Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

Iran blocking essentially all encyrpted protocols

 

 

NANOG users RSS feed   Index | Next | Previous | View Threaded


malayter at gmail

Feb 10, 2012, 10:26 AM

Post #1 of 9 (555 views)
Permalink
Iran blocking essentially all encyrpted protocols

Haven't seen this come through on NANOG yet:
http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars

Can anyone with the ability confirm that TCP/443 traffic from Iran has
stopped?


d3e3e3 at gmail

Feb 10, 2012, 10:28 AM

Post #2 of 9 (549 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

Probably better than Iran doing man-in-the-middle...

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 [at] gmail


On Fri, Feb 10, 2012 at 1:26 PM, Ryan Malayter <malayter [at] gmail> wrote:
> Haven't seen this come through on NANOG yet:
> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>
> Can anyone with the ability confirm that TCP/443 traffic from Iran has
> stopped?
>


jra at baylink

Feb 10, 2012, 10:29 AM

Post #3 of 9 (547 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

----- Original Message -----
> From: "Ryan Malayter" <malayter [at] gmail>

> Haven't seen this come through on NANOG yet:
> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>
> Can anyone with the ability confirm that TCP/443 traffic from Iran has
> stopped?

Lauren scooped you on Privacy by about 6 minutes. :-)

Cheers,
-- jra
--
Jay R. Ashworth Baylink jra [at] baylink
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274


james at smithwaysecurity

Feb 10, 2012, 10:35 AM

Post #4 of 9 (550 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

correct, it's down in Iran,
A few of my contacts got back to me confirming this a few hours ago.

-----Original Message-----
From: Jay Ashworth
Sent: Friday, February 10, 2012 2:29 PM
To: NANOG
Subject: Re: Iran blocking essentially all encyrpted protocols

----- Original Message -----
> From: "Ryan Malayter" <malayter [at] gmail>

> Haven't seen this come through on NANOG yet:
> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>
> Can anyone with the ability confirm that TCP/443 traffic from Iran has
> stopped?

Lauren scooped you on Privacy by about 6 minutes. :-)

Cheers,
-- jra
--
Jay R. Ashworth Baylink
jra [at] baylink
Designer The Things I Think RFC
2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover
DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647
1274


sh.vahabzadeh at gmail

Feb 10, 2012, 11:03 AM

Post #5 of 9 (550 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

Yes I am from Iran and outgoing TCP/443 has been stoped ;)

--
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90

On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter [at] gmail> wrote:

> Haven't seen this come through on NANOG yet:
> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>
> Can anyone with the ability confirm that TCP/443 traffic from Iran has
> stopped?
>


marshall.eubanks at gmail

Feb 10, 2012, 12:07 PM

Post #6 of 9 (554 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

And in response

http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/

(quoting) :

“Basically, say you want to look like an XMPP chat instead of SSL,” he
writes to me, referring to a protocol for instant messaging as the
decoy for the encrypted SSL communications. “Obfsproxy should start
up, you choose XMPP, and obfsproxy should emulate XMPP to the point
where even a sophisticated [deep packet inspection] device cannot find
anything suspicious.”

Regards
Marshall

On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh
<sh.vahabzadeh [at] gmail> wrote:
> Yes I am from Iran and outgoing TCP/443 has been stoped ;)
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90
>
> On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter [at] gmail> wrote:
>
>> Haven't seen this come through on NANOG yet:
>> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>>
>> Can anyone with the ability confirm that TCP/443 traffic from Iran has
>> stopped?
>>
>


sh.vahabzadeh at gmail

Feb 11, 2012, 2:09 AM

Post #7 of 9 (542 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

It is not accessible to with XMPP, yahoo google none of them is not accessible from Iran.
I have not try obfsproxy but as a ordinary connection we do not have https :)

--
Regards,
Shahab Vahabzadeh, Network Engineer and System Administrator

PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90

On Feb 10, 2012, at 11:37 PM, Marshall Eubanks <marshall.eubanks [at] gmail> wrote:

> And in response
>
> http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/
>
> (quoting) :
>
> “Basically, say you want to look like an XMPP chat instead of SSL,” he
> writes to me, referring to a protocol for instant messaging as the
> decoy for the encrypted SSL communications. “Obfsproxy should start
> up, you choose XMPP, and obfsproxy should emulate XMPP to the point
> where even a sophisticated [deep packet inspection] device cannot find
> anything suspicious.”
>
> Regards
> Marshall
>
> On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh
> <sh.vahabzadeh [at] gmail> wrote:
>> Yes I am from Iran and outgoing TCP/443 has been stoped ;)
>>
>> --
>> Regards,
>> Shahab Vahabzadeh, Network Engineer and System Administrator
>>
>> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
>>
>> On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter [at] gmail> wrote:
>>
>>> Haven't seen this come through on NANOG yet:
>>> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>>>
>>> Can anyone with the ability confirm that TCP/443 traffic from Iran has
>>> stopped?
>>>
>>


richard.barnes at gmail

Feb 11, 2012, 1:50 PM

Post #8 of 9 (533 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

FWIW: A colleague in Iran was able to connect to a server in the US
using HTTPS on a non-standard port (9999). It appears that the
Iranian government is not blocking TLS/HTTPS per se, but just port
443. So in principle, if there were just some HTTPS proxies using
non-standard ports, then people would be able to get out. At least
until (1) the addresses of the proxies become known to the regime, or
(2) they start blocking cross-border TLS altogether.

--Richard



On Fri, Feb 10, 2012 at 12:07 PM, Marshall Eubanks
<marshall.eubanks [at] gmail> wrote:
> And in response
>
> http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/
>
> (quoting) :
>
> “Basically, say you want to look like an XMPP chat instead of SSL,” he
> writes to me, referring to a protocol for instant messaging as the
> decoy for the encrypted SSL communications. “Obfsproxy should start
> up, you choose XMPP, and obfsproxy should emulate XMPP to the point
> where even a sophisticated [deep packet inspection] device cannot find
> anything suspicious.”
>
> Regards
> Marshall
>
> On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh
> <sh.vahabzadeh [at] gmail> wrote:
>> Yes I am from Iran and outgoing TCP/443 has been stoped ;)
>>
>> --
>> Regards,
>> Shahab Vahabzadeh, Network Engineer and System Administrator
>>
>> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90
>>
>> On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter [at] gmail> wrote:
>>
>>> Haven't seen this come through on NANOG yet:
>>> http://arstechnica.com/tech-policy/news/2012/02/iran-reportedly-blocking-encrypted-internet-traffic.ars
>>>
>>> Can anyone with the ability confirm that TCP/443 traffic from Iran has
>>> stopped?
>>>
>>
>


alan at clegg

Feb 11, 2012, 2:56 PM

Post #9 of 9 (528 views)
Permalink
Re: Iran blocking essentially all encyrpted protocols [In reply to]

On 2/11/2012 4:50 PM, Richard Barnes wrote:
> FWIW: A colleague in Iran was able to connect to a server in the US
> using HTTPS on a non-standard port (9999). It appears that the
> Iranian government is not blocking TLS/HTTPS per se, but just port
> 443. So in principle, if there were just some HTTPS proxies using
> non-standard ports, then people would be able to get out. At least
> until (1) the addresses of the proxies become known to the regime, or
> (2) they start blocking cross-border TLS altogether.

Or applications (and providers) knew how to use SRV records...

AlanC
--
alan [at] clegg | 1.919.355.8851
Attachments: signature.asc (0.25 KB)

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.