[tor-talk] Better testing through filternets

[Nathan Freitas]

I am working on improving our ability to do more thorough and
standardized testing of Orbot, etc. As part of this, I am trying to
come up with a simple filternet configuration based on OpenWRT, running
on a TP Link MR3020.

Currently, I have this working:

- Use Dnsmasq to block high profile target domains (torproject.org,
google, facebook, twitter, whatsapp, etc)
- Block all HTTPS traffic (port 443)

This simulates most of the common DNS poisoning and port blocking types
attacks, though Tor can still easily connect at this point.

I would like the ability to simulate a more severe environment, where
for instance, Tor itself is targeted, and bridges are required. Any
thoughts or experience doing this?

- Block IPs/domains for known Tor Authority nodes

- block based on Tor protocol characteristics: ssl certs, common ports, etc

Thanks for any feedback, pointers, links, etc.

+n