New type of block spotted for a selected number of Tor IP addresses.
Previously Tor bridges and relays were TCP-filtered, but ICMP and UDP worked fine. Now UDP and ICMP is getting filtered (no ping responses), as well as TCP, but this time with TCP RST reply.
212.109.198.56
is hosted in Moscow data center.
OBIT, Filtered connection
traceroute --tcp --port=443 212.109.198.56
# traceroute --tcp --port=443 212.109.198.56
traceroute to 212.109.198.56 (212.109.198.56), 30 hops max, 60 byte packets
1 _gateway (192.168.69.1) 0.501 ms 0.482 ms 0.694 ms
2 95-161-156-121.obit.ru (95.161.156.121) 1.498 ms 1.897 ms 2.304 ms
3 172.29.194.72 (172.29.194.72) 3.726 ms 3.720 ms 3.918 ms
4 172.29.192.121 (172.29.192.121) 2.278 ms 2.680 ms 2.878 ms
5 172.29.194.77 (172.29.194.77) 2.457 ms 2.450 ms 2.649 ms
6 172.29.194.102 (172.29.194.102) 2.436 ms 1.635 ms 1.606 ms
7 172.29.255.217 (172.29.255.217) 1.801 ms 1.082 ms 1.215 ms
8 172.29.194.121 (172.29.194.121) 1.616 ms 1.815 ms 1.807 ms
9 172.29.194.37 (172.29.194.37) 1.800 ms 1.794 ms 1.788 ms
10 vi-xx-0150.brc2.spb.obit.ru (85.114.1.13) 2.409 ms 2.614 ms 2.607 ms
11 gw2-msk.global-ix.ru (109.239.137.252) 12.210 ms 13.357 ms 13.342 ms
12 mail-ru.gw.gblnet.ru (109.239.134.30) 12.505 ms 11.215 ms 11.195 ms
13 * * *
14 * * *
15 * * *
16 stierlitz.rednoize.su (212.109.198.56) 10.862 ms 10.648 ms 11.052 ms
traceroute --udp 212.109.198.56
# traceroute --udp 212.109.198.56
traceroute to 212.109.198.56 (212.109.198.56), 30 hops max, 60 byte packets
1 _gateway (192.168.69.1) 0.562 ms 0.744 ms 0.722 ms
2 95-161-156-121.obit.ru (95.161.156.121) 1.529 ms 2.093 ms 2.321 ms
3 172.29.194.72 (172.29.194.72) 1.920 ms 2.052 ms 2.289 ms
4 172.29.192.121 (172.29.192.121) 2.482 ms 2.473 ms 2.930 ms
5 172.29.194.77 (172.29.194.77) 2.911 ms 2.901 ms 2.891 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * *^C
traceroute --icmp 212.109.198.56
# traceroute --icmp 212.109.198.56
traceroute to 212.109.198.56 (212.109.198.56), 30 hops max, 60 byte packets
1 _gateway (192.168.69.1) 0.382 ms 0.588 ms 0.585 ms
2 95-161-156-121.obit.ru (95.161.156.121) 1.298 ms 1.944 ms 2.113 ms
3 172.29.194.72 (172.29.194.72) 3.948 ms 3.946 ms 4.129 ms
4 172.29.192.121 (172.29.192.121) 2.102 ms 2.305 ms 2.540 ms
5 172.29.194.77 (172.29.194.77) 1.926 ms 1.924 ms 1.922 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * *^C
curl https://212.109.198.56 -v
# curl https://212.109.198.56 -v
* Trying 212.109.198.56:443...
* connect to 212.109.198.56 port 443 failed: Connection refused
* Failed to connect to 212.109.198.56 port 443 after 11 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 212.109.198.56 port 443 after 11 ms: Connection refused
Regular unfiltered connection (Rostelecom)
traceroute 212.109.198.56 -n -w1
# traceroute 212.109.198.56 -n -w1
traceroute to 212.109.198.56 (212.109.198.56), 30 hops max, 38 byte packets
1 192.168.100.1 0.489 ms 0.324 ms 0.285 ms
2 92.101.242.1 3.434 ms 3.281 ms 3.072 ms
3 212.48.194.52 3.558 ms 3.608 ms 3.327 ms
4 188.254.2.2 7.173 ms 6.811 ms 6.191 ms
5 87.226.222.82 6.486 ms 5.854 ms 7.680 ms
6 * * *
7 109.239.134.30 17.571 ms 16.268 ms 14.943 ms
8 * * *
9 * * *
10 * * *
11 212.109.198.56 15.523 ms 15.412 ms 17.446 ms
curl -vk https://212.109.198.56
# curl -vk https://212.109.198.56
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
> GET / HTTP/1.1
> Host: 212.109.198.56
> User-Agent: curl/7.74.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx/1.14.2
< Date: Mon, 20 Dec 2021 10:05:27 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>