|
== Iran (#7141, #8443) ==
|
|
## Iran (#7141, #8443)
|
|
=== Summary of the current situation ===
|
|
### Summary of the current situation
|
|
'''DISCLAIMER: The following is a hypothesis and needs further testing and verification (#7141)! ''' The ISP "[https://en.wikipedia.org/wiki/Pars_Online Pars Online]" seems to be blocking Tor. Apparently, DPI boxes are extracting the domain in the server_hello extension in the TLS client hello. If the domain resolves successfully and the remote machine is listening on port 443, the TLS client hello seems to pass. Apparently, omitting the server_hello extension or setting it to `www.google.com` evades the filters.
|
|
**DISCLAIMER: The following is a hypothesis and needs further testing and verification (#7141)! ** The ISP "[Pars Online](https://en.wikipedia.org/wiki/Pars_Online)" seems to be blocking Tor. Apparently, DPI boxes are extracting the domain in the server_hello extension in the TLS client hello. If the domain resolves successfully and the remote machine is listening on port 443, the TLS client hello seems to pass. Apparently, omitting the server_hello extension or setting it to `www.google.com` evades the filters.
|
|
|
|
|
|
In addition, some DPI boxes are deployed which fingerprint information in the TLS client key exchange and silently drop the segment if found.
|
|
In addition, some DPI boxes are deployed which fingerprint information in the TLS client key exchange and silently drop the segment if found.
|
|
|
|
|
|
=== First witnessed ===
|
|
### First witnessed
|
|
The Pars Online might have begun at the beginning of October 2012. The first reports about the TLS client key exchange drop also appeared at the beginning of October 2012.
|
|
The Pars Online might have begun at the beginning of October 2012. The first reports about the TLS client key exchange drop also appeared at the beginning of October 2012.
|
|
|
|
|
|
=== Last witnessed ===
|
|
### Last witnessed
|
|
It looks like both blocks are still ongoing. The Pars Online block might however not be targeting Tor in particular. Also, it might not be limited to Pars Online.
|
|
It looks like both blocks are still ongoing. The Pars Online block might however not be targeting Tor in particular. Also, it might not be limited to Pars Online.
|
|
|
|
|
|
=== Tor censorship ===
|
|
### Tor censorship
|
|
* Smartfilter/Websense blocks Tor directory GET requests -- 2007
|
|
* Smartfilter/Websense blocks Tor directory GET requests -- 2007
|
|
* General SSL throttling -- "summer 2009"
|
|
* General SSL throttling -- "summer 2009"
|
|
* DPI on TLS client key exchange -- October 2012 -- #7141
|
|
* DPI on TLS client key exchange -- October 2012 -- #7141
|
|
* DPI on SSL DH modulus -- January 2011 -- https://blog.torproject.org/blog/update-internet-censorship-iran
|
|
* DPI on SSL DH modulus -- January 2011 -- https://blog.torproject.org/blog/update-internet-censorship-iran
|
|
* DPI on SSL certificate expiration time -- September 2011 -- https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
|
|
* DPI on SSL certificate expiration time -- September 2011 -- https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
|
|
* General SSL block -- February 9th 2012 -- https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic
|
|
* General SSL block -- February 9th 2012 -- https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic
|
|
* TCP resets on all non-HTTP port 80 connections -- sometime in April/May 2013 -- reports state that even plaintext HTTP connections are killed after 60 seconds: [http://smallmedia.org.uk/InfoFlowReportAPRIL.pdf "IranIan Internet Infrastructure and Policy Report"].
|
|
* TCP resets on all non-HTTP port 80 connections -- sometime in April/May 2013 -- reports state that even plaintext HTTP connections are killed after 60 seconds: ["IranIan Internet Infrastructure and Policy Report"](http://smallmedia.org.uk/InfoFlowReportAPRIL.pdf).
|
|
|
|
|
|
=== Types of non-Tor censorship ===
|
|
### Types of non-Tor censorship
|
|
* Collin Anderson ([https://twitter.com/cda @cda]) has been reporting extensively on Iran's 2013 elections on Twitter, and on 18 June 2013 published a paper on throttling as a censorship mechanism in Iran: [http://arxiv.org/abs/1306.4361 "Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran"].
|
|
* Collin Anderson ([@cda](https://twitter.com/cda)) has been reporting extensively on Iran's 2013 elections on Twitter, and on 18 June 2013 published a paper on throttling as a censorship mechanism in Iran: ["Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran"](http://arxiv.org/abs/1306.4361).
|
|
|
|
|
|
=== Ways to bypass censorship ===
|
|
### Ways to bypass censorship
|
|
* Some users have reported that [https://www.torproject.org/projects/obfsproxy.html.en obfsproxy] works as of May 2013, this may no longer be the case.
|
|
* Some users have reported that [obfsproxy](https://www.torproject.org/projects/obfsproxy.html.en) works as of May 2013, this may no longer be the case.
|
|
|
|
|
|
=== Type of firewall ===
|
|
### Type of firewall
|
|
XXX
|
|
XXX
|
|
|
|
|
|
=== Reproducing the blocking ===
|
|
### Reproducing the blocking
|
|
XXX
|
|
XXX
|
|
|
|
|
|
Information source: http://events.ccc.de/congress/2011/Fahrplan/events/4800.en.html |
|
Information source: http://events.ccc.de/congress/2011/Fahrplan/events/4800.en.html |
|
|
|
\ No newline at end of file |