Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #7141

Closed (moved)
Open
Opened Oct 18, 2012 by Philipp Winter@phw

How is Iran blocking Tor?

Note that currently it looks like there might be more than just one filtering technique in place. The following was the initial report describing one possible filtering technique and this comment describes another technique.


Some users reported that the Iranian ISP "Pars Online" is (partially?) blocking Tor.

One user looked into it and believes that Tor is identified based on the server_name extension in the TLS client hello. It looks like DPI boxes extract the domain and do a DNS lookup for it. If the domain resolves and the relay/bridge is listening on port 443, the connection passes. Apparently, an omitted server_name or a server_name rewritten to www.google.com passed the filter.

Obfsproxy seems to work.

Some open questions:

  • Can we reproduce and verify the existing hypothesis?
  • Is this an attempt to only allow HTTPS and no other SSL/TLS-based protocols? Or is it targeting only Tor?
  • Can we modify brdgrd to evade the server_name extraction?
  • Is this type of block limited to Pars Online?
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#7141