On Thu, Nov 17, 2016 at 05:16:49AM -0600, Justin wrote: > OBFS4 is blocked behind both filters. Cyberoam is doing some sort of > timing attack, but I’m not sure what. When a bridge is used by lots of > people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t > fix the issue. When I tried a bridge with not many users, it worked no > matter what Iat mode was set at.
What makes you think it's a timing attack? I would block obfs4 by checking if a bunch of rules are satisfied, for example: Does the server reply to arbitrary requests? Is the packet payload of high entropy? What do the directions of the first n packets look like? > Behind iBoss, they are fingerprinting Packet Interarrival times. Iat > mode 1 and 2 worked no matter how much load the bridges had on them. Is obfs4 blocked if you don't enable IAT mode? It would surprise me if anyone really uses inter-arrival times for fingerprinting. Packet jitter causes a lot of noise, which is why I imagine it to be an unreliable data source. Then again, if the DPI boxes are topologically close to the origin, the noise might be negligible. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
