Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,550 --> 00:00:08,280 Tor pluggable transport's and of frustration of traffic if you are stuck behind a firewall or a search 2 00:00:08,280 --> 00:00:18,090 device such as the one here on the diagram that blocks pulls you may need to use relays that are open 3 00:00:18,390 --> 00:00:27,510 on port 80 and 443 or whatever ports are allowed by that device that is blocking you usually port 80 4 00:00:27,510 --> 00:00:32,480 and 443 are allowed as that is web traffic. 5 00:00:33,030 --> 00:00:39,450 And if you want to configure your TOR browser to go through a special port to get through that blocking 6 00:00:39,450 --> 00:00:47,520 device you need to go here Tor network settings and we want to go to this computer goes through a firewall 7 00:00:47,520 --> 00:00:55,890 that only allows connections to certain ports and then you want to specify the ports here and click 8 00:00:55,980 --> 00:00:57,240 OK. 9 00:00:57,270 --> 00:01:02,020 There are less relays that run on specific ports. 10 00:01:02,160 --> 00:01:09,390 So you may have trouble with your network connection if you specify some strange or unusual port but 11 00:01:09,420 --> 00:01:11,710 18:4 4:03 should be OK. 12 00:01:11,850 --> 00:01:14,290 But it may be slower. 13 00:01:14,430 --> 00:01:22,890 Another way that Torres blocks is through deep packet inspection or DP and active network analysis. 14 00:01:22,890 --> 00:01:30,690 This is because it's possible to identify ordinary Tor traffic based on byte patterns that appear in 15 00:01:30,690 --> 00:01:31,500 it. 16 00:01:31,500 --> 00:01:37,390 DPMI is probably Tor's greatest nemesis for blocking Tor. 17 00:01:37,410 --> 00:01:45,360 In fact DPR is the best defense for anyone trying to stop traffic that they don't want a number of countries 18 00:01:45,660 --> 00:01:46,760 are using. 19 00:01:46,870 --> 00:01:53,880 Deepak inspection GPI to classify Internet traffic flows by protocol. 20 00:01:53,880 --> 00:02:03,960 For example in 2011 the Great Firewall of China developed the ability to actively detect Tor Tor users 21 00:02:04,200 --> 00:02:11,060 bridge relays to get around a sensor that blocks known relays IP addresses. 22 00:02:11,060 --> 00:02:20,070 But a sensor that uses deep pack inspection to recognize and filter Tor traffic flows can if they see 23 00:02:20,070 --> 00:02:29,940 the traffic the Tor traffic block the connection standard toll bridges don't solve this problem. 24 00:02:29,970 --> 00:02:37,980 Bought something called pluggable transport's attempt to mitigate the blocking of toll through the packet 25 00:02:37,980 --> 00:02:39,330 inspection. 26 00:02:39,420 --> 00:02:45,660 Transports transformed the Tor traffic flow between the client and the bridge. 27 00:02:45,660 --> 00:02:50,870 If you see here this is what ordinary Tor traffic looks like. 28 00:02:50,880 --> 00:02:55,700 This is what all traffic looks like when it has been put through a pluggable transport. 29 00:02:55,710 --> 00:02:59,320 In this case it's the Avs to pluggable transport. 30 00:02:59,520 --> 00:03:02,650 And this is the AABs three pluggable transport. 31 00:03:02,730 --> 00:03:10,710 The traffic signature or fingerprint is changed from the ordinary Tor traffic to something else based 32 00:03:10,800 --> 00:03:12,460 on the pluggable transport. 33 00:03:12,630 --> 00:03:20,100 This way censors who monitor traffic between the client and the bridge will see innocent looking transform 34 00:03:20,100 --> 00:03:23,500 traffic instead of the actual Tor traffic. 35 00:03:23,790 --> 00:03:30,960 External programs can talk to talk clients and toll bridges using the pluggable transport API to make 36 00:03:30,960 --> 00:03:35,330 it easier to build interoperable programs. 37 00:03:36,210 --> 00:03:43,900 And here are some of luggable transports jobs proxy flash proxy F.T. scrambles Swee me. 38 00:03:44,160 --> 00:03:51,150 Obs for some transports trying to make the traffic look like another protocol and others try to make 39 00:03:51,150 --> 00:04:00,540 it look random and some transports are aimed at evading IP based blocks rather than content based blocks 40 00:04:00,560 --> 00:04:00,960 . 