#20348: Kazakhstan blocking of vanilla Tor and obfs4 by Allot Communications hardware, 2016-06 -----------------------------------------+-------------------------- Reporter: dcf | Owner: Type: project | Status: reopened Priority: Medium | Milestone: Component: Metrics/Censorship analysis | Version: Severity: Normal | Resolution: Keywords: censorship block kz | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------------+--------------------------
Comment (by dcf): == Summary of information about Allot Communications == kzblocked found some evidence that at least part of the Kazakh firewall is provided by [https://en.wikipedia.org/wiki/Allot_Communications Allot Communications], which seems to be some firewall/DPI vendor. As I understand it, the main evidence that Allot hardware is in use is comment:177, import applications (I think that's what they are) dated 2014-11-07 that show `АО "Казахтелеком"` ([https://en.wikipedia.org/wiki /Joint-stock_company JSC] Kazakhtelekom) asking to import equipment from `"Allot Communications LTD"` in Israel. * [http://www.rep.nca.kz/index.php?mode=r3&SERT=4%D2%D1.KZ.1900193.21.01.02407 4ТС.KZ.1900193.21.01.02407] (https://archive.is/UXbwA): 1 × [https://www.allot.com/products/platforms/service-gateway/#1461143657367 -91864faf-6cb8 SG-Sigma E6] * [http://www.rep.nca.kz/index.php?mode=r3&SERT=4%D2%D1.KZ.1900193.21.01.02408 4ТС.KZ.1900193.21.01.02408] (https://archive.is/1vSE6): 3 × [https://www.allot.com/products/platforms/service-gateway/#1461143538377 -8005dcec-ef24 SG-Tera 14] * [http://www.rep.nca.kz/index.php?mode=r3&SERT=4%D2%D1.KZ.1900193.21.01.02409 4ТС.KZ.1900193.21.01.02409] (https://archive.is/UdfAf): 2 × [https://www.allot.com/products/platforms/service-gateway/#1461143538377 -8005dcec-ef24 SG-Tera 14]: * [http://www.rep.nca.kz/index.php?mode=r3&SERT=4%D2%D1.KZ.1900193.21.01.02410 4ТС.KZ.1900193.21.01.02410] (https://archive.is/2p3Sa): 2 × [https://www.allot.com/products/platforms/service-gateway/#1461143538377 -8005dcec-ef24 SG-Tera 14] The other piece is from comment:175, in which a past 0.2090000.ru blockpage, which [[comment:161|we previously found]] to have the same HTTP signature as a Kazakhstan block page, explicitly said "Allot" on it. They call their DPI tech [https://www.allot.com/technology/dart-dpi/ "DART"]. It's unclear how much is their own and how much is integration of other companies' such as Sophos and Kaspersky. Their page of [https://www.allot.com/products/platforms/supported- protocols/#1460974307058-a61550f0-8196 supported protocols] (https://archive.is/AuA8b) explicitly mentions Tor, ScrambleSuit, obfs4, and meek, among others: > === June 13, 2016 === > Private VPN services provided by the Tor project are used by millions the world over, including IT professionals, law enforcement, journalists, bloggers, business execs, researchers and everyday users who want to protect their privacy. A number of applications, like bridges and pluggable transports have sprouted up around Tor to improve the privacy and the experience. Some Tor browsers provide bridges by default. And if not, these tools can be downloaded at any time. A bridge is a tool that makes Tor traffic look like any other traffic, such that censors and other monitors do not identify it as Tor per se. In Allot’s latest DART Protocol Pack, we refined our signature for the Tor obfs4 safe transport, to assure accruate identification of this kind of traffic on your network: > * Tor Obfs4 > === April 4th, 2016 === > Online anonymity is often viewed as counter-productive and there is a vigorous and ongoing debate regarding the unprecedented anonymity enabled by the Internet. The creators of the Tor project are understandably pro- anonymity, arguing in favor of the many positive and productive uses of TOR by all kinds of people, including IT professionals, law enforcement, journalists, bloggers, business execs, researchers and everyday users who want to protect their privacy. In Allot’s latest DART Protocol Pack we revisited and refined these TOR transport protocols to assure accurate detection of their use: > * TOR ScrambleSuit (pluggable proxy transport protocol) > * TOR Obfs4 (TCP obfuscation layer) > * TOR > === February 2nd, 2016 === > TOR is popular anonymizer application that uses the “onion router.” Onion Router is a