[tor-bugs] #32026 [Circumvention/Censorship analysis]: Using An Alternative To TCP To Avoid Packet Injection?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 11 14:04:14 UTC 2019
#32026: Using An Alternative To TCP To Avoid Packet Injection?
-----------------------------------------------+------------------------
Reporter: Aphrodites1995 | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Circumvention/Censorship analysis | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------------+------------------------
Comment (by dcf):
Replying to [comment:2 Aphrodites1995]:
> So how exactly does the GFW get the IPs to ban?
That's a big topic. See [https://research.torproject.org/techreports/ten-
ways-discover-tor-bridges-2011-10-31.pdf Ten ways to discover Tor
bridges]. In China, it's some combination of at least the following
techniques:
* Harvesting addreses from BridgeDB (this is private obfs4 bridges work,
but ones from BridgeDB do not).
* Extracting hard-coded addresses from source code or executable
packages.
* Running a client copy of Tor or Tor Browser in a black-box fashion and
recording the addresses it connects to.
* Running middle nodes and recording the addresses that connect to them.
* Identifying the Tor protocol by its TLS handshake (when pluggable
transports are not used).
* Active probing to check whether a server really is a Tor bridge (works
on plain Tor and obfs3, does not work on meek and obfs4).
The blocking techniques affect more than Tor. Here is some of the
background research.
* [https://censorbib.nymity.ch/#Winter2012a How the Great Firewall of
China is Blocking Tor] - active probing
* [https://censorbib.nymity.ch/#Ling2012a Extensive Analysis and Large-
Scale Empirical Evaluation of Tor Bridge Discovery] - harvesting from
BridgeDB and running middle nodes (not about the GFW specifically)
* [https://censorbib.nymity.ch/#Matic2017a Dissecting Tor Bridges: a
Security Evaluation of Their Private and Public Infrastructures] -
Internet-wide port scanning (not about the GFW specifically)
* [https://www.bamsoftware.com/papers/thesis/#chap:proxy-probe Time
delays in censor's reactions] - extracting addresses from code
* [https://censorbib.nymity.ch/#Dunna2018a Analyzing China's Blocking of
Unpublished Tor Bridges] - active probing
There are short summaries of some of these papers at
https://www.bamsoftware.com/papers/thesis/summaries.txt and
https://groups.google.com/d/msg/traffic-obf/-z0gzKONGtI/r07EA8hUAAAJ.
> How do you avoid them getting these IPs now?
By using pluggable transports that are resistant to active probing and
passive detection, which at the moment is obfs4 and meek.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32026#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list