[tor-talk] OBFS4 Blocking
davisjustin002 at gmail.com
Thu Nov 17 11:16:49 UTC 2016
I’ve been doing research to see how some of the pluggable transports are getting blocked with DPI. I used a Cyberoam filter under my control for testing, and an iBoss filter at a different location.
OBFS4 is blocked behind both filters. Cyberoam is doing some sort of timing attack, but I’m not sure what. When a bridge is used by lots of people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t fix the issue. When I tried a bridge with not many users, it worked no matter what Iat mode was set at. Behind iBoss, they are fingerprinting Packet Interarrival times. Iat mode 1 and 2 worked no matter how much load the bridges had on them.
Hopefully this information can help people understand a little more about how these transports are filtered.
More information about the tor-talk