[tor-bugs] #30500 [Circumvention/Censorship analysis]: Can the GFW still do DPI for "new" vanilla Tor?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 25 16:05:45 UTC 2019
#30500: Can the GFW still do DPI for "new" vanilla Tor?
-----------------------------------------------+--------------------------
Reporter: phw | Owner: (none)
Type: task | Status: assigned
Priority: Low | Milestone:
Component: Circumvention/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: gfw, china | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------------+--------------------------
Comment (by arma):
Replying to [comment:2 phw]:
> The research team I've been in touch with could not trigger active
probing with tcis as the client and a netcat listener as the server. I
suggested to use a bridge instead of a netcat listener, which resulted in
active probing. This suggests that the GFW is also considering some
information that's sent from the server to the client.
It would be interesting, for posterity, for somebody (maybe somebody in
this research team you speak of) to poke at the server-side of the
handshake and figure out what exactly they're relying on to decide that
it's a Tor bridge. My guess is it's something in the SSL cert, e.g. the
address.
Or maybe it is simply an SSL response at all? I could imagine China is
trying to reduce the number of active probes they do, and if they didn't
check *something* on the server side, a client inside China could just
spam the internet with Tor client handshakes and then the active prober
would need to probe all of it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30500#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list