TY - GEN
T1 - Examining how the great firewall discovers hidden circumvention servers
AU - Ensafi, Roya
AU - Fifield, David
AU - Winter, Philipp
AU - Feamster, Nick
AU - Weaver, Nicholas
AU - Paxson, Vern
PY - 2015/10/28
Y1 - 2015/10/28
N2 - Recently, the operators of the national censorship infrastructure of China began to employ "active probing" to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor. We draw upon multiple forms of measurements, some spanning years, to illuminate the nature of this probing. We identify the different types of probing, develop fingerprinting techniques to infer the physical structure of the system, localize the sensors that trigger probing - showing that they differ from the "Great Firewall" infrastructure - and assess probing's efficacy in blocking different versions of Tor. We conclude with a discussion of the implications for designing circumvention servers that resist such probing mechanisms.
AB - Recently, the operators of the national censorship infrastructure of China began to employ "active probing" to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor. We draw upon multiple forms of measurements, some spanning years, to illuminate the nature of this probing. We identify the different types of probing, develop fingerprinting techniques to infer the physical structure of the system, localize the sensors that trigger probing - showing that they differ from the "Great Firewall" infrastructure - and assess probing's efficacy in blocking different versions of Tor. We conclude with a discussion of the implications for designing circumvention servers that resist such probing mechanisms.
KW - Active probing
KW - Censorship circumvention
KW - Deep packet inspection
KW - Great firewall of China
KW - Tor
UR - http://www.scopus.com/inward/record.url?scp=84954171478&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954171478&partnerID=8YFLogxK
U2 - 10.1145/2815675.2815690
DO - 10.1145/2815675.2815690
M3 - Conference contribution
AN - SCOPUS:84954171478
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 445
EP - 458
BT - IMC 2015 - Proceedings of the 2015 ACM Internet Measurement Conference
PB - Association for Computing Machinery
T2 - ACM Internet Measurement Conference, IMC 2015
Y2 - 28 October 2015 through 30 October 2015
ER -