
Learning more about the GFW's active probing system - mmastrac
https://blog.torproject.org/blog/learning-more-about-gfws-active-probing-system
======
est
> Is the GFW using dedicated machines behind their thousands of probing IP
> addresses? Does the GFW even "own" all these IP addresses? Rumour had it
> that the GFW was hijacking IP addresses for a short period of time, but
> there was no conclusive proof

There should be more research about this. Does GFW have the capability to
spoof any IP address for a TCP connection?

~~~
phw
We have a discussion on this in Section 5.6 of our paper:
[https://nymity.ch/active-probing/imc2015.pdf](https://nymity.ch/active-
probing/imc2015.pdf)

By "hijacking" we mean that an entity in the network is "borrowing" IP
addresses meant for Internet users for ~20 minutes of probing activity. That's
not the same as IP spoofing, i.e., simply sending IP packets with a spoofed
source address.

~~~
est
> The key enhancement of these successor protocols is that they require the
> client, in its initial mes- sage, to prove knowledge of a server-specific
> secret (trans- mitted out of band)

This is great idea, we can make a half-duplex bridge, users inside the GFW
need access to at least two ISPs. One ISP for uplink, one ISP for downlink,
since GFW can only observe traffic on the national border, not between
internal domestic ISPs, it can not establish full state of the connection.

We call it triangular networking instead of statefull peer-connected network.

