Hi,
I have a DPI box that I use to test pluggable transports with. I also test
other circumvention tools against it just to see how good it is. Manufacturer
is Cyberoam. About 6 or 8 weeks ago, Cyberoam released a DPI engine update
that could filter normal Tor and the following pluggable transports:
OBFS3
OBFS4
Scramblesuit
About a week ago, Cyberoam released another update to its application filter.
This update allows it to filter all Meek connections without doing a man in the
middle on the TLS or anything. When I try to load www.google.com
<http://www.google.com/>, it loads fine in a normal Firefox. When I use Meek,
it fails and the Cyberoam logs a Tor Proxy attempt. The only transport that
still works is FTE. I was talking with Arma on the Tor IRC channel a wile ago,
and he suggested that I use Tcpreplay and send in a copy of what Cyberoam is
fingerprinting. I will have to wait a wile until I do this, because the school
year hasn’t ended yet. I’m sending out this message to alert Tor users of the
new threat and also to see what some solutions may be, E.G new transports in
the works.
Thanks, and stay safe.
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
