spam

Arbor Networks has a great post with data on Iranian Internet censorship. As well as the deliberate transit shortage, they seem to be targeting specific protocols, notably SSH, the secure shell protocol one uses to administer servers and also quite often to provide a VPN tunnel. This isn’t surprising, really, but it is depressing; practically any shell account and any machine, including my mobile phone, will let you set up an SSH tunnel, and it is strongly encrypted, so it’s one of the most reliable and easiest ways to beat the censor.

Arbor’s analysis suggests that the point is to limit traffic to levels that their existing censorship infrastructure can handle; interestingly, e-mail, and bogstandard Web traffic on port 80, seem unaffected, which suggests they already had the big squid proxy etc. in place. There is, of course, nothing to stop you configuring your server to do SSH on port 80, but it might be a little obvious. An alternative would be to use something like OpenVPN, which uses the same HTTPS protocol and port that all the e-commerce and corporate e-mail things do.

Fascinatingly, levels of gaming application traffic are unaffected, and Arbor wonder if it would be possible to use this for clandestine communications. (Perhaps the government wants people playing computer games?) This is, of course, a major plot point from Charlie Stross’s Halting State, although the exploit is rather more sophisticated there – rather than just meeting up for a chat in-game, they are mapping their data to the game’s commands and reversing the process at the other end.

Depressingly, according to Renesys, many of the open proxy servers that have been set up for the use of Iranian dissidents are being heavily abused by Chinese spammers. This is a hard problem; any tunnelling system intended to defeat the censor must be open to anyone, it’s insanely risky to keep any logs of who accesses it, so it seems inevitable that the vermin will get in.


  1. 1 “Cyberwar” and Iran: the other side of the hill « Alternate Seat of TYR

    […] meant that the traffic was reduced to a level where their lawful-intercept infrastructure* could capture and process it all. Almost certainly, they can do the same to any of their downstreams, or continue to pass customer […]




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: