On Thu, Sep 7, 2017 at 7:48 PM, Andreas Krey <a.k...@gmx.de> wrote: > On Thu, 07 Sep 2017 13:32:35 +0000, Roman Mamedov wrote: > > Hello, > > > > Has anyone considered making a Tor bridge protocol with ICMP as > transport? > > Probably. > > > Or tunneling over DNS? > > Same. Basically, you just need any bridge and a means to tunnel ssh, > and the you can 'ssh -L port:bridgeip:bridgeport', and configure > tor to use the bridge at localhost:port. This will work as long > as not too many people do it. >
In principle, yes. In practice, not so much. SSH to and from China can be an absolute pain even for low traffic levels (like, for example, a standard SSH session). Sometimes it's might be deliberate interference, but most of the time it's a case of combining the headaches of TCP-over-TCP with a massively busy (and underpowered for the traffic) system like the GFW. Things like sshuttle (https://github.com/apenwarr/sshuttle) help a bit (as it addresses the TCP-over-TCP limitations) but it's still pretty bad transiting the GFW (I do so pretty regularly). > > The problem is that the chinese have enough manpower to > write detectors for any protocol that is widely deployed, > It's worse than that, they also make heavy use of machine learning. So over time the system realises that a lot of data seems to be going out over port 65532 (or whatever) to a specific subnet, so they start taking a much closer look (and in some cases just start blocking/interfering automatically) > or they simply block IPs that they see widely in use for > either kind of tunnels and suspect tor usage. Means, > anything in common use by the tor browser will get blocked. > > The only exception is when the blocking would cause > unacceptable collateral damage as with the meek bridges. > > DNS and ICMP particularly stand out. > > Andreas > > -- > "Totally trivial. Famous last words." > From: Linus Torvalds <torvalds@*.org> > Date: Fri, 22 Jan 2010 07:29:21 -0800 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- Ben Tasker https://www.bentasker.co.uk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
