Home page logo

nanog logo nanog mailing list archives

Re: Iran blocking essentially all encyrpted protocols
From: Richard Barnes <richard.barnes () gmail com>
Date: Sat, 11 Feb 2012 13:50:10 -0800

FWIW: A colleague in Iran was able to connect to a server in the US
using HTTPS on a non-standard port (9999).  It appears that the
Iranian government is not blocking TLS/HTTPS per se, but just port
443.  So in principle, if there were just some HTTPS proxies using
non-standard ports, then people would be able to get out.  At least
until (1) the addresses of the proxies become known to the regime, or
(2) they start blocking cross-border TLS altogether.


On Fri, Feb 10, 2012 at 12:07 PM, Marshall Eubanks
<marshall.eubanks () gmail com> wrote:
And in response


(quoting) :

“Basically, say you want to look like an XMPP chat instead of SSL,” he
writes to me, referring to a protocol for instant messaging as the
decoy for the encrypted SSL communications. “Obfsproxy should start
up, you choose XMPP, and obfsproxy should emulate XMPP to the point
where even a sophisticated [deep packet inspection] device cannot find
anything suspicious.”


On Fri, Feb 10, 2012 at 2:03 PM, Shahab Vahabzadeh
<sh.vahabzadeh () gmail com> wrote:
Yes I am from Iran and outgoing TCP/443 has been stoped ;)

Shahab Vahabzadeh, Network Engineer and System Administrator

PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90

On Feb 10, 2012, at 9:56 PM, Ryan Malayter <malayter () gmail com> wrote:

Haven't seen this come through on NANOG yet:

Can anyone with the ability confirm that TCP/443 traffic from Iran has

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]