March 27, 2023

A Preliminary Study on the Iranian Firewall

In the past month or so, Iran has used physical disconnection and firewalls to restrict Internet users from accessing the Internet. Physical disconnection is relatively rare, and there is basically no way to bypass it, but there are many ways to deal with firewalls. Observations of its firewalls can also inform its censorship policies. The Iranian government has deployed DPI (Deep Packet Inspection) at all inbound and outbound international peering points, and local telecom operators have their own firewalls, but most of them are static with configuration issues, and only a small number use DPI. The firewall resolves all blacklisted domains to the IP address; it continuously scans for services such as Socks5 proxies; it rarely blocks IP addresses completely, but keeps the TCP handshake from completing by dropping syn-acks. The Iranian government restricts access to the Internet from 4:00 pm to 12:00 pm, many proxy services such as Tor and Wireguard/OpenVpn are blocked, DPI will perform blocking based on TLS plaintext SNI, and all outbound traffic after transmitting 1k-4k will be blocked, Cloudflare, Google Play, and the App Store are blocked, Docker is partially blocked, and some ISPs use a whitelist system to block all other sites.

Ewen Eagle

I am the founder of Urbantechstory, a Technology based blog. where you find all kinds of trending technology, gaming news, and much more.

View all posts by Ewen Eagle →

Leave a Reply

Your email address will not be published.