Iran blocking essentially all encyrpted protocols

Haven't seen this come through on NANOG yet:

Can anyone with the ability confirm that TCP/443 traffic from Iran has

Probably better than Iran doing man-in-the-middle...


Lauren scooped you on Privacy by about 6 minutes. :slight_smile:

-- jra

correct, it's down in Iran,
A few of my contacts got back to me confirming this a few hours ago.

Yes I am from Iran and outgoing TCP/443 has been stoped :wink:

And in response

(quoting) :

“Basically, say you want to look like an XMPP chat instead of SSL,” he
writes to me, referring to a protocol for instant messaging as the
decoy for the encrypted SSL communications. “Obfsproxy should start
up, you choose XMPP, and obfsproxy should emulate XMPP to the point
where even a sophisticated [deep packet inspection] device cannot find
anything suspicious.”


It is not accessible to with XMPP, yahoo google none of them is not accessible from Iran.
I have not try obfsproxy but as a ordinary connection we do not have https :slight_smile:

FWIW: A colleague in Iran was able to connect to a server in the US
using HTTPS on a non-standard port (9999). It appears that the
Iranian government is not blocking TLS/HTTPS per se, but just port
443. So in principle, if there were just some HTTPS proxies using
non-standard ports, then people would be able to get out. At least
until (1) the addresses of the proxies become known to the regime, or
(2) they start blocking cross-border TLS altogether.


Or applications (and providers) knew how to use SRV records...