Schneier on Security
A blog covering security and security technology.
« Eavesdropping on Dot-Matrix Printers by Listening to Them |
| John Walker and the Fleet Broadcasting System »
June 23, 2009
The Iranian Firewall
Technical information on Iran's attempts to censor the Internet
Posted on June 23, 2009 at 9:09 AM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
There is always a way to communicate through acl's and firewalls. Any censoring government should reasonably know that these types of actions will only slow the spread of news. Time will tell if Iran can be considered one of these countries. If not then we will see a travesty.
see also: NedaNet , "a network of hackers formed to support the democratic revolution in Iran. [NedaNet's] mission is to help the Iranian people by setting up networks of proxy severs, anonymizers, and any other appropriate technologies that can enable them to communicate and organize -- a network beyond the censorship or control of the Iranian regime." As of a couple days ago, Eric S. Raymond is the public contact for NedaNet .
There is a paper, Covert channel vulnerabilities in anonymity systems, which will likely be of great use should deep packet inspection become a real threat (though I doubt on such a large scale it could be used effectively)
I would highly recommend it.
Let's see, they should just turn off the electricity, perform the cleansing rituals, clean up, and turn the electricity back on.
By the way, don't we have satellites watching this stuff? Where is that output?
Blowback from USA meddling is going to happen to those arrested, and potential unwanted unstable results might follow. I hope some overt methods fall from use and proper ways become more directed.
Cheeleading on this caliber, requires special care and sophistication on all levels. Proxy sophistication requires state handling to be top level.
Sadly, what is needed is in short supply, and now is the time for what we do not have. Enough said.
A science fiction movie might be a good guide, but ethically, things look pretty bad.
An errie silence is problematic, and real support is uncertain. The USA is too divided and too corrupt to handle such old world complexities righteously. Iraq was a major disaster, that bare a problem that is only getting worse, while we ignore the real problems, pogo applies. Better ways of helping people exist, and walking over people is filled with bad history and results. I hope a better world can come from these victims of a police society gone bad.
I really like this line in the report -
"Perhaps games provide a possible source of covert channels (e.g. “Bring your elves to the castle on the island of Azeroth and we’ll plan the next Ahmadinejad protest rally?”) "
@Phil M "[NedaNet's] mission is to help the Iranian people by setting up networks of proxy severs..."
I know someone who set up a proxy server. He mentioned that the instructions he got suggested leaving the logging off. What are the chances that the right people are using the proxy servers for the right purposes?
"As of a couple days ago, Eric S. Raymond is the public contact for NedaNet"
Well, there goes that project. Hahaha.
"Tor is well-known for allowing citizens of oppressive regimes to navigate around their country's internet filtering software and firewalls. It's likely that it's in use right now in Iran, as the protests over the presidential election results continue, having led the government to heavily censor the country's internet access."
If a government attacks the Internet, people are going to use a work around. The government response is, "let's shut off the Internet." Let's turn off the lights and curse the darkness. If Iran cuts the lights, people will resort to lighting new fires. They seem to want to go back to the stone age.
But, "Iran's mullahs are finding out the hard way that medieval methods of control are no match for 21st--century technology." Newsweek reports. Welcome to 2009.
I thought the more interesting aspect of the situation is that Iran is leaving communication flowing. They aren't blocking it all. Arbor also points this out.
That means it is more important than even to authenticate even tweets. Although it's great that social platforms are spreading, far too many do not seem to realize how easily their information can be intentionally manipulated. Fake meeting places are easy to interject, people can be told to change plans or cancel tactics, as I've mentioned before with regard to protests in Egypt and militias in Somalia...
The Tor project blog has a recent post about a big ramp in traffic to/from Iranian IP blocks: http://blog.torproject.org/blog/...
A more recent post shows a similar surge in TOR nodes.
Fear of 9/11. The founder of CIA have an code 7-11. Do you prepare to 2010.09.11?
I wonder if they have blocked Second Life. To me, that seems like a good way to meet up and organize (especially since IIRC they have voice chat now)
Interesting that SSH is the most blocked/restricted protocol (although I expect large chunks of that is being tunneled through SSH.
The internet, in practice, cannot be *reliably* censored, unless you're willing to block everything by default and just whitelist a few specific approved things.
Of course, you can censor it *unreliably*, i.e., block a percentage of the stuff you're trying to block.
Deep packet inspection is useless on an encrypted connection ... Tor is not to be trusted as many exit nodes are known to be in the wrong hands eg German telecom security department... i have had first hand experiance of this ... also many other governments are suspected of running huge exit nodes washington also comes to mind... if i was in Iran and wanted a secure/safe way to use the net first would be a decent vpn/ssh connection and secondly only if needed a proxy....
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.