41 00:04:01,290 --> 00:04:03,080 So there's pluggable transport sounds cool. 42 00:04:03,090 --> 00:04:08,520 How do we can figure out browser to use pluggable transport's here. 43 00:04:08,850 --> 00:04:15,380 Tor network settings and select my internet service provider ISP blocks connections to the Tor network 44 00:04:16,680 --> 00:04:25,110 then select connect with provided bridges and there you have your different pluggable transport's the 45 00:04:25,110 --> 00:04:32,340 pluggable transport must be supported by the bridge or relays that you connect to no one transport will 46 00:04:32,340 --> 00:04:33,600 solve the problem. 47 00:04:33,660 --> 00:04:40,410 The transports need to be variable and evolve as detection evolves. 48 00:04:40,410 --> 00:04:48,410 They need to look plausible but extra scrutiny by sensor will likely reveal what it is. 49 00:04:48,510 --> 00:04:52,110 But the idea is to get past the initial scrutiny. 50 00:04:52,110 --> 00:04:58,400 You could set a pluggable transfer on your own bridge and for example if you look here weve got meek 51 00:04:58,400 --> 00:04:58,520 . 52 00:04:58,530 --> 00:05:00,230 Amazon Meeke Google. 53 00:05:00,240 --> 00:05:09,170 If you were to use that this would look like you are connecting to Google and on and or Amazon. 54 00:05:09,210 --> 00:05:17,940 The idea here is that the sensor will find it hard to block the IP address associated with Amazon and 55 00:05:17,940 --> 00:05:25,710 Amazon services because obviously this is used by that company and it will be used for non Tor use as 56 00:05:25,710 --> 00:05:31,830 well which means wholesale blocking of those IP addresses could be a problem for the user community 57 00:05:31,920 --> 00:05:37,730 that the sensor is serving where you can see here is ordinary Tor. 58 00:05:37,920 --> 00:05:43,380 And this is a hex dump of the first thing that our client sends to it. 59 00:05:43,420 --> 00:05:52,140 And you know it's a tier less client hello message as the outer layer of the Tor protocol is in fact 60 00:05:52,170 --> 00:05:53,170 TLR. 61 00:05:53,280 --> 00:05:56,990 Here you can see the safest list in blue. 62 00:05:57,000 --> 00:06:02,910 The server name in green and the T.L. as extensions in this brown color. 63 00:06:02,910 --> 00:06:06,380 This is a de-code from Wireshark. 64 00:06:06,390 --> 00:06:17,580 This does not look the same as say Firefox or chrome connecting to a Web site via Haiti CPS using TLR 65 00:06:17,720 --> 00:06:17,940 . 66 00:06:18,030 --> 00:06:27,360 Which is why deep packet inspection can tell you are using Tor or is one method by which Deepak inspection 67 00:06:27,360 --> 00:06:30,260 can tell that you are using Tor. 68 00:06:30,900 --> 00:06:32,650 And here on the left we can see a client. 69 00:06:32,670 --> 00:06:33,200 Hello. 70 00:06:33,240 --> 00:06:35,810 Using the pulley will transport Meek. 71 00:06:35,910 --> 00:06:43,010 And on the right we can see a client hello of chrome 33 on Mac OSX. 72 00:06:43,110 --> 00:06:51,750 Is trying to pretend to look the same or at least similar enough so that DPMI doesn't flag it as being 73 00:06:51,750 --> 00:06:59,730 a problem as we can see one of the big differences is that Chrome is supporting 20 ciphers suites and 74 00:06:59,730 --> 00:07:01,770 me only 13. 75 00:07:01,830 --> 00:07:06,260 So it's these sort of differences that somebody using the API. 76 00:07:06,390 --> 00:07:12,930 And even with pluggable transports with closer examination they can tell that something is amiss. 77 00:07:13,020 --> 00:07:15,270 It is an OPSEC principle to be on. 78 00:07:15,270 --> 00:07:16,270 Interesting. 79 00:07:16,410 --> 00:07:24,840 And using anonymous bridges with a pro-global transport could make you on interesting on till the traffic 80 00:07:24,840 --> 00:07:28,470 is analyzed then you become more interesting. 81 00:07:28,500 --> 00:07:32,460 If getting caught for using Tor has serious consequences. 82 00:07:32,610 --> 00:07:37,140 Toll bridges and pluggable transports are not recommended. 83 00:07:37,140 --> 00:07:45,030 They are only short term work arounds and any adversary sophistication will identify that you are using 84 00:07:45,030 --> 00:07:45,550 them. 85 00:07:45,570 --> 00:07:52,860 If they start to pay closer examination to the traffic as I have illustrated other options to bypass 86 00:07:52,890 --> 00:08:00,270 toll being blocked which might be safer include tunneling tore through all the privacy and anonymity 87 00:08:00,270 --> 00:08:01,160 services. 88 00:08:01,230 --> 00:08:06,290 As I've already said like VPN is nested VPN is S-sh. 89 00:08:06,390 --> 00:08:14,190 Assuming they are allowed or they are viable where you are or using offsite locations or potentially 90 00:08:14,280 --> 00:08:19,710 mobile communication all of which rediscuss in it's own section 9827