ("general SOCKS server failure")
 }}}

 The tests were made possible thanks to [https://hackerspace.pl/ Warsaw
 Hackerspace].

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27435#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list