website that takes requests for web-pages and routes them through other onion router nodes, until your requested page reaches you. Onion routers encrypt the traffic which means no one can see what you’re asking for, and the layers of the onion don’t know who they’re working for. In Allot’s latest DART Protocol Pack we added signatures that identify these TOR transport protocols that use the Onion Router network: > * TOR ScrambleSuit (pluggable proxy transport protocol) > * TOR Obfs4 (TCP obfuscation layer) > === April 27th, 2015 === > In recent weeks we announced the new anonymizer applications that were added to Allot’s signature library. This week we focused on updating and refining existing DART signatures for these popular VPN and encryption protocols: > * TOR (default mode, 3 available bridge modes, CDN meek) > * Psiphon > === January 26th, 2015 === > Allot’s latest DART Protocol Pack helps you identify traffic from users of the Psiphon circumvention system, which has becoming a popular way to bypass content-filtering systems in order to access sites that have been blocked due to geographical or regulatory restrictions. It’s also used to add a layer of identity protection. In this pack, we refined the Psiphon signature to cover all operation modes, including SSH, SSH+ and VPN. We also added two new Psiphon signatures for identifying traffic to and from: > * Psiphon Proxy Server > * Psiphon CDN (Meek mode) Allot's LinkedIn pages are what you would expect from a DPI firm, and one mentions Tor and domain fronting: * https://www.linkedin.com/in/anton-nosikovsky-2798a218 (https://archive.is/H42Rm) > DPI Researcher and Algorithms Developer at Allot Communications > Deep Packet Inspection professional, Network Protocols Research Expert > Data mining (Extraction and Analysis), Reverse Engineering Network Protocols > Analysis of encrypted services (VPNs, anonymizers, domain fronting etc.) > Protocol research experience: BitTorrent, Skype, TOR, Psiphon, Ultrasurf, Freegate, Network Games, Video game consoles etc. * https://www.linkedin.com/in/liran-keren-334688111 (https://archive.is/AUTz8) > DPI researcher at Allot Communications * https://www.linkedin.com/in/tanya-goldenfeld-81bba317 (https://archive.is/GdWzV) > DPI researcher at Allot Communications * https://www.linkedin.com/in/yuliashnaiderheimlich (https://archive.is/O1obQ) > DPI Researcher at Allot Communications > Research methodology and algorithm development for deep packet inspection * https://www.linkedin.com/in/meidan-kronenfeld-a82516109 (https://archive.is/R8qzx) > Senior DPI Researcher at Allot Communications * https://www.linkedin.com/in/gustavo-goldenstein-6701795 (https://archive.is/Ta5Ae) > SE, DPI Researcher and Algorithms Developer at Allot Communications * https://www.linkedin.com/in/noa-tal-62b08a105 (https://archive.is/VRRKk) > Automation Leader - DPI team at Allot Communications > Responsibility over three major DPI projects: Device identification, Video analysis and Browsing-Application differentiation. * https://www.linkedin.com/in/alexey-minevich-75969814 (https://archive.is/Y7xu9) > Team Leader, DPI, R&D , Allot Communications > Data Extraction and Analysis, Network Protocols Research Expert, Deep Packet Inspection professional Interestingly, Allot has been in trouble before for selling censorship hardware to Iran: * https://en.wikipedia.org/wiki/Allot_Communications#Controversy > In 2011, reports alleged that Allot had been illegally selling equipment to Iran. However, in January 2012 Allot was cleared by the Ministry of Defense of any wrongdoing. * [https://web.archive.org/web/20160516013255/http://www.haaretz.com /israel-news/report-israeli-company-sold-surveillance-equipment-to- iran-1.403107 Haaretz: Israeli Company Sold Surveillance Equipment to Iran] * [https://web.archive.org/web/20150712191941/http://www.bloomberg.com/news/articles/2011-12-23 /israel-didn-t-know-high-tech-gear-was-sent-to-iran-via-denmark Bloomberg: Israel Didn’t Know Tech Gear Was Sent to Iran Via Denmark] * [https://web.archive.org/web/20140314035640/http://www.globes.co.il/en/article-1000718874 globes.co.il: Defense Ministry closes probe into Allot's alleged Iran sales] -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20348#comment:184> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs