[tor-talk] Pluggable Transports and DPI
Roger Dingledine
arma at mit.edu
Thu May 12 04:19:29 UTC 2016
On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote:
> Justin helped me by running some tests and we think we know how this
> Cyberoam device is blocking meek connections. It blocks TLS connections
> that have the Firefox 38's TLS signature and that have an SNI field that
> is one of our front domains: www.google.com, a0.awsstatic.com,
> ajax.aspnetcdn.com.
Good stuff!
It's clear that they had a person look at the topic and decide on a way
to block it -- accepting some collateral damage and making a guess about
how many unhappy people it would produce. They benefited from the fact
that the customers behind this Cyberoam weren't an entire country, meaning
they were betting that a low collateral damage was not many people at all.
Do we know anything about how they decided to detect obfs4 (and what
collateral damage they decided was acceptable there)?
--Roger
More information about the tor-talk
mailing list