wiki:org/teams/AntiCensorshipTeam/InfrastructureMonitoring

Infrastructure monitoring

We are monitoring anti-censorship related services and machines with sysmon:

  • BridgeDB
    • bridges.torproject.org:25/TCP
    • bridges.torproject.org:443/TCP
      • The test checks if the string "BridgeDB" is part of the web page.
    • bridges.torproject.org/scan/:443/TCP
      • The test checks if the string "TCP reachability test" is part of the web page.
  • Default Tor Browser bridges
  • GetTor
    • gettor.torproject.org:443/TCP
      • The test checks if the string "GetTor" is part of the web page.
    • gettor.torproject.org:25/TCP
  • Snowflake
    • snowflake-broker.bamsoftware.com:443/TCP
    • snowflake.bamsoftware.com:443/TCP
    • snowflake.torproject.org:443/TCP
      • The test checks if the string "Snowflake" is part of the web page.

Sysmon runs checks every five minutes, and updates DNS records every ten minutes. If a check fails twice (e.g., a service is offline for more than five minutes), we get an alert. Our sysmon instance currently does not have IPv6 capabilities.

Warning: gman999 and phw noticed that sysmon doesn't seem to follow HTTP 301 redirects, so all tests that rely on the urltext directive may be broken.

Last modified 3 weeks ago Last modified on Jun 5, 2019, 10:03:35 PM