(FWD) Tor partially blocked in China; change your relay's IP address?

Wed Sep 30 09:15:04 UTC 2009

Seems that it's a weak point of current Tor architecture. From a network manager's point of view, simply blocking the Tor nodes posted in Tor directory servers will infuence Tor users dramatically in the local network. 

Fyi
(For those of you who want to be on tor-relays, you can learn more about
it at https://www.torproject.org/documentation.html.en#MailingLists )
--Roger
----- Forwarded message from Roger Dingledine <arma at MIT.EDU> -----
From: Roger Dingledine <arma at MIT.EDU>
To: tor-relays at torproject.org
Subject: Tor partially blocked in China; change your relay's IP address?
Delivery-Date: Wed, 30 Sep 2009 04:23:28 -0400
Hi folks,
China blocked about 80% of the public Tor relays last week:
https://blog.torproject.org/blog/tor-partially-blocked-china
They're really focused on circumvention tools this week in preparation
for their upcoming Oct 1:
http://en.wikipedia.org/wiki/National_Day_of_the_People's_Republic_of_China
Many bridges are still working fine, though they did block quite a few
of them too. Eventually it would be good to shift your Tor relay onto
an IP address that isn't blocked.
There are two ways that they're doing blocking. One is to filter your
whole IP address: no packets get in or out. You can check if this has
happened to you by trying to reach baidu.com from your IP address. The
other blocking approach is to send TCP reset packets when connections
are attempted to your IP:port. That's harder to check. I did a scan last
week from inside China, and I've put the result for your IP address up
at http://freehaven.net:8081/2009-09-24/<IP>
e.g. http://freehaven.net:8081/2009-09-24/128.31.0.34
Note that the above URL includes answers about both known-blocked relays
and also known-blocked bridges.
It's possible that they'll remove the blocking all by themselves in a
few days, once Oct 1 passes. It's also possible they'll do another round
of blocking real soon now. Hard to say.
So if it's hard for you to get a new IP address, I recommend waiting
until at least next week. But if you have plenty to spare (or you're
on a cable/DSL system that will give you a new IP address if you just
poweroff your cable modem for a while), then now would be a fine time
to switch to a new one.
Remember that if you're on a multi-homed computer and moving to a
non-default IP, you will want to set both Address and OutboundBindAddress
in your torrc.
Thanks!
--Roger
----- End forwarded message -----
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Allen Ling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090930/5fc9bdc2/attachment.htm>