[guardian-dev] Fwd: [tor-talk] Better testing through filternets
seamus tuohy
stuohy at internews.org
Thu Sep 11 09:57:18 EDT 2014
Hey Nathan,
We are working on a very similar topic over here at Internews.
We are looking to use it in trainings to give users a realistic
censorship environment to work against, and possibly use it to improve
testing of censorship-resilient tools.
It looks like we are going to go for a more powerful embedded device so
that we can handle a decent sized training.
I have just started playing with nDPI http://www.ntop.org/products/ndpi/
(a descendant of OpenDPI) as a netfilter plugin
https://github.com/lefoyer/ndpi-netfilter so that I can do most of the
work in iptables. nDPI already has a detector for Tor, which was a major
factor in choosing it.
Best,
s2e
seamus tuohy | Technology Advisor - Internet Initiatives
stuohy at internews.org
Skype/XMPP on request
PGP: D0DB 168D E70B E627 CFEA 63C3 0F62 4C0A DA72 5695
MiniLock: 2G3JmRWRYB3B7rthZqkzomcRe8GwJvPtSooA748XMsTBdf
INTERNEWS | Local Voices. Global Change.
www.internews.org | @internews
On 09/02/2014 11:41 AM, Nathan of Guardian wrote:
> -------- Forwarded Message --------
> Subject: [tor-talk] Better testing through filternets
> Date: Tue, 02 Sep 2014 11:40:01 -0400
> From: Nathan Freitas <nathan at freitas.net>
> Reply-To: tor-talk at lists.torproject.org
> To: tor-talk at lists.torproject.org
>
>
> I am working on improving our ability to do more thorough and
> standardized testing of Orbot, etc. As part of this, I am trying to
> come up with a simple filternet configuration based on OpenWRT, running
> on a TP Link MR3020.
>
> Currently, I have this working:
>
> - Use Dnsmasq to block high profile target domains (torproject.org,
> google, facebook, twitter, whatsapp, etc)
> - Block all HTTPS traffic (port 443)
>
> This simulates most of the common DNS poisoning and port blocking types
> attacks, though Tor can still easily connect at this point.
>
> I would like the ability to simulate a more severe environment, where
> for instance, Tor itself is targeted, and bridges are required. Any
> thoughts or experience doing this?
>
> - Block IPs/domains for known Tor Authority nodes
>
> - block based on Tor protocol characteristics: ssl certs, common ports, etc
>
> Thanks for any feedback, pointers, links, etc.
>
> +n
>
>
More information about the Guardian-dev
mailing list