Alert of filtered website

[Saad]

albate bazi siteha too iran tori filter mishan ke payame filter namayesh dade namishe va site ham baz namishe. alan facebook.com ham intori shode. vaghti in site ro dar browserhaye mokhtalef say mikonam baz konam bad az hodoode 30 sanie talash bar baz kardan in payam ro midan:
IE: Internet Explorer cannot display the webpage
Firefox: Unable to connect
Chrome: This webpage is not available

-- translation -- op posted in phonetic ---

of course some sites in Iran get filtered in such a way that there is no notice given and the site still opens. right now facebook.com has become like this. when you put this site in the various browsers and try it, after about 30 seconds of trying it gives the following errors:
IE: Internet Explorer cannot display the webpage
Firefox: Unable to connect
Chrome: This webpage is not available

[GµårÐïåñ]

Ok, your trace route seems pretty consistent with the way the internet is routed from your location. Your ip is off ITC, unfortunately under government control, so probably filtering your connection through proxy which comes after it. You are being taken into an IANA reserved private range IP which suggests a filtering proxy of some kind. After that proxy it gets routed to another ITC server in Fars, Khorasan and then goes through several internal switch hops belonging to the telecom service, SHERKAT MOKHABERAT OSTAN FARS, probably for traffic analysis. Finally you get out through an ISP hop through Russia and you are immediately connected to facebook internal nodes and ultimately the site. You are seeing and being hit with the filter at your initiation point. I suggest you find a good proxy and then try going to the site using that and see if you can bypass the message, that would pretty much prove the point in one shot. This was for those following the topic, now comes the translation.

به نظر میاد که همانطوری که فکر میکردم دولت داره هدف شما را پاکسازی می‌کنه، اولین‌ای پی‌ مال‌ای اس‌ پی‌ هست، بعد از اون میره به یک کامپیوتر شخصی‌ و بعد از آان به‌ای اس‌ پی‌ در خراسان میره و بعد از آان به چند دستگاه دولتی که مال شرکت مخابرات است میره و بعد از آن به راه‌ای اس‌ پی‌ روسیه بیروم میره و به فیس‌بوک میرسه، این دستگاه شخصی‌ وسعت اشکال شما هست، سعی‌ کن که به استفاده یک پرکسی برو و ببین آیا درست می‌شه یا نه‌، اگر کمک لازم داری که یک پرکسی پیدا کنی‌ به من بگو

[Saad]

bebakhshid, ta chand rooz bad az poste akharam oomadam inja pasokhi nabood vase hamin dige inja sar nazadam.
manzooretoon ine ke ye proxy paida konam bedam moroorgar ta bebinam facebook.com baz mishe ya na, doroste?
yeki do mahe ke interneti ke estefade mikonam ya aslan site baz namikone, ya site baz mishe amma sor@ fogholade konde, va bazi vaghtha sor@ khoobe.
har vaght sor@ khoob bood proxy paida mikonam va test mikonam.

--translation - op posted in phonetic --

sorry till a few days ago I came and checked and there was no reply, so I didn't check back again till now.
so you mean find a proxy to put between myself and facebook.com to fix it, right?
its been 1 to 2 months that the internet I use does not open the site at all, or the site opens but very slow speed, when the speed improves I will try to play with the proxy option and see what happens.

(translation adjusted for cultural and semantic grammar)

[Tom T.]

Interesting, that should not happen as the site supports unicode text, so I am guessing some kind of misinterpretation. Giorgio any idea why he can't post his replies in Farsi so I an bridge the language barrier for him?

Because as an anti-spam measure, Cyrillic alphabet was set to trigger spam filter a long time ago. Russian Federation and Ukraine are notorious for spam.

I imagine that Giorgio logically extended this to all non-Latinic alphabets, on the same grounds. One reason being that the rest of us can't tell whether the post is a legitimate post, spam, a message coordinating criminal plans, etc. (in *any* language -- not directed at any one language, country, or region. Would be just as true of Chinese, Korean, Arabic, Hebrew, whatever.)

Also, one purpose of the forum is to build a knowledge base that future users can search. Using one language facilitates that, as English, in its various dialects, has the greatest degree of Internet penetration, and online dictionaries are readily available for those who don't speak it.

I commend your engaging the OP in his native language for better communication, but as both a courtesy and an educational tool, could you please provide full translations, not only of your posts, but of OP's posts, both those in Farsi and those in Anglicized/Latinic form?

On the tech issue, the ping times of 2.5 seconds really look like there's a lot going on behind the scenes -- redirecting, proxying, filtering, etc. I consider those a red flag. Even when I had dial-up @ 56k, 0.5 seconds was typical, and complex web pages using Java applets took almost one second at times -- much to the disgust of the other poker players. 2.5 seconds seems excessive, and a possible clue to the issue?

