Cisco firewall filtering Tor?
Jay Goodman Tamboli
jay at tamboli.cx
Fri Jun 15 22:02:13 UTC 2007
On 6/14/07, Mike Perry <mikeperry at fscked.org> wrote:
> Hey Jay!
Hey Mike!
> AUTHENTICATE
> SETEVENTS EXTENDED CIRC ORCONN
I'm not completely sure how to read this, but it's cleaner than the
debug log. I see various "failed" messages, like the following:
650 ORCONN kgabertgoldmine2 FAILED REASON=DONE NCIRCS=2
650 CIRC 1721 FAILED REASON=OR_CONN_CLOSED
650 CIRC 1722 FAILED REASON=TIMEOUT
It appears all the CIRC ... FAILED messages are due to OR_CONN_CLOSED
or TIMEOUT.
> Might also be a good idea to kill tor, fire up wireshark
> (www.wireshark.org), start a network capture, start tor, and let it
> try to make some circuits for a bit. Then save the capture, and post
> it and the control port info and possibly logs somewhere so we can
> look at the results.
Oddly, Wireshark examination of tcpdump shows communications in both
directions, so it appears the firewall isn't blocking connections
completely.
Even more oddly, I set my home SSH server to listen on port 443, and
that works fine. That same machine is running as a tor server, so
either the firewall is blocking tor servers only on tor ports (but
then why can I see connections in the dump?) or they're not blocking
tor and something else is wrong.
> If they are doing content-based filtering like this, it is likely they
> are also blocking directory connections too..
I don't think so. I can telnet to BostonUCompSci (128.197.11.30) port
80 and send "GET /", and I get back what looks like Tor stuff. This is
another reason I suspect that it's a Tor issue rather than the
firewall blocking outright.
For what it's worth, I tried running with ReachableAddresses *:443
from an open network earlier today, and it worked fine.
Thanks for your help, everybody!
/jgt
--
http://tamboli.cx/
More information about the tor-talk
mailing list