[tor-relays] [Censorship in Russia] More of my bridges got blocked

gus gus at torproject.org
Wed Dec 29 19:14:50 UTC 2021 

Hi,

Thanks for running bridges!

On Wed, Dec 29, 2021 at 02:37:48PM +0000, Space Oddity via tor-relays wrote:
> Hello Tor people, just me chipping in about recent event.
> 
> Today, I discovered that somewhere around Dec, 22, all three of my recently
> launched bridges have been censored on at least one network (MegaFon Moscow
> AS25159). Metrics show a drastic traffic drop in the range of Dec, 21-23 for
> all three bridges.
> 
> Investigating further, I discovered (using tcptraceroute/nc) that all three hosts
> started responding with RSTs to all of their open ports (not only bridge ports
> but SSH and other recently opened ports too). NATd source IP address was
> unchanged from my usual one in every case.
> 
> One of the bridges had distribution method set to HTTPS, and the other two
> were distributed via Moat. All ran recent Tor 0.4.6.8 Docker image.
> 
> NB: One of the bridges has incorrect 'First seen' date on the metrics portal -
> it displays '2021-12-25' despite being launched several days prior.
> 
> To summarize:
> 
>   1. Bridge blocking happens via the common 'fast RST' method
>   2. It happened relatively quickly (all bridges are less than 10 days uptime
>      by now).
>   3. Somehow, all three of my recently launched bridges were blacklisted despite
>      using different ASs/hosters/countries for each. Is it a coincidence, or
>      it's because Moat prefers to hand out newer bridges first, or due to
>      something else entirely?
> 

Russia is enumerating and blocking Tor bridges. They've enumerated and
blocked bridges twice: Dec 1st and during xmas (Dec 22-24). It's not
clear how and how many bridges they've enumerated. Perhaps they're
bypassing BridgeDB captcha[1].

I recommend following up this thread:
https://ntc.party/t/ooni-reports-of-tor-blocking-in-certain-isps-since-2021-12-01/1477

And if possible, please rotate your bridge IP address.

> Also, I can not rule out that some step in my distribution chain was
> compromised -- I gave out these bridges privately to a few friends.
> 

I don't think so as I also saw my new bridges getting blocked during
xmas too.

> --
> Best regards,
> Space Oddity.

cheers,
Gus

[1]
https://lists.torproject.org/pipermail/anti-censorship-team/2021-December/000208.html

> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
The Tor Project
Community Team Lead
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211229/d842c1b4/attachment.sig>

More information about the tor-relays mailing list