| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <DB83F671-8AB4-4453-83C7-859D67313CA1@madrock.net> Date: Sun, 12 Feb 2012 19:43:16 +1030 From: Derek <derek@...rock.net> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Iran is doing ip-and-port filtering of SSL maybe it's time to get the old school substitution code books out. http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/ Thanks Derek On 12/02/2012, at 4:23, Sai <sai@...zai.com> wrote: > See my post @ https://plus.google.com/u/0/103112149634414554669/posts/PT3eEF4u415 > to stay updated. Copying over update: > > - > > Further testing done. Conclusions: > > 1. IP-and-port filtering for some IPs > 2. SSL protocol filtering on standard ports for targeted IPs / sites > 3. No request header filtering > 4. Some IPs / sites NOT SSL protocol or port filtered! > 5. All Tor filtered, even unpublished proxies > > I'm not going to openly publish what went through to prevent it > getting blacklisted and useless for testing, but it was a full normal > https://something:443 connection, green lock w/ verified serial # and > all. > > The government proxy is http://bgp.he.net/AS12880 > Still to test, will update post: > * obfs2 tor > * ssh on standard & nonstandard ports > * nonstandard ssl ports > > More info: > https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic > (based in part on my info) > http://news.ycombinator.com/item?id=3575029 > > On Wed, Feb 8, 2012 at 19:54, Sai <sai@...zai.com> wrote: >> I have pretty definitive proof that Iran is doing ip-and-port based >> filtering of SSL. >> >> Filtering is being done by 217.218.154.250 after a hop through >> 217.219.96.120 / 217.219.96.132. This hop is after my source's ISP, >> and all three IPs are owned by ITC, Iran's central telco. >> >> Filtering targets all google.com IPs, some but not all torproject.org >> IPs, probably more. Haven't attempted a broad scan. It's a simple >> connection drop; filtered connections just time out. >> >> It is not based on SSL handshake signature; testing SSL on nonstandard >> ports worked successfully, and testing non-SSL on :443 of target IPs >> was blocked. >> >> I'm not sharing screencaps in order to protect my source, but tests >> included TCP traceroutes on different IP/port combinations and some >> simple use of curl. >> >> Cheers, >> Sai > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists