The IP address of the Azure server you're connecting to.
> How does the selection of the Azure server works ? Randomly ? If i understood 
> well, domain-fronting servers are supposedly located geographically close to 
> the origin of the browser request. Could it be that TBB selects an Azure 
> server that could be hosted in a country considered hostile to the regime of 
> the Internet user ? If so, couldn't that be compromising ?

In the case of meek-azure the firewall would also see that you supposedly want 
to connect to
"ajax.aspnetcdn.com", which is a common domain used by websites that are hosted 
on Azure.
> What firewall are we talking about ? The one that sits on the Azure server or 
> the one of the gvt with the DPI ?


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, October 3, 2018 1:36 PM, Jonathan Marquardt <m...@parckwart.de> 
wrote:

> On Wed, Oct 03, 2018 at 12:25:52PM +0000, ithor wrote:
>
> > So a meek request is sent in clear-text. What exact information is given ?
> > The exact ip address of the Azure server, its geolocation ?
>
> The IP address of the Azure server you're connecting to. In the case of
> meek-azure the firewall would also see that you supposedly want to connect to
> "ajax.aspnetcdn.com", which is a common domain used by websites that are
> hosted on Azure. The domain delivers some JavaScript code and whatnot. So you
> should just look like a harmless web browser surfing the web on first sight.
>
> > Could the DPI find out that this is being used for bootstrapping Tor ?
>
> Perhaps with some clever traffic correlation or timing attacks, but not so
> easily.
>
> To also answer your question from the other mail in the thread: With encrypted
> SNI, the firewall couldn't even see the fake destination (ajax.aspnetcdn.com)
> your meek client sends.
>
> This might be interesting in the future, but isn't in use with meek yet. For
> more info on that topic, have a look at this thread:
> https://lists.torproject.org/pipermail/tor-dev/2018-September/013452.html
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3
> https://www.parckwart.de/pgp_key


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to