[Saad]

i tested proxy (109.198.64.227:6588 & 174.137.152.60:8080). facebook.com opens. but other filtered websites not open and show filter message.
filter message not complete show. just loads the page title. after one minute loads this message: "No route to host"

[GµårÐïåñ]

Also, one purpose of the forum is to build a knowledge base that future users can search. Using one language facilitates that, as English, in its various dialects, has the greatest degree of Internet penetration, and online dictionaries are readily available for those who don't speak it.

I commend your engaging the OP in his native language for better communication, but as both a courtesy and an educational tool, could you please provide full translations, not only of your posts, but of OP's posts, both those in Farsi and those in Anglicized/Latinic form?

Sorry, I translated my own posts to him but forgot to translate his phonetic posts for everyone, I just did them.

[GµårÐïåñ]

i tested proxy (109.198.64.227:6588 & 174.137.152.60:8080). facebook.com opens. but other filtered websites not open and show filter message.
filter message not complete show. just loads the page title. after one minute loads this message: "No route to host"

It seems that your connection even to the proxy is being filtered which means that they hook into your traffic is closer to the node, that means that using a traditional proxy, you might still face this issue. Have you tried a proxy that is not web-based but actually a sock-4/5 proxy that you can configure your system to use so that way you will bypass the net filter hopefully?

این پراکسی را از طریق برازر رفتی‌ یا اینکه به وسیله سیستم زیر پراکسی در کنترل پانل زیر اینترنت اپشن؟ برای اینکه از برازر ممکن هست که هنوز بتونن راهتو بگیرن ولی‌ از سیستم نباید بتونن، سعی‌ کن و به من بگو

[Tom T.]

If you'll pardon my asking, unless OP has his own direct Internet connection without requiring an ISP, which seems highly unlikely, then if for the sake of argument, the Government controls the ISPs, then it seems that there is no way to insert a proxy between OP and his ISP - which then could filter as it pleases, or is mandated to do so.

He would have to connect directly to an ISP in a jurisdiction that doesn't exercise such control, presumably by satellite. All cables, DSL and dial-up lines, etc., would likely be controlled by his native authorities.

For the record, I heartily support OP's desire to access the freedom of speech, discussion, and ideas which the Internet can offer, and which may facilitate global communication and understanding.

[GµårÐïåñ]

Well I am hoping, and its more likely from my checking around, that they are using traffic analysis and filtering the web connections based on target based algorithms, so that means that his connection to the ISP per se is not filtered, but his behavior or access is. So if he can bypass that web filter by connecting directly to a proxy server that will NOT filter his traffic, then he should be fine, we hope. See where I am going with this?

[Tom T.]

Well I am hoping, and its more likely from my checking around, that they are using traffic analysis and filtering the web connections based on target based algorithms, so that means that his connection to the ISP per se is not filtered, but his behavior or access is. So if he can bypass that web filter by connecting directly to a proxy server that will NOT filter his traffic, then he should be fine, we hope. See where I am going with this?

Yes, but how does he get to the proxy server without either an ISP or a satellite connection to an ISP in another jurisdiction?

He still has to use a modem, and then either a cable or phone line, just for the packets to leave his home or whatever, right? And those cables and phone lines are controlled by ... ?

One would think that an entity that wants to control its population's web surfing wouldn't allow it to be compromised quite so easily.
Aren't these ongoing issues in Tibet/People's Republic of China?

[GµårÐïåñ]

Oh I thought it was clear, when he doesn't go through "WEB" traffic via his ISP which causes him to get redirected and filtered, he will be connecting directly from his ISP to the proxy server using sock which means that its a direct connection from his ISP to THAT proxy server, unless blacklisted on its own, his traffic is only monitored up to that point, after that, he is not within their pervue and therefore home free, no pun intended.

His ISP per se is not the issue, its the "destinations" they monitor, so as long as he gets a proxy that is not on their s### list, then he will be fine and can get around it. I know MANY who do the exact same thing. As long as they don't go around advertising it, then its harder and takes longer for the proxies to get blocked. We provide global network of proxies that rotate fast enough to make it hard for them to keep up with it but you need to know someone in the underground community to help you get those rolling ghost servers.

Edit: Oh forgot to add, that in many cases, the ghost servers are further obscured by being part of the Tor chain for example, among others, giving them even more security through obscurity, needle in a hay stack kind of protection. They can't block EVERY IP, so they will have to pick and choose or just cripple their own internet backbone, so the compromise line is where you get them. Same with those in China, how do you think they get around it? And their restrictions are even tougher than Iran.

[Tom T.]

... he will be connecting directly from his ISP to the proxy server using sock which means that its a direct connection from his ISP to THAT proxy server,

I figured that at the moment his request hit the ISP, they did deep packet inspection -- which has been a controversial issue even in the US.

unless blacklisted on its own,

I assumed that in such an environment, all proxies would be considered suspicious, as would anyone using one.

