-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello everyone,
I am currently running two RIPE Atlas probes [0] and had accumulated some points to use their measurement API, so I set up a measurement to check the SSL Certificate of torproject.org from as many countries as possible to detect MITM attacks on the website (mostly from state actors). I also requested the DNS A-Record for torproject.org (to check for falsified DNS records). The results are preliminary, as a bunch of probes were completely unable to connect to torproject.org (possibly due to censorship, possibly due to bad luck in the selection of probes), but a few interesting things surfaced so far: First off, chinas results are actually quite interesting. A bunch of probes got the correct certificate, one got a certificate signed by apac.proxy.dsv.com, and a bunch of probes got no result at all (probably being blocked). I'd have expected some sort of MITM or just plain old blocking from China, but at least the SSL certificate seems to be retrievable in many cases. Then, there are some US-american probes that are returning an SSL-Certificate for *.opendns.com instead of the correct result. I have no idea what's going on there, but as opendns is a sponsor of the RIPE atlas, it may be that they are hosting a bunch of probes behind a SSL-terminating firewall for some reason. Still, if someone wants to look into it, it may be interesting. The results for the global SSL Measurements can be found at [1] and [2], the one specific to china at [3]. Be careful when opening them in your browser, as they contain large json-formatted strings, so you may want to wget or curl them instead. Note that "no result" does not necessarily mean that torproject.org is filtered, as the Atlas API allows to schedule requests for offline probes, which will then fail in this way. As for the DNS survey, I have not had a chance to properly parse the results yet, but you can download them at [4] (again, large JSON ahead). Now for the real purpose of this mail: Has someone from the Tor Project considered using the RIPE Atlas API to schedule these measurements (a daily measurement ought to be enough) and automatically parse the results to check for MITM, Censorship, and maybe just plain old bad routing? The necessary API credits are easily earned by hosting a single probe [5], or maybe someone is a member of the RIPE NCC anyway, in which case he / she has basically unlimited credits [6] anyway. If someone wants to play around with the API without hosting a probe, get in touch and I'll transfer you a bunch of credits (you'll have to have an account with the RIPE NCC and have to be willing to disclose the associated eMail address to me, as I need it for the transfer). Feel free to use the data from the measurements and find more interesting things in them, I'm curious what you can find. Max [0] https://atlas.ripe.net [1] https://atlas.ripe.net/api/v1/measurement/1443162/result/ [2] https://atlas.ripe.net/api/v1/measurement/1443266/result/ [3] https://atlas.ripe.net/api/v1/measurement/1443369/result/ [4] https://atlas.ripe.net/api/v1/measurement/1443161/result/ [5] https://atlas.ripe.net/get-involved/become-a-host/ [6] https://atlas.ripe.net/get-involved/members/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTA1o8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJeh4gQAI1wlaq9rtG15GfI1vr7wb7p 5VIpQwyL9RCVd0V83VhzNSiOSK/4pEVB6Xv9YPpq/cSjlmOjsjl2+dx/8Xab4o7I 2IYiCbs3ozlRqNVOIccGJPbsIFIpsVGPbiH6rU/86xDV3FXym3aaYKemm8OVetNk VK3xrzQYXvYrkqy1Z2q2KwEZRYPCJ+UBBfsDa7qiel1/1mvWA/NLmyFKGuYV0Y+W xnvuyUV1iD3sVKm71ARs1dlX/aiWZhleIGVtBsdygibBvromIM11dVX80PrLXU9Q L86nx2NslUgymmuXE+20fMJwjRmCR0OxtjTwPkHIKzOuA9Gkiwa8wFuYWdZZgW2M UTvfpC/65h52iFKa387DX7P3QUNYMk5exnrP1yxlw0mIzvJITM/yH4Ig3K/8Sq78 2PtcdXYFDIcyWcdlg0mm+d1ZkDmlUco9NZu05hjHgkefzgrt+ofKClpCC9GO5w/6 QFDcKvxtTVba+85ml3xtQvL8zLJMtkjqgk2ezw4TjXsi1gQN1O+KQFmTqWX6OCv8 /Jast91/Tn4JjlT6OK131E76PL3AcOnDy/13ANOiPlJJUvPpThgT5bTJmGHIOjh1 KVl8woKDWPCF5eZ+qZgMvmgbXFLcZaiHRHDSwJLhrudrbuqIZHTzpPJwtueeDbFh 9Y2OQYxLMx7WX0kzvi3V =myeI -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
