Category: content filtering

Blocking Anonymity – TOR in China

Using TOR in China

There’s loads of places where it’s pretty simple to bypass the blocks and restrictions that Governments put up. In reality a lot of countries have no access to the skills, equipment and in some cases the will to ensure that they really do control access to the internet. For instance in Turkey, there are a lot of sites which are officially blocked like Gay and Lesbian groups ( serious sites not porn) but thousands of people access every day with no problem.

Subscribing to a anonymity service is quite common in many countries, not particularly due to the privacy issues but more because they want to access TV and media sites in other countries. The Geographical blocks that stations like the BBC and Hulu put above are easily circumvented by using a security program like. .   In fact if you speak to these companies you’ll find that 95% of the traffic is related to watching video and not to secure or private browsing.   In Identity Cloaker for example you can turn off the encryption to increase speed which is what many users do. Then people select the proxy server that they need – anything from an Australian proxy or a French, German or British one.

However the simple Geo blocks of the media companies are much worse for many people – for instance in China.  Whilst many countries are as mentioned pretty hopeless at controlling internet access – the techies behind the Great Firewall of China are very switched on indeed.

TOR Access Block

TOR is free software which links to an open network run by it’s users, it’s designed to provide anonymity online and let users bypass blocks and firewalls.   It does have it’s problems mainly based on the open format of it’s network – you relay traffic through other users computers.  As such there are security problems and it can be painfully slow to use.  But it is very difficult to block as you are not reliant on specific servers and there’s no specific IP addresses you can restrict access to.   But the Chinese have reportedly been block TOR users for several months.

So what’s up with Tor in China? The security team at Team Cymru have recently investigated how the Chinese Government was blocking access made to the TOR network.  It’s pretty interesting reading and demonstrates that the Chinese are actively combating the use of Tor through the Great Firewall of China.   Every time a user connected to a one of the Tor Bridges (which relays the connection through the Open network) then probes would be sent out from a Chinese IP address.  The probe was only sent if a connection was made to port 443 (HTTPS) in which an SSL negotiation was performed, any non secure connection did not cause the probe.

The probe was extremely sophisticated and designed specifically to connect with Tor, even able to communicate using the Tor Protocol.  As soon as one  of the probes was received the connection of the original Tor User was blocked by the Chinese Firewall and the connection dropped.

The team Cymru researcher was able to identify how the Tor connection was been identified.  The Tor handshake was located by inspecting inside the packet and locating the specific SSL ciphers used by Tor to establish the handshake.

Pretty heavy stuff,  to utilize this level of Deep Packet Inspection requires very sophisticated technology and obviously teams of people actively researching  how to block anonymity systems like Tor!

You can read the full details of this research conducted by Tim Wilde of Team Cymru here – Great Firewall of China Tor Probing.