Slashdot Mirror
Iran Blocks VPN Ports
First time accepted submitter Parham90 writes "After the Iranian post-election events that led to massive riots and break-outs through the world, the Iranian government started blocking all social websites, including Facebook, Youtube, Orkut, MySpace and Twitter. The Iranians, however, started using VPN (virtual private network) connections to bypass censorship. Since Thursday, September 30, 2011, all VPN ports have however been blocked, in the first attempt to start what the Iranian government calls the 'National Internet.'"
I run my VPN server on port 80.
"When information is power, privacy is freedom" - Jah-Wren Ryel
It is impressive they still manage to run Internet services then.
See how well that worked for Egypt?
I wonder how far the censorship has to go before we see months of endless street protests again? If they ever expect anything like this to work, they should never have allowed their citizens to be in possession of the technology to begin with. They have an entire generation of people that grew up with cell phones, computers and the internet. There is no hope in hell of this working in the long term.
"The Net interprets censorship as damage and routes around it." -- John Gilmore
They will just move to using other ports.
Sigs are awesome huh?
This sounds like nonsense. There are VPN providers on non-standard ports. If you have your own server and a spare IP, you can even use some netfilter rewrite magic to allow connection on ANY port of that IP which is helpful in a lot of situations.
OpenVPN can use any port and is not detected as regular VPN communication, and can thus bypass firewalls that blocks VPN communication.
Governments have tried that since the 15th-16th century, and failed every time.
Since I live in Iran, I can vouch for it being true. The government-run media claims that the "PPTP" (and some other) protocols have been blocked, although I'm not sure how this works. I, for sure, can't access the VPN connections I used to be able to access. So I'm going to find a friend outside of Iran and ask them to start a VPN connection on port 80; just to see if they are feeding people another lie or not. :-)
The problem is its actually the minority that wants freedom. Seriously.
Iran's rural population is huge, and its made up of what basically amount to Muslim rednecks. They're the morons who keep assholes in power, and they probably all support this idea.
Can't stop the signal.
Run your VPN over port 80 and 443 let them block those as well. They may as well just switch it all off at the mains and be done with it.
The problem is its actually the minority that wants freedom. Seriously.
America and Iran have more in common than they'd like to admit.
Give me Classic Slashdot or give me death!
And you're going to enlist to help fight as well, no? Oh wait it's just another basement armchair general blustering about starting wars but too chickenshit to actually do any of the fighting.
...They block off good old Port 80?
Kill everybody who wants to stop freedom, you say? What about the Patriotic Act, doesn't it stop freedoms? Should we kill all rednecks because they want to restrict the freedom of Latin Americans to live in the US of A? If we do invade Iran over this, shouldn't we also kill all American soldiers because they want to restrict the freedom of Iranians to choose their leaders?
Seriously. Fuck you.
Then kill them all. Fuck them. It's the 21st century. Time for them to fuck off. The world has bigger problems to deal with. Time these fucktards were stopped from holding the rest of us up.
I almost split my spleen laughing at this. You, my friend, are a parody of yourself.
Like all pain, suffering is a signal that something isn't right
with fight with soldiers, vitrify them with some H bombs, the fanatic will respect us after that.
First of all, it's a theocracy. Any semblance of democracy is just a dog and pony show. How they got there in the first place was because of the original Iranian revolution. Second. I don't want our soldiers in Iran. But I have no problem waxing them when they cause problems for us outside their nation. For all I care, their entire navy can rest at the bottom of the ocean. Probably for the best anyways.
The summary says Iran started internet censorship after the election and people started using VPN from then. No, it's not like that. First, internet censorship goes back to at 7 or 8 years, IIRC. Long before the election. Second, anti-censorship tools have always been changing in all these years. VPN is just the main tool of most of people now, but even two years ago (right after election) few people knew VPN and used other tools. So, things look tough, but it's not that we are going to lose our connection with the world. We always find a solution. Even right now I'm using a PPTP VPN and if you see this comment it works well. The only solution to prevent people from accessing sites the government doesn't like would be to shut down internet connection with the outside world completely. And I hope they won't do that, at least not for long.
"If fifty million people say a foolish thing, it's still a foolish thing."
To many, it means the freedom to worship Allah without being offended by anybody.
For example, that Mohammed cartoon violated their freedom. Seeking to have it suppressed did not violate the author's freedom, since freedom of speech is defined within the framework of what is acceptable to Allah.
It's not fundamentally a problem of freedom, but of good and evil. Sharia law must be wiped from the planet; it is IMHO abhorrently evil. On the other hand, killing everyone living in such societies sort of misses the point, doesn't it?
Emotions! In your brain!
Ummm, so does that mean they shut down their internet entirely? Port 80 is simple enough to use or even daresay a little perl script using email, yeah the latency sucks, but still works. Getting past port blocking is pretty simple.
Hmmm, sending traffic through stenography via email attachments would be interesting. Wonder how long it would take to code that up.