As long as they don't go around advertising it, then its harder and takes longer for the proxies to get blocked. We provide global network of proxies that rotate fast enough to make it hard for them to keep up with it but you need to know someone in the underground community to help you get those rolling ghost servers.

Ahhh....

... that in many cases, the ghost servers are further obscured by being part of the Tor chain for example, among others, giving them even more security through obscurity, needle in a hay stack kind of protection. They can't block EVERY IP, so they will have to pick and choose or just cripple their own internet backbone, so the compromise line is where you get them.

Ahhh,^2.

Same with those in China, how do you think they get around it? And their restrictions are even tougher than Iran.

I did wonder, but the problem is: Aren't the penalties for being caught doing such a thing rather harsh -- in all such regimes?

My full moral support to those who labor to bring freedom of speech, press, and Internet to those who don't have it.

And at least the US Congress has dropped SOPA and PIPA ... for a while.

[GµårÐïåñ]

I figured that at the moment his request hit the ISP, they did deep packet inspection -- which has been a controversial issue even in the US.

You would be absolutely correct, exactly what happens (or at least can happen) but unless the address being connected to is not considered "obviously" something that "contradicts" them, then they will not see it. There is no human sitting there watching every connection, so the detection rules can be beaten as with any algorithm, specially one that is behavior based, like say SPAM. We can hope that the proxy he chooses (which I through PM just discussed with him not 10 minutes ago) then he will have some freedom for a while until if/when they catch it and block it. Some freedom that you have to work to get is better than having NONE at all I guess.

I assumed that in such an environment, all proxies would be considered suspicious, as would anyone using one.

Correct assumption, but I refer you to my comment above and also the fact that the obscurity by overwhelming confusion is the key to beating the detection algorithms. Key to beating the "filter" is to not have a domain that is obviously named with terms identifying it as a proxy and using servers that ideally IP only with no real recursive DNS entries. Or at least misleading entries that makes them look benign.

Ahhh....

I think you got where I was going with that, so I will just leave it at that. I figured you know what I mean.

Ahhh,^2.

You are seeing it now, its basically guerrilla warfare on the technical level

I did wonder, but the problem is: Aren't the penalties for being caught doing such a thing rather harsh -- in all such regimes?

Quite harsh for the most part but at least under the ISLAMIC law, they have to show they conducted "obscene" or "anti-government" activity to face any REAL smackdown, otherwise, its more of a slap and a fine situation. At least in IRAN, in CHINA, I have heard they can end up getting the firing squad for some instances but I think they have to consider it extreme political opposition even then.

My full moral support to those who labor to bring freedom of speech, press, and Internet to those who don't have it.

I figure, if being a hacker is good for anything, it has to be now. I can't remember who said it, I will rely on your wealth of knowledge to provide the citation, but basically for evil to triumph, it takes good men doing nothing (heavily paraphrased of course). So we do what we can, not for ideology or theology, but just for sake of being human. Not saying the "opposition" is any better or any more right, but at least they should have a voice, make it a level playing field and let the lesser of the evils win. When one side has no voice, then you have no idea if they are for good or evil, so even if you are in the right for suppressing them, you are in the wrong for doing it without transparency.

And at least the US Congress has dropped SOPA and PIPA ... for a while.

Hell, our own government and large companies do this to us on a daily basis, but at least as you said for the time being, they have toned it down a bit and just relying on the standard ECHELON to do their snooping and asking ISPs to turn over their client traffic analysis, not to mention the search engines and so on. The amount of data gathered on the people and every moves tracked is no less invasive and suppression, they just don't do it blatantly. I mean free speech is a great "concept" but in practice it doesn't exist and has been mitigated by "chill speech" and fear of being labeled, so basically censorship without outright doing it.

[Saad]

i tested proxy (109.198.64.227:6588 & 174.137.152.60:8080). facebook.com opens. but other filtered websites not open and show filter message.
filter message not complete show. just loads the page title. after one minute loads this message: "No route to host"

It seems that your connection even to the proxy is being filtered which means that they hook into your traffic is closer to the node, that means that using a traditional proxy, you might still face this issue. Have you tried a proxy that is not web-based but actually a sock-4/5 proxy that you can configure your system to use so that way you will bypass the net filter hopefully?

i tested a Sock 5 Proxy. facebook.com not opens, and for other filtered websites loads filter message. Proxy can't open filtered websites. unfiltered websites opens.

[GµårÐïåñ]

i tested a Sock 5 Proxy. facebook.com not opens, and for other filtered websites loads filter message. Proxy can't open filtered websites. unfiltered websites opens.

Interesting, that means they likely have that proxy on the list. Ok, here it goes, I will send you the workaround through PM as to preserve its integrity and you can try it. @TOM, I will include you just so you know how it is done.