Hey Nathan, We are working on a very similar topic over here at Internews.
We are looking to use it in trainings to give users a realistic censorship environment to work against, and possibly use it to improve testing of censorship-resilient tools. It looks like we are going to go for a more powerful embedded device so that we can handle a decent sized training. I have just started playing with nDPI http://www.ntop.org/products/ndpi/ (a descendant of OpenDPI) as a netfilter plugin https://github.com/lefoyer/ndpi-netfilter so that I can do most of the work in iptables. nDPI already has a detector for Tor, which was a major factor in choosing it. Best, s2e seamus tuohy | Technology Advisor - Internet Initiatives [email protected] Skype/XMPP on request PGP: D0DB 168D E70B E627 CFEA 63C3 0F62 4C0A DA72 5695 MiniLock: 2G3JmRWRYB3B7rthZqkzomcRe8GwJvPtSooA748XMsTBdf INTERNEWS | Local Voices. Global Change. www.internews.org | @internews On 09/02/2014 11:41 AM, Nathan of Guardian wrote: > -------- Forwarded Message -------- > Subject: [tor-talk] Better testing through filternets > Date: Tue, 02 Sep 2014 11:40:01 -0400 > From: Nathan Freitas <nathan at freitas.net> > Reply-To: tor-talk at lists.torproject.org > To: tor-talk at lists.torproject.org > > > I am working on improving our ability to do more thorough and > standardized testing of Orbot, etc. As part of this, I am trying to > come up with a simple filternet configuration based on OpenWRT, running > on a TP Link MR3020. > > Currently, I have this working: > > - Use Dnsmasq to block high profile target domains (torproject.org, > google, facebook, twitter, whatsapp, etc) > - Block all HTTPS traffic (port 443) > > This simulates most of the common DNS poisoning and port blocking types > attacks, though Tor can still easily connect at this point. > > I would like the ability to simulate a more severe environment, where > for instance, Tor itself is targeted, and bridges are required. Any > thoughts or experience doing this? > > - Block IPs/domains for known Tor Authority nodes > > - block based on Tor protocol characteristics: ssl certs, common ports, etc > > Thanks for any feedback, pointers, links, etc. > > +n > > _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
