Delivery-Date: Mon, 08 Feb 2016 18:02:19 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7DF3B1E03B5;
	Mon,  8 Feb 2016 18:02:17 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 85BFA393D0;
	Mon,  8 Feb 2016 23:02:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 11F94393B4
 for <tor-talk@lists.torproject.org>; Mon,  8 Feb 2016 23:02:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bGSnpwJNaPJX for <tor-talk@lists.torproject.org>;
 Mon,  8 Feb 2016 23:02:10 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00::f03c:91ff:fe96:a467])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id EE123393B2
 for <tor-talk@lists.torproject.org>; Mon,  8 Feb 2016 23:02:09 +0000 (UTC)
Received: from dhcp-153-76.eecs.berkeley.edu ([128.32.153.76] helo=localhost)
 by melchior.bamsoftware.com with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84)
 (envelope-from <david@bamsoftware.com>) id 1aSuop-00071v-44
 for tor-talk@lists.torproject.org; Mon, 08 Feb 2016 16:02:07 -0700
Date: Mon, 8 Feb 2016 15:02:03 -0800
From: David Fifield <david@bamsoftware.com>
To: tor-talk@lists.torproject.org
Message-ID: <20160208230203.GH9697@happy.bamsoftware.com>
Mail-Followup-To: tor-talk@lists.torproject.org
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: [tor-talk] meek-azure was blocked in China for about 4 days
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

For about four days (January 29 to February 1, 2016), meek-azure was
blocked in China. The blocking may not have been intended for
meek-azure, and may not have been deliberate blocking, but it had the
effect of blocking the service. It is unblocked again since February 2.

The nature of the event seems to be dropping of HTTPS connections to a
specific Azure CDN edge server, cs3.wpc.v0cdn.net, which at the time had
an IP address of 68.232.45.200. Plain HTTP connections were not
affected. The blocking was not DNS blocking of a specific domain name,
nor was it TLS SNI (Server Name Indication) filtering: all domain names
we tried for the IP address failed equally.

Here you can see a history of the event, based on GreatFire.org
measurements. Click on a calendar square for more details. Red is
blocked and orange/green is unblocked.
        https://en.greatfire.org/https/ajax.aspnetcdn.com

On February 2, the domain name changed to a different IP address,
68.232.45.201. That may be what caused the end of the block. I don't
know whether HTTPS connections to the old IP address are still being
dropped in the same way.

It's a good idea to be prepared in case of events like this. Here are
some links on technical ways to work around certain kinds of meek
blocking. (In this case, changing the front domain would have worked
only if you found a name that resolved to a different IP address.)
https://lists.torproject.org/pipermail/tor-talk/2015-January/036410.html
https://trac.torproject.org/projects/tor/wiki/doc/meek#Howtochangethefrontdomain
https://plus.google.com/109790703964908675921/posts/26zCmDmjYXP
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

