On Tue, 28 Feb 2012 00:30:36 -0500 [email protected] wrote: > Indeed, see > https://blog.torproject.org/blog/kazakhstan-upgrades-censorship-deep-packet-inspection > > You need the obfsproxy bundle, > https://www.torproject.org/projects/obfsproxy.html.en.
Here's slightly more data on .kz. A volunteer and I coordinated testing and now we have both sides of the conversation. I don't think this changes anything. It still seems the blocking is done at the client key exchange. An alternative is that the server hello triggers the blocking and the blocking is just really slow. -- Andrew http://tpo.is/contact pgp 0x6B4D6475
|Time | tor client in .kz | | | | tor bridge in .is | |11875.330| 8281 > https [SYN] |TCP: 8281 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1380 SACK_PERM=1 | |(8281) ------------------> (443) | |11875.330| https > 8281 [SYN, |TCP: https > 8281 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 | |(8281) <------------------ (443) | |11875.503| 8281 > https [ACK] |TCP: 8281 > https [ACK] Seq=1 Ack=1 Win=64860 Len=0 | |(8281) ------------------> (443) | |11875.506| Client Hello |TLSv1: Client Hello | |(8281) ------------------> (443) | |11875.507| https > 8281 [ACK] |TCP: https > 8281 [ACK] Seq=1 Ack=202 Win=6432 Len=0 | |(8281) <------------------ (443) | |11875.510| Server Hello, Certi |TLSv1: Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |11878.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |11884.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |11896.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |11920.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |11968.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |12064.507| [TCP Retransmission |TLSv1: [TCP Retransmission] Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(8281) <------------------ (443) | |12176.076| https > 8281 [FIN, |TCP: https > 8281 [FIN, ACK] Seq=934 Ack=202 Win=6432 Len=0 | |(8281) <------------------ (443) |
|Time | tor client in .kz | | | | tor bridge in .is | |5.632 | 49398 > https [SYN] |TCP: 49398 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1 | |(49398) ------------------> (443) | |5.806 | https > 49398 [SYN, |TCP: https > 49398 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1380 SACK_PERM=1 | |(49398) <------------------ (443) | |5.806 | 49398 > https [ACK] |TCP: 49398 > https [ACK] Seq=1 Ack=1 Win=64860 Len=0 | |(49398) ------------------> (443) | |5.806 | Client Hello |TLSv1: Client Hello | |(49398) ------------------> (443) | |5.982 | https > 49398 [ACK] |TCP: https > 49398 [ACK] Seq=1 Ack=202 Win=6432 Len=0 | |(49398) <------------------ (443) | |5.988 | Server Hello, Certi |TLSv1: Server Hello, Certificate, Server Key Exchange, Server Hello Done | |(49398) <------------------ (443) | |5.994 | Client Key Exchange |TLSv1: Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |6.438 | [TCP Retransmission |TLSv1: [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |7.318 | [TCP Retransmission |TLSv1: [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |9.078 | [TCP Retransmission |TLSv1: [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |12.598 | [TCP Retransmission |TLSv1: [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |19.638 | [TCP Retransmission |TLSv1: [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message | |(49398) ------------------> (443) | |33.719 | 49398 > https [RST, |TCP: 49398 > https [RST, ACK] Seq=400 Ack=934 Win=0 Len=0 | |(49398) ------------------> (443) |
_______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
