Re: [tor-dev] Iran

2013-05-07 Thread Andrea Shepard 
On Sun, May 05, 2013 at 10:40:52AM +, Nima wrote:
 Iran is actively dropping connections to *any* unknown port right after
 *60secs*.
 Pluggable Transport successfully connects to Tor network, Although it
 can not make a circuit in many ISPs including Mobin.
 
 -- 
 Nima
 0x1C92A77B
 
 I disapprove of what you say, but I will defend to the death your right
 to say it --Evelyn Beatrice Hall

Hmmm... what does it behave like during those 60 seconds?  Is it throttled,
or can we get data through by cycling through a series of fresh TCP
connections?

What does it do with UDP packets?  Could a datagram-based protocol defeat
this?  If they're interfering there, what about using TCP-looking packets to
fake it?  I.e., send SYNs with the data we really want to get through in the
body and let them waste resources on their routers tracking connections
that don't even really exist.

-- 
Andrea Shepard
and...@torproject.org
PGP fingerprint: 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5


pgpUmFVkGYq97.pgp
Description: PGP signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Tor Censorship Detector: Can I help?

2013-05-07 Thread George Kadianakis 
Sam Burnett sam.burn...@gatech.edu writes:

 Hi,

 I'd like to help improve the Tor Censorship Detector. I've read some
 background material and think I understand the basics of George Danezis'
 detection algorithm [1, 2].

 Is anyone still working on this? Two tickets from a year ago talk about
 experimenting with various detection algorithms and turning one of them
 into a standalone utility [3, 4]. Has anything happened since then?

 My background: I'm a graduate student at Georgia Tech studying network
 censorship circumvention and measurement. Although I've met Tor
 developers on various occasions, I haven't directly contributed to the
 project; I'd like to change that.


Hi there,

this project has been pretty stale lately indeed.

Some random thoughts:

* George Danezis started designing another censorship anomaly
  detection algorithm, but he never implemented it.

  He did not like how the first detection algorithm triggered multiple
  times after a censorship event was reported (since all subsequent
  days after censorship deviated from the week before and it used a 7
  days delta). Furthermore, he did not like that the algorithm only
  considered clients from a week ago; maybe a day ago would be a
  better model in some cases.

  I think I have an email with his ideas on the new model; I will ask
  George whether I can send it to you.

* IIRC, the current model compares the rate of change of rate of
  clients of a jurisdiction (between t_i and t_{i-1}) with the same
  value in other (stable) jurisdictions.

  This means that the current model only cares about the trends of a
  jurisdiction against the global trends. While this makes sense, it
  might also be useful to compare the current parameters of a
  jurisdiction with past (old) parameters from the same jurisdiction
  (for example, see how the rate of change of rate of number of
  clients of this week compares with that of two months ago).

* You can find daily results of the algorithm here:
  https://lists.torproject.org/pipermail/tor-censorship-events/

  As you can see the signal-to-noise ratio is pretty high. Maybe there
  are heuristics that we could use to weed out useless events?

* If we get better at anomaly detection, it would be fun to use our
  algorithms to find anomalies in various properties of the Tor
  network. For example, finding anomalies on the values of the relay
  flag thresholds might help us detect attacks on the network. Related
  Tor tickets:
  https://trac.torproject.org/projects/tor/ticket/8164
  https://trac.torproject.org/projects/tor/ticket/8151

___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev