Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Narus- american company helped Egyptian goevernment to spy on its citizens?

Jacob Appelbaum jacob at
Thu Feb 10 15:05:02 PST 2011

On 02/10/2011 02:41 PM, John Graham-Cumming wrote:
> What's the sign of SmartFilter in use?  Is it a RST packet when you
> wouldn't expect one or proxying the HTTP connection and giving you
> some other page?

Generally it leaves a specific signature on the network. It isn't just a
RST packet if the user sees a block page. There is a redirection or a
full MITM that redirects to a special URL. I just went back to look at
some packet captures I have from Qatar. The main internet provider there
is Qtel and they they inject a HTTP 302 redirect. They actually use

When I attempted to visit the Tor website, I was redirected. The
redirect sends me to this URL:

The source of the redirect is the same IP as the normal Tor webserver -
so Qtel is actually impersonating Tor's webserver. It creates a race
condition and the browser is redirected. Tor's webservers are of course
outside of Qatar and so we will always lose a race with the local network.

Note that my IP and other PII is in that URL. That should make framing
someone quite simple - just change the parameters!

> In fact, on a related note.  Was it SmartFilter that did the
> JavaScript injection in Tunisia?

I do not have packet captures from Tunisia - I bet you could just ask
the censors - wired did an article on them recently.

All the best,

More information about the liberationtech mailing list