On Sun, May 05, 2013 at 04:18:56PM +0300, George Kadianakis wrote:
tor-admin tor-admin@torland.me writes:
On Sunday 05 May 2013 14:50:51 George Kadianakis wrote:
It would be interesting to learn which ports they currently whitelist, except from the usual HTTP/HTTPS.
I also wonder if they just block based on TCP port, or whether they also have DPI heuristics.
On the Tor side, it seems like we should start looking into #7875: https://trac.torproject.org/projects/tor/ticket/7875 _______________________________________________
I am wondering if here is there a way for a user to ask bridgedb for a bridge with a specific port? _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
If I remember correctly BridgeDB tries (in a best-effort manner) to give users bridges that are listening on port 443. Obfuscated bridges that bind on 443 are not very common (because of #7875) so I guess that not many obfuscated bridges on 443 are given out.
In any case, I don't think that a user can explicitly ask BridgeDB for a bridge on a specific port, but this might be a useful feature request (especially if this "filtering based on TCP port" tactic continues).
This may be a good feature to have, in general, but it does not sound like this will solve the current problem in Iran. The last report says they're whitelisting ports *and* protocols[1]. So even if a user attempts to use obfs3 on port 443 it'll likely be blocked because obfs3 is not a look-like-https protocol. If we had a PT that encapsulated obfs3 inside the body of http then this may work. CDA also says SSL/TLS connections are throttled to 5% of the normal speed [2], so that's no fun either.
[1] https://twitter.com/CDA/status/331006059923795968 [2] https://twitter.com/CDA/status/331040305648369664