On Thu, Nov 17, 2016 at 05:16:49AM -0600, Justin wrote: > OBFS4 is blocked behind both filters. Cyberoam is doing some sort of > timing attack, but I’m not sure what. When a bridge is used by lots of > people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t > fix the issue.
When you say a bridge has to be used by lots of people, how many is a lot? Do those users also have to be behind the Cyberoam firewall, or can they be somewhere else? (I wonder if the firewall is counting users, or something.) In https://bugs.torproject.org/20348 we are investigating the Kazakh firewall that shows behavior consistent with your Cyberoam observations: obfs4 bridges with lots of users are somehow dynamically detected and blocked. For example, https://bugs.torproject.org/20348#comment:48 https://bugs.torproject.org/20348#comment:50 https://bugs.torproject.org/20348#comment:60 suggests hacking the server code to add some extra delays. Do you think something like that would help? I suppose you would need it to be running on a heavily used bridge in order to make a meaningful test. > When I tried a bridge with not many users, it worked no > matter what Iat mode was set at. Behind iBoss, they are fingerprinting > Packet Interarrival times. Iat mode 1 and 2 worked no matter how much > load the bridges had on them. The next release of Tor Browser will have a few iat-mode=1 and iat-mode=2 default bridges. See: https://lists.torproject.org/pipermail/tor-project/2016-November/000776.html -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
