Is China successfully probing OBFS4 bridges? Or does this apply more to non obfs bridges? On Sun, Aug 19, 2018 at 6:57 PM David Fifield <[email protected]> wrote:
> A paper from FOCI 2018 by Arun Dunna, CiarĂ¡n O'Brien, and Phillipa Gill > on the subject of Tor bridge blocking in China has this interesting > suggestion (Section 5.2): > > https://www.usenix.org/conference/foci18/presentation/dunna > To do this, we write a series specific rules using iptables in > order to drop packets from Chinese scanners. ... We use a rule > to drop incoming Tor packets with an MSS of 1400. Further > investigation would be needed to analyze potential false > positives... We note that this method of dropping scan traffic > successfully keeps our bridge relays from being blocked and > allows our client in China to maintain access to the bridge. > > Like https://github.com/NullHypothesis/brdgrd, surely this trick won't > work forever, but if you're setting up a new bridge, it's worth a try? > > This is completely untested, but I think the iptables rule would look > something like this: > iptables -A INPUT --protocol tcp --dport [your-bridge-port] -m tcpmss > --mss 1400 -j DROP > > Then, after a while, check /var/lib/tor/stats/bridge-stats and see if > you have any connections from "cn". > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