/* TODO: Spawn child process, interest child in technology, have child write a new sig */
Gosh... wouldn't it be simpler if they just cut off everyone's fingers so they couldn't type... and cut out their tongues so the couldn't talk. Oh and poke out their eyes so they can't see sign languate... oh and rip off their ears so they can't hear... and... ... or how about they realise that talk and speech is inevitable and trying to censor it only makes yourself unpopular and your demise as ruler more likely.
"That's the way to do it" - Punch
(Posting anon because I feed the trolls less that way.)
Democracy is based on the collective freedom of the people to not have decisions imposed upon them by unaccountable parties. By electing their rulers, in theory, the people of democratic societies can always hold the rulers responsible.
And now you advocate the use of force (pretty much the strongest form of imposition) to make a nation free? To impose a system whose characteristic is the relative absence of imposition? If you think a little longer, I'm sure you'll see the contradiction.
When I was in high school, in the 70's, we "studied" the book "1984". We all assumed, I assume, that "1984" would happen in Russia or in a bizarro America. I do not remember anyone suggesting that religion would be the driver. ( I don't include the Chinese government in this particular assumption as China, to me, seems to have simply re-introduced the feudal system for the masses with a "ruling committee" replacing the emperor at the top.) What a mess.
Just so this is absolutely clear: OpenVPN does NOT work in Iran. It does not work on any port, both tcp and udp mode, I've tested this extensively with multiple individuals in the country, the connection is cut off almost immediately upon establishment. Syria suffers from the same problem. OpenVPN isn't a magic protocol, it's being blocked just like all the rest.
Or they're going to block internet banking now?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Unencrypted VPN traffic is incredibly easy to flag anyway, and even the handshake of popular encrypted VPN tunnels has a pattern that's predictable enough to be quite effective. I don't need to point out that ALL ports are affected. Switching to another port is basically useless in this context.
All this DPI doesn't require huge CPU processing power, as one would naively expect; since it (currently) happens only at the beginning of a session (yes, including UDP). And that is currently the Achilles' heel of this filter: if you initiate a "harmless" (as in allowed-by-policy) connection, and switch to encryption a couple of 10k packets later, you slip right through the firewall. Try it. If it doesn't work, they've upgraded to a new release and had to invest heavily in additional routers.
cpghost at Cordula's Web.
He/she/it won't. In many people's minds, "$REGIME" (meaning "what we have over here in $MYCOUNTRY") is the only possible way to live. Therefore, if people are living under a different regime, they must have been forced to live like that; they must be freed by force.
If $REGIME=theocracy and $MYCOUNTRY=Iran, you have the extremist muslims. If $REGIME=democracy and $MYCOUNTRY=USA, you have extreme right-wing Americans. They are one and the same in their shortsightedness and lack of perspective.
Iodine is IP over DNS. Since it is actually the DNS protocol (and not just using the DNS ports), it might not be susceptible to Deep Packet Inspection. However, it could presumably still be detected.
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
Looks like it's time for a VPN that uses stego. Sure, it might slow the connection down quite a bit, but if it's the difference between no access and (ideally almost undetectable) access, it'll have to do.
FC Closer
Just use IP over Avian Carriers. Sure, latency is a bitch, but otherwise it's probably safer.
Question is, to what extent does a "national internet" affect the economy? I know my productivity at least would drop seriously w/o global communication channels. But then, I'm not Iranian.
My Socks proxy listens on multiple ports, including DNS, SMTP, POP, POPS, IMAP, IMAPS, HTTP, HTTPS and a few other ports where it would not be expected, precisely to avoid these kind of blockades. So I can travel pretty much anywhere in the world and always find my way onto the public net.
"National Internet" = Intranet
It's happening in real america.
All those damn minorities stealing, not working... yup.
step 1. make VPN only site that glorifies Allah and Islam
step 2. make sure its ONLY accessible via these blocked ports
step 3. condemn those doing the blocking as enemies of Islam and Allah
Step 4. sharpen the beheading axe and wait for things to kick off
I know Skype isn't open source, but I also know that Skype is good at getting through all sorts of blocks, and I know that Skype works in Iran. Since Skype text chats can be automated with their development API couldn't you Base 64 encode packets and send them via Skype to an endpoint outside the country?
I guess this would work with pretty much any text based chat application that is successful at getting out of , even SMS.
Sig is on vacation
Sharia law must be wiped from the planet
How do you kill an idea?
What is more democratic: Block VPN Ports [Iran] or seizure domain [USA] ?
Recipes for USA bankrupt - http://tinypaste.com/0d66f dd = dollar deluge (printed in the infinity)
I don't think they meant "National Internet", what they meant to say was "National Intranet".
-Eric
I wonder if port 22 is blocked too. That would block a lot of legitimate traffic. In 2010 I was in Iran and back then it was possible to evade all censorship by creating a socks5 proxy over ssh to my server in my home country. I needed to update my linkedin profile, which was blocked.
Simple solution : change the port to 80 or 443 server side...
i guess ahmadinejad will mud wrestle gore for the title of "inventor of the internet"?