Why Nostr? What is Njump?
2024-12-31 23:39:00
in reply to

k. on Nostr: report: ...

report:
quoting
i was reading a report about irgfw and here is the summarized version from me:

1. dns status: they are using graylisting for banning dns servers. clients can send messages but servers are unable to send the responses since irgfw drops them. between all available options for dns resolving dns over quic seems to be the only working protocol.

> my note: afaik sometimes udp or quic packets will be dropped by isps even in other countries. im not sure how much is this accurate. but if we consider this to be true, then doq won't help always.

2. udp status: they keep an ephemeral state on their system for each combination of port+ip in udp packets and they make a pseudo session to detect handshake patterns for different protocols. also it seems irgfw can learn new patterns as well. protocols such as wireguard are blocked using the same approach.

3. ip status: they have 3 lists, white list, gray list and black list. for an ip to be white it needs to be not used for vpn and proxies for at least 3 months or more. other ips are gray listed by default and they always process and analyze gray list ips traffic. one a graylisted ip detected as a vpn server or anything that needs to be blocked, they will move it to black ips. different isps have different rules for black ips such as randomly dropping packets, dropping tls handshakes to interrupt safe connections and more.

ipv6: its less censored and some mobile operators support it and that seems its more free than ipv4 for now. but irgfw base rules like white, black and gray listings still work there.

4. dpi: they were using active probe model and after that they started using passive probe model which is more efficient for them.

based on current checks last month they stopped complex checks and filters after about 2 years. but this probably means they are getting ready for next time if something important happened on the country to make the network censored again and put it under higher rate of checks.

original report: http://irgfw.report/projects/project1

> note: i wrote this randomly at night on my mobile. so please don't consider typos and...
Author Public Key
npub1h49w8en79xty6j2pwgnpm3znjhyf767jua6xgt3kvyn3w80ms86s2z9kay