Iran · Wiki · Legacy / Trac

Iran (#7141 (moved), #8443 (moved))

Summary of the current situation

**DISCLAIMER: The following is a hypothesis and needs further testing and verification (#7141 (moved))! ** The ISP "Pars Online" seems to be blocking Tor. Apparently, DPI boxes are extracting the domain in the server_hello extension in the TLS client hello. If the domain resolves successfully and the remote machine is listening on port 443, the TLS client hello seems to pass. Apparently, omitting the server_hello extension or setting it to www.google.com evades the filters.

In addition, some DPI boxes are deployed which fingerprint information in the TLS client key exchange and silently drop the segment if found.

First witnessed

The Pars Online might have begun at the beginning of October 2012. The first reports about the TLS client key exchange drop also appeared at the beginning of October 2012.

Last witnessed

It looks like both blocks are still ongoing. The Pars Online block might however not be targeting Tor in particular. Also, it might not be limited to Pars Online.

Tor censorship

Smartfilter/Websense blocks Tor directory GET requests -- 2007
General SSL throttling -- "summer 2009"
DPI on TLS client key exchange -- October 2012 -- #7141 (moved)
DPI on SSL DH modulus -- January 2011 -- https://blog.torproject.org/blog/update-internet-censorship-iran
DPI on SSL certificate expiration time -- September 2011 -- https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
General SSL block -- February 9th 2012 -- https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic
TCP resets on all non-HTTP port 80 connections -- sometime in April/May 2013 -- reports state that even plaintext HTTP connections are killed after 60 seconds: "IranIan Internet Infrastructure and Policy Report".

Types of non-Tor censorship

Collin Anderson (@cda) has been reporting extensively on Iran's 2013 elections on Twitter, and on 18 June 2013 published a paper on throttling as a censorship mechanism in Iran: "Dimming the Internet: Detecting Throttling as a Mechanism of Censorship in Iran".

Ways to bypass censorship

Some users have reported that obfsproxy works as of May 2013, this may no longer be the case.

Type of firewall

XXX

Reproducing the blocking

XXX

Information source: http://events.ccc.de/congress/2011/Fahrplan/events/4800.en.html

Comments

Please register or sign in to add a comment.