[tor-talk] Pluggable Transports and DPI

Roger Dingledine arma at mit.edu
Thu May 12 04:19:29 UTC 2016

On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote:
> Justin helped me by running some tests and we think we know how this
> Cyberoam device is blocking meek connections. It blocks TLS connections
> that have the Firefox 38's TLS signature and that have an SNI field that
> is one of our front domains: www.google.com, a0.awsstatic.com,
> ajax.aspnetcdn.com.

Good stuff!

It's clear that they had a person look at the topic and decide on a way
to block it -- accepting some collateral damage and making a guess about
how many unhappy people it would produce. They benefited from the fact
that the customers behind this Cyberoam weren't an entire country, meaning
they were betting that a low collateral damage was not many people at all.

Do we know anything about how they decided to detect obfs4 (and what
collateral damage they decided was acceptable there)?


More information about the tor-talk mailing list