Changes between Version 10 and Version 11 of doc/OONI/censorshipwiki


Ignore:
Timestamp:
Jun 16, 2012, 6:29:07 PM (7 years ago)
Author:
phw
Comment:

Updated Ethiopian section.

Legend:

Unmodified
Added
Removed
Modified
  • doc/OONI/censorshipwiki

    v10 v11  
    5656  * After DPI boxes detected the Tor cipher list, seemingly random machines connect to the suspected bridge and try to start a Tor connection. If this probing succeeds, the bridge is blocked. There is reason to believe, that the IP addresses of these machines is spoofed.
    5757
    58 
    5958=== Types of non-Tor censorship ===
    6059 
    6160=== Ways to bypass censorship ===
    6261 * The tool `brdgrd` can be run on bridges to split the TLS client hello into two TCP segments and thus evade the DPI boxes. The tool is available at: https://github.com/NullHypothesis/brdgrd .
    63  * Obfsproxy was found to evade the DPI boxes. However, the hard-coded bridges in the obfsproxy bundle are blocked so a private obfsproxy bridge is necessary.
     62 * [https://www.torproject.org/projects/obfsproxy.html.en Obfsproxy] was found to evade the DPI boxes. However, the hard-coded bridges in the obfsproxy bundle are blocked so a private obfsproxy bridge is necessary.
    6463 * https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/198-restore-clienthello-semantics.txt
    6564
    6665=== Type of firewall ===
    6766 * The Great Firewall Of China
    68  * Manufacturer: XXX
     67 * Manufacturer: China
    6968
     69----
     70== Ethiopia (#6045) ==
    7071
    71 '''Ethiopia (#6045)'''
     72=== Summary of the current situation ===
     73DPI boxes look for Tor TLS server hellos sent by relays or bridges to Tor clients. If such a packet is found, it is dropped. The DPI boxes seem to operate in-band and stateless.
    7274
    73 Type of Tor censorship:
    74       - DPI: #6045
    75         - Fingerprint: Multiple strings in the Tor ServerHello TLS record (#6045)
     75=== First witnessed ===
     76The block became known at May 22, 2012. According to the [https://metrics.torproject.org/users.html?graph=direct-users&start=2012-03-18&end=2012-06-16&country=et&dpi=72#direct-users metrics page], the block might have started several days earlier. A [https://blog.torproject.org/blog/ethiopia-introduces-deep-packet-inspection blog post] was published at May 31st.
    7677
    77 Types of non-Tor censorship:
    78 XXX (skype is illegal etc.)
     78=== Last witnessed ===
     79The block is still ongoing.
    7980
    80 Ways to bypass censorship:
    81 XXX
     81=== Type of Tor censorship ===
     82 * '''Deep packet inspection''': #6045
     83  * '''Fingerprint''': Multiple strings in the Tor TLS server hello record (#6045)
    8284
    83 Type of firewall:
    84 XXX
     85=== Types of non-Tor censorship ===
     86 * [http://stream.aljazeera.com/story/ethiopia-skype-me-maybe-0022243 Skype is illegal]
     87
     88=== Ways to bypass censorship ===
     89 * Bridges were patched to pick the cipher `TLS_DHE_RSA_WITH_AES_128_CBC_SHA` instead of `TLS_DHE_RSA_WITH_AES_256_CBC_SHA`. This was sufficient to evade the DPI boxes. Three patched bridges were published in a [https://blog.torproject.org/blog/update-censorship-ethiopia blog post].
     90 * [https://www.torproject.org/projects/obfsproxy.html.en Obfsproxy] probably evades the DPI boxes too.
     91
     92=== Type of firewall ===
     93 * '''Manufactorer''': Not sure yet. ZTE?
    8594
    8695'''Kazakhstan (#6140)'''