Five technologies that were used in Iran
The authorities of any country in the world filter the network content. It `s naturally. Everyone filters something different. In America, casino sites are blocked, in Europe - sites with Nazi symbols, in China and Belarus, sites of political opponents are blocked. Recently, Iran has joined the “censors”, and some technological methods used there are something new, something we have not seen even in China.
Here is a list of technologies that Iranian authorities used to censor the Internet during recent mass riots. The list is given by the document compiled by the human rights hacker organization NedaNet .
IP blocking
The standard technique used by the governments of many countries, including Belarus and Russia. Ineffective against P2P communications, as well as against a network of proxy servers.
')
Traffic Classification (QoS)
More advanced control technology, when traffic that is transmitted over certain protocols and certain ports is subject to damage. This is done in order to reduce the total amount of traffic in the local segment of the Internet (the bandwidth of external communication channels is estimated at 6 Gbit / s) and reduce the load on monitoring systems that are quite resource-intensive, especially in the case of deep filtering by content.
The diagram shows the amount of traffic on Iranian backbones per election week (TCP, port 80). As we see, at a certain moment the authorities simply blocked the external channel.
But the volume of mail traffic (port 25) and video (port 1935). Here the fact of filtering is even more obvious.
Experts estimate the percentage of blocked traffic, depending on the protocol.
The following diagram shows the decrease in the amount of traffic passing through the networks of each of the Iranian providers in the days after the election (red arrows), despite the fact that only TTNet (Turk Telecom) began to pass more traffic. This is due to the fact that the Turkish provider has more productive content filtering systems than its competitors.
Packet header analysis
In fact, header analysis is a type of deep packet inspection (DPI, deep packet inspection, see below). Only packet headers and nothing more are analyzed here. Although this technique is much less efficient than DPI, but in Iran it was used more often because it is suitable for processing much larger amounts of information. For example, this way you can easily identify all SSL-packages that use deeper analysis methods.
The widespread use of header analysis allows hacker-defenders to fool the enemy, which they successfully did in Iran when they wrapped SSL traffic into FTP header lines.
Packet analysis
This is a more advanced filtering method, because not only packet headers are analyzed here, but also their length in bits, transmission frequency and other characteristics by which content can be determined.
In Iran, this technique was used to block SSH-traffic, but at the same time to maintain the performance of corporate VPNs that follow the same protocol.
Deep Packet Inspection / Content Filtering
The most advanced and resource-intensive filtering method, when the content of the packages is analyzed. Even if cryptography is used, this protection cannot be bypassed, because in combination with other verification methods, authorities can easily determine what they are dealing with.
Iranian activists did not manage to find a way to bypass this protection, except that sometimes they found holes that could be exploited, but the authorities quickly closed them.
via Network World
Here is a list of technologies that Iranian authorities used to censor the Internet during recent mass riots. The list is given by the document compiled by the human rights hacker organization NedaNet .
IP blocking
The standard technique used by the governments of many countries, including Belarus and Russia. Ineffective against P2P communications, as well as against a network of proxy servers.
')
Traffic Classification (QoS)
More advanced control technology, when traffic that is transmitted over certain protocols and certain ports is subject to damage. This is done in order to reduce the total amount of traffic in the local segment of the Internet (the bandwidth of external communication channels is estimated at 6 Gbit / s) and reduce the load on monitoring systems that are quite resource-intensive, especially in the case of deep filtering by content.
The diagram shows the amount of traffic on Iranian backbones per election week (TCP, port 80). As we see, at a certain moment the authorities simply blocked the external channel.
But the volume of mail traffic (port 25) and video (port 1935). Here the fact of filtering is even more obvious.
Experts estimate the percentage of blocked traffic, depending on the protocol.
The following diagram shows the decrease in the amount of traffic passing through the networks of each of the Iranian providers in the days after the election (red arrows), despite the fact that only TTNet (Turk Telecom) began to pass more traffic. This is due to the fact that the Turkish provider has more productive content filtering systems than its competitors.
Packet header analysis
In fact, header analysis is a type of deep packet inspection (DPI, deep packet inspection, see below). Only packet headers and nothing more are analyzed here. Although this technique is much less efficient than DPI, but in Iran it was used more often because it is suitable for processing much larger amounts of information. For example, this way you can easily identify all SSL-packages that use deeper analysis methods.
The widespread use of header analysis allows hacker-defenders to fool the enemy, which they successfully did in Iran when they wrapped SSL traffic into FTP header lines.
Packet analysis
This is a more advanced filtering method, because not only packet headers are analyzed here, but also their length in bits, transmission frequency and other characteristics by which content can be determined.
In Iran, this technique was used to block SSH-traffic, but at the same time to maintain the performance of corporate VPNs that follow the same protocol.
Deep Packet Inspection / Content Filtering
The most advanced and resource-intensive filtering method, when the content of the packages is analyzed. Even if cryptography is used, this protection cannot be bypassed, because in combination with other verification methods, authorities can easily determine what they are dealing with.
Iranian activists did not manage to find a way to bypass this protection, except that sometimes they found holes that could be exploited, but the authorities quickly closed them.
via Network World
Source: https://habr.com/ru/post/65035/
All Articles