[tor-talk] Sonic Firewall, Iran related?

Collin Anderson collin at averysmallbird.com
Tue Feb 14 05:28:49 UTC 2012


Nathan,


> I see, and so on Android, where the CA was not installed, it was
> throwing the proper error perhaps?


If the SonicWall was proxying SSL with its own CA, wouldn't all HTTPS pages
be broken? More narrowly, if it was interfering with suspicious/aberrant
traffic, wouldn't Tor die with an error logged about an invalid cert?

Haha, well, I decided not to say, so I will not.


One should bear in mind then that particular countries have direct
connections to Iran. I would also add from observation that for some
unknown reason, a number of universities in South East Asia appear to be
unexpected sources of traffic to Persian-language websites.

I think a lot could be learned from a traceroute, looking at logs and
noting what certificates are being seen by the user.

Collin

On Mon, Feb 13, 2012 at 10:41 PM, Nathan Freitas <nathan at freitas.net> wrote:

> On 02/13/2012 01:53 PM, Andrew Lewman wrote:
> > The CA
> > was installed by the university on their mandated laptops, so students
> > would never know they were mitm'd the entire time.
>
> I see, and so on Android, where the CA was not installed, it was
> throwing the proper error perhaps?
>
> Anyhow, +1 for obfsproxy for working in this context.
>
> I am still curious of the possibility that Iran is running the same
> Sonic solution, or the timing is just a coincidence.
>
> +n
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.


More information about the tor-talk mailing list