[tor-talk] torproject.org censorship detection using RIPE atlas?
Philipp Winter
phw at nymity.ch
Tue Feb 18 17:51:37 UTC 2014
On Tue, Feb 18, 2014 at 02:03:58PM +0100, Max Jakob Maass wrote:
> I am currently running two RIPE Atlas probes [0] and had accumulated
> some points to use their measurement API, so I set up a measurement to
> check the SSL Certificate of torproject.org from as many countries as
> possible to detect MITM attacks on the website (mostly from state
> actors). I also requested the DNS A-Record for torproject.org (to
> check for falsified DNS records).
That's quite exciting -- thanks for sharing the data!
> Then, there are some US-american probes that are returning an
> SSL-Certificate for *.opendns.com instead of the correct result. I
> have no idea what's going on there, but as opendns is a sponsor of the
> RIPE atlas, it may be that they are hosting a bunch of probes behind a
> SSL-terminating firewall for some reason. Still, if someone wants to
> look into it, it may be interesting.
The probes might be using OpenDNS as their DNS resolver. OpenDNS can block
website categories such as "proxy/anonymiser" which happens to contain
torproject.org. When resolving a blocked domain, you are being redirected to
an OpenDNS page explaining what happened. Every now and then, there are exit
relays which have the same problem.
Cheers,
Philipp
More information about the tor-talk
mailing list