Changes between Version 8 and Version 9 of doc/OONI/censorshipwiki

Jun 16, 2012, 6:08:30 PM (8 years ago)

Extended and refactored section about China.


  • doc/OONI/censorshipwiki

    v8 v9  
    3232== DUMP UNDER HERE ==
     35== China (#4744, #4185) ==
     36=== Summary of the current situation ===
    35 '''China (#4744, #4185)'''
     38Most of the time, the directory authorities as well as the public relays are blocked. Besides, the Great Firewall of China is blocking most bridges. This is done by looking for new Tor connection and if a connection is found by the firewall, it tries to scan to the connection destination. It then tries to establish a Tor connection with the destination and if it succeeds, it is blocked. An analysis can be found at: and at .
    37 Type of Tor censorship:
    38       - DPI: #4744
    39         - Fingerprint: The Tor ClientHello cipher list. Possibly more.
    40       - Active probing:
     40=== First witnessed ===
     41The follow-up scanning strategy to block Tor bridges became known in October 2011 (#4185). According to other reports, this type of follow-up scanning might even date back to 2010: .
     43=== Last witnessed ===
     44The block is still ongoing despite blocking outages occurring every now and then.
     46=== Types of Tor censorship ===
     47 * '''Deep packet inspection''': #4744
     48  * '''Fingerprint''': The cipher list inside the TLS client hello sent by the Tor client to the bridge. Possibly, there is more. The cipher list contains 29 ciphers and is 58 bytes long. The raw cipher list can be downloaded from . The tool `tcis` can be used as "bait" to make the Great Firewall of China scan a specific target:
     49 * '''IP blocking''':
     50  * All 8 directory authorities seem to be blocked on the IP layer. They respond neither to TCP, nor to ICMP requests.
     51 * '''IP:port blocking''':
     52  * Public relays as well as bridges are usually blocked by IP:port. Presumably, to limit collateral damage. The block is done by dropping the SYN/ACK segment which is sent by the bridge to the Tor client.
     53 * '''Spoofed RST segments''':
     54  * Spoofed RST segments to terminate TCP connections to bridges have been observed. However, the IP:port blocking seems to be more common.
     55 * '''Active probing''':
     56  * After DPI boxes detected the Tor cipher list, seemingly random machines connect to the suspected bridge and try to start a Tor connection. If this probing succeeds, the bridge is blocked. There is reason to believe, that the IP addresses of these machines is spoofed.
    43 Types of non-Tor censorship:
    44  XXX
     59=== Types of non-Tor censorship ===
     61=== Ways to bypass censorship ===
     62 * The tool `brdgrd` can be run on bridges to split the TLS client hello into two parts and thus evade the DPI boxes. The tool is available at: .
     63 * XXX
    46 Ways to bypass censorship:
    47       - brdgrd (
    48       - XXX
    50 Type of firewall:
    51       - The Great Firewall Of China
    52       - Manufacturer: XXX
     65=== Type of firewall ===
     66 * The Great Firewall Of China
     67 * Manufacturer: XXX