#20348: cyberoam assists bloody dictatorships. -----------------------------------------+------------------------- Reporter: dcf | Owner: Type: project | Status: closed Priority: Medium | Milestone: Component: Metrics/Censorship analysis | Version: Severity: Normal | Resolution: invalid Keywords: censorship block kz | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------------+-------------------------
Comment (by dcf): Replying to [comment:130 dcf]: > Replying to [comment:128 cypherpunks]: > > How to reliably confirm/deny vendor of censorship box? It can be fortinet, cyberoam, bluecoat, something yet. > > Here is one paper on the subject: > http://conferences.sigcomm.org/imc/2013/papers/imc112s-dalekA.pdf > They do an Internet-wide search (using e.g. [https://www.shodan.io/ Shodan], [https://censys.io/ Censys], or [https://scans.io/ scans.io] data) for known strings. Then they submit new URLs and see whether they get blocked. > > Here's an example of using the technique to identify Netsweeper in Pakistan: > https://citizenlab.org/2013/06/o-pakistan/ Another way to do it is to make a list of what URLs are blocked, and compare them to the blocking categories of each hardware vendor. Of course, this only works if the censors are using the vendor-provided categories. I haven't ever done this kind of experiment myself, but I think some people have. Even if the DPI boxes are transparent, they might expose a web interface over an IP address or something. Even a transparent HTTP proxy will have implementation-specific differences in the way it treats strange HTTP headers, for example. I think there are ways to fingerprint the censorship device if we try. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:138> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs