Opened 5 months ago

Last modified 5 months ago

#26807 new defect

Venezuela blocks access to the Tor network

Reported by: ptdetector Owned by: dcf
Priority: Medium Milestone:
Component: Obfuscation/Censorship analysis Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://www.accessnow.org/venezuela-blocks-tor/

Access Now’s partners have confirmed that the Tor network — a widely used tool allowing users to browse the internet anonymously — was blocked in Venezuela last week over the government-owned internet service provider CANTV, by far the largest ISP in the country.
“It seems that the government of Venezuela has found out how to do a very sophisticated block for the Tor network. It’s not only on the direct access channels, but also the bridges Tor provides to bypass that blocking,” said Melanio Escobar, Venezuelan technologist and journalist, and founder of Redes Ayuda.

Child Tickets

Change History (16)

comment:1 Changed 5 months ago by ptdetector

https://old.reddit.com/r/security/comments/8txrq3/venezuela_is_blocking_access_to_the_tor_network/e1biifp/

Now word on the street is that they block the obfs4 bridges bundled with Tor Browser, but if you get bridges from https://bridges.torproject.org, they work fine.

https://old.reddit.com/r/TOR/comments/8ykhjk/venezuela_blocks_tor_network/e2cgn46/

They're blocking bridges from that site too, so you have to get new bridges every 6-12 days.

Last edited 5 months ago by ptdetector (previous) (diff)

comment:2 Changed 5 months ago by ptdetector

Q:

what gets me the most about this news is that the Venezuelan government is paying technicians to block these channels, and these people are probably just as starved as the rest of the population but still agree to limit and block communication for themselves and others.

A:

they are

enchufados

they recieve dollars

comment:3 in reply to:  1 ; Changed 5 months ago by ProTipGuyFWIWWeLoveARMA

Replying to ptdetector:

https://www.reddit.com/r/security/comments/8txrq3/venezuela_is_blocking_access_to_the_tor_network/e1biifp/

Protip: Please share reddit links with old.reddit.com, the new design doesn't seem to work with Safest sec setting.

Last edited 5 months ago by ProTipGuyFWIWWeLoveARMA (previous) (diff)

comment:4 in reply to:  3 Changed 5 months ago by ptdetector

Replying to ProTipGuyFWIWWeLoveARMA:

Replying to ptdetector:

https://www.reddit.com/r/security/comments/8txrq3/venezuela_is_blocking_access_to_the_tor_network/e1biifp/

Protip: Please share reddit links with old.reddit.com, the new design doesn't seem to work with Safest sec setting.

Done.

comment:5 Changed 5 months ago by ptdetector

cantv.com.ve follows the blocklist used against customers as well

comment:6 in reply to:  1 Changed 5 months ago by arma

Replying to ptdetector:

They're blocking bridges from that site too, so you have to get new bridges every 6-12 days.

I would guess that this part is wrong. Instead, I guess that some of the bridges given out on bridges.torproject.org go down or rotate to a new IP address, you need to get a fresh set every so often as they rotate. And somebody misinterpreted "oh shoot my bridges stopped working" as censorship.

At least last I checked, CANTV was doing their censorship by IP:port TCP-level blocking, and no DPI was involved. Unless they changed?

comment:7 Changed 5 months ago by ptdetector

At least last I checked, CANTV was doing their censorship by IP:port TCP-level blocking, and no DPI was involved. Unless they changed?

It's IP:any_port for my tests with inbound connections now.

comment:8 Changed 5 months ago by ptdetector

https://ve.linkedin.com/in/nicola-cardillo-1979731b/en

Nicola Cardillo - Network Operations Center Manager - CANTV

https://ve.linkedin.com/in/luis-monsanto-880a944

Luis Monsanto - Regulatory Affairs Advisor - CANTV

32 000 enchufados

comment:9 Changed 5 months ago by madurosbus

CANTV does DPI for some connections, and blackhole another.
3 stage theory.

  1. Collect information about all connections. probe later?
  2. Real-time DPI scan (fps, entropy) if thresholds triggered. Collect information about denied connections.
  3. Blackhole IP address if threshold for denied connections triggered.

comment:10 in reply to:  9 Changed 5 months ago by arma

Replying to madurosbus:

CANTV does DPI for some connections, and blackhole another.

What's the evidence for the DPI part?

All the people on cantv that I've helped get Tor working are totally fine once they find an IP address that isn't blackholed.

comment:11 Changed 5 months ago by madurosbus

What's the evidence for the DPI part?

Successful TCP handshake (all SYNs, ACKs), connection dropped after TLS client hello.

comment:12 Changed 5 months ago by madurosbus

Samples
FA5F1AB3468F808B2FB05F2155C0481A3532C787 blackholed
40B206539ECDF83ACEAA34245CC82508077BBA14 connection dropped
45A793A276370DC6DCF5FDC915BE48F4AF487F28 successfully works

comment:13 Changed 5 months ago by madurosbus

"blackholed" and "connection dropped" stages belongs to the same blacklist, dpi (or what is it) does service degradation for TCP connections with addresses from list, percentage depends age and unknown thresholds.

comment:14 Changed 5 months ago by madurosbus

if traffic torturer shaper malfunctions (overload) connection closed just after successful TCP handshake. any ports.

comment:15 Changed 5 months ago by madurosbus

cantv (some networks) does redirection of all tcp ports to transparent proxy, most of proxies behaves like TPROXY but some reveals non client IP address.

comment:16 Changed 5 months ago by ptdetector

A group of blind men heard that a strange animal, called an elephant, had been brought to the town, but none of them were aware of its shape and form. Out of curiosity, they said: "We must inspect and know it by touch, of which we are capable". So, they sought it out, and when they found it they groped about it. In the case of the first person, whose hand landed on the trunk, said "This being is like a thick snake". For another one whose hand reached its ear, it seemed like a kind of fan. As for another person, whose hand was upon its leg, said, the elephant is a pillar like a tree-trunk. The blind man who placed his hand upon its side said, "elephant is a wall". Another who felt its tail, described it as a rope. The last felt its tusk, stating the elephant is that which is hard, smooth and like a spear.

Note: See TracTickets for help on using tickets.