subject:"\[tor\-bugs\] #30368 \[Obfuscation\/Snowflake\]\: Run some tests to check reachability of snowflake proxies"

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-09 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cohosh):

 Attached an updated reachability graph.

 There are some very long periods of time where snowflake-bridge is
 unreachable, and it's strange that snowflake-proxy-3 seems to be
 unreachable this entire time.

 > I know that anything past 10% means the IP of the proxy was reachable,
 but mentally I'm not quite thinking of a less than complete bootstrap as
 complete "success" because to a user it looks like failure. E.g. in
 comment:16:ticket:30350 the user got to 75% after 13 seconds but then no
 further progress.
 That's fair. I had to set the circuit timeout really low in order to
 prevent the snowflake client from trying to reconnect to another snowflake
 after 30 seconds which would mess with our test results the way I've set
 them up now. I think the ones that actually got to 75% would have gotten
 to 100% in a few more seconds, but maybe that doesn't matter because it's
 taking so long anyway.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-09 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by cohosh):

 * Attachment "snowflake-reachability-2019-05-09.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-08 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by dcf):

 Replying to [comment:6 cohosh]:
 > Hm, fwiw, when I was doing manual checks around the time the ticket was
 filed the snowflake.bamsoftware.com proxy-go instances were reliable and
 reachable from the US but definitely not from the VPS in China. At the
 same time, the additional proxy-go instances I set up on another server
 was definitely reachable from both places.

 I believe you. That's good evidence that there ''is'' some sort of
 targeted blocking. It seems to be less severe, at least, since May 3
 according to the tests. We don't have tests from beforehand to know
 whether it used to be equally unreliable.

 > What do you mean by success rate here? The other proxy I set up is
 reachable 100% of the time (in that it bootstraps past the 10% that all
 snowflake connections automatically bootstrap to).

 I know that anything past 10% means the IP of the proxy was reachable, but
 mentally I'm not quite thinking of a less than complete bootstrap as
 complete "success" because to a user it looks like failure. E.g. in
 comment:16:ticket:30350 the user got to 75% after 13 seconds but then no
 further progress. So I'm thinking of it in kind of a "works/doesn't work"
 way, and in that way, snowflake-bridge and snowflake-cohosh seem to have
 roughly equal utility according to the data so far. While we know that the
 GFW sometimes fails open and allows access to blocked IP addresses, this
 doesn't look like that because the success rate is too high.

 Or maybe there really ''is'' some kind of protocol detection happening,
 once the WebRTC DataChannel is connected, and it's not simple IP blocking.
 That would be consistent with the evidence. I would not expect it as a
 first step of blocking, but certainly my intuition has been wrong before.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-08 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cohosh):

 Replying to [comment:5 dcf]:
 > Replying to [comment:4 cohosh]:
 > > snowflake-bridge is the location of our fallback standalone proxy-go
 instances that we know have been blocked. It's interesting that blocking
 of this proxy comes and goes.
 >
 > Yeah. A >50% success rate, a rate that matches that of the other proxy
 you set up, doesn't look like IP blocking. Possibly not even blocking at
 all. It could be that in #30350 the reporter just experienced Snowflake
 not working very well yet, and wrongly interpreted it as the result of
 blocking. I know that I've never been able to use Snowflake for more than
 an hour or so because it always quits working--I suspected #25429 but
 never tracked it down, and of course there have been plenty of other bugs.
 Hm, fwiw, when I was doing manual checks around the time the ticket was
 filed the snowflake.bamsoftware.com proxy-go instances were reliable and
 reachable from the US but definitely not from the VPS in China. At the
 same time, the additional proxy-go instances I set up on another server
 was definitely reachable from both places.

 What do you mean by success rate here? The other proxy I set up is
 reachable 100% of the time (in that it bootstraps past the 10% that all
 snowflake connections automatically bootstrap to).

 I think there's more going on here than just the usual snowflake bugs, but
 I think #25429 will go a long way to mitigate the impact of whatever is
 going on.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-07 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by dcf):

 Replying to [comment:4 cohosh]:
 > snowflake-bridge is the location of our fallback standalone proxy-go
 instances that we know have been blocked. It's interesting that blocking
 of this proxy comes and goes.

 Yeah. A >50% success rate, a rate that matches that of the other proxy you
 set up, doesn't look like IP blocking. Possibly not even blocking at all.
 It could be that in #30350 the reporter just experienced Snowflake not
 working very well yet, and wrongly interpreted it as the result of
 blocking. I know that I've never been able to use Snowflake for more than
 an hour or so because it always quits working--I suspected #25429 but
 never tracked it down, and of course there have been plenty of other bugs.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-06 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by cohosh):

 * Attachment "snowflake-reachability-2019-05-06.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-06 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--
Changes (by cohosh):

 * Attachment "snowflake-reachability-2019-05-06.pdf" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-06 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cohosh):

 Added a plot of snowflake reachability from the VPS in China.

 Connections at or above the green line (at bootstrap = 11%) indicate that
 the snowflake proxy IP address was reachable. Connections below the green
 line indicate they were blocked. As mentioned above, the timeout for
 bootstrapping is set very low (90s) so not all connections through a
 reachable proxy were able to bootstrap fully.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-03 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cohosh):

 Here's a branch that does probing of snowflake proxies:
 https://github.com/cohosh/bridgetest/tree/snowflake

 Some notes:
 - we make 10 tries to connect through snowflake per probe period. This is
 to ensure we get a reasonable selection of the available proxies. There's
 no guarantee we'll get all of them but this seems like a good number of
 tries for now
 - I cut the Tor connection timeout down to 90 seconds from 180. This is
 because once one proxy hits the 30 second timeout (as described in
 #25429), it will attempt to find another snowflake. However, we only want
 to measure the bootstrap progress for one snowflake at a time. On the
 other hand, this means that in cases where the proxy is reachable, we
 sometimes only see a bootstrap up to 25% or 50% because we didn't give it
 enough time to complete.
 - Snowflake doesn't log the IP address of the snowflake proxies it
 connects to (since #21304) so we have to do a tcpdump and then analysis to
 see which proxy we actually got.

 I'll post some graphs here once we have more data.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

2019-05-02 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

Comment (by cohosh):

 Interestingly, the server that runs the standalone proxies is still TCP
 reachable from the VPS in China. I can telnet into ports 22, 80, and 443.

 For these tests I think we'll have to go the full bootstrapping route and
 send actual STUN traffic to the proxies.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies (was: Run some tests to check reachability of snowflake proxies in China)

2019-05-02 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal | Resolution:
 Keywords: |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+--

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies in China

2019-05-02 Thread Tor Bug Tracker & Wiki

#30368: Run some tests to check reachability of snowflake proxies in China
---+--
 Reporter:  cohosh |  Owner:  cohosh
 Type:  task   | Status:  assigned
 Priority:  Medium |  Milestone:
Component:  Obfuscation/Snowflake  |Version:
 Severity:  Normal |   Keywords:
Actual Points: |  Parent ID:
   Points: |   Reviewer:
  Sponsor: |
---+--
 Our standalone proxies were recently blocked in China: #30350

 We should start running some probe tests like we are for obfs4 to see
 whether this blocking was a one-off event and detect blocking of new proxy
 instances.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies

Re: [tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies (was: Run some tests to check reachability of snowflake proxies in China)

[tor-bugs] #30368 [Obfuscation/Snowflake]: Run some tests to check reachability of snowflake proxies in China

12 matches

Site Navigation

Mail list logo

Footer information