Beating the Mullahs' Block
Iranian ws:
Oct 20, 2005
"How Iran's surfers find their way to restricted or censored Iranian sites."
'Truth', they say, is the first casualty of war. In international conflicts, winning the propaganda war has become as important as achieving the military goals.
While it is easier to exercise some control over the flow of information through conventional media, the Internet is a different kettle of fish.
In fact, it was meant to be that way. The tangled mess called the Internet is a legacy of the cold war era. It was built in such a way that even if one part of the system fails or is destroyed, the information would flow around it. There are always multiple routes to a destination.
So even though the Internet can be and is filtered at different levels, by different people, its inherent architecture enables people to bypass these blocks.
Picking the lock
So how can you get access to restricted information? The best way to learn how to pick a lock is to understand how the lock works. On the Internet, the lock is usually on the humble browser. A good indication that a door has been slammed in your face is when your browser displays the message "DNS error" or "access denied".
The simplest form of blocking is by filtering the address or URL (example: http://www.iranian.ws/). Most service providers have some form of caching device on the edge of their network, before your request is bounced off to the Internet. This device, a special type of computer, stores frequently accessed data (for instance, pages of iranian.ws). ) till it is changed on the original location.
These devices come with access control lists that can say, for instance, "don't serve any user from our network the domain iranian.ws when it is accessed via a browser (or any device that uses the HTTP protocol)". Such a restriction would block iranian.ws and all its sub-domains like news.iranian.ws or iranian.ws/singles.
But it is pretty easy to bypass.
The no-brainer option is to use a service like Anonymizer or Surfola. Both have restricted free versions. These sites hide your location and protect your privacy.
When you enter the address of a Web site, your service provider first determines if it is on the okay list and then fetches the page and gives it to you. Obviously, when it is blocked, this does not happen.
This is where sites like Anonymizer come in. They fetch the blocked site/page from their servers and display it to you. As far as the service provider is concerned you are viewing a page from Anonymizer and not the blocked site.
Another way is to access the blocked Web site using its Internet Protocol (IP) number instead of the URL. For example, let us see how this works with 70.85.53.85. I used Netcraft to find out that the iranian.ws Web server is located at the IP address 70.85.53.85. Now, by typing this number in the address bar of my browser I get to see the Persian Journal homepage even if 70.85.53.85 is on the blocked list.
But this is not foolproof for two reasons:
1) If the blocking is meticulous and mapped to the IP address of the Web server by something called reverse Domain Name Service lookup, the site will remain blocked
2) If the Web site does not have a dedicated IP address and is on a shared hosting set up (one where multiple sites are hosted on the same machine), there is no guarantee that you will be able to access the site you want.
Note: Most service providers state in their Terms of Service that attempts to bypass any restrictions (no matter how legal or illegal the blocking) could lead to termination of the services provided to you.
Anonymous Proxy Servers
So how does one bypass the restrictions if it is fairly comprehensive and blocks even Web sites like Anonymizer? The way out is to use anonymous proxy servers.
A proxy server is, in most cases, a normal computer that hides the identity of computers on its network from the Internet. Which means that only the address of the proxy server is visible to the world and not of those computers that are using it to browse the Internet.
There are two ways to go about this. The first is to use special software like Multiproxy or Surfola Redirector Redirector. These automatically check for new open proxy servers and help your browser use them without much difficulty. The second is to use Web sites like Openproxy or Defcon to manually check for open proxy servers.
While using these servers, it is a safe practice not to transmit confidential data or credit card numbers, as these machines can record all the information that passes through them.
The software-based approach is quite easy. Once you download the software and start it, it checks for available open proxy servers and routes your traffic through them, rendering the filtering on the service provider's end useless.
The manual approach is a bit tedious and it takes a fair bit of trial and error to get a server that is fast and reliable. Sites like Openproxy some times check only whether a proxy server port is open and not whether it allows outside access.
Before you begin using proxy servers, a visit to sites like Curlyfries would be wise. Curlyfries tells you exactly what information your computer is spewing out every time you visit a site. In the image you can see the IP address assigned to my computer. Now check the IP address by doing a WHOIS.
Once you find an open proxy server (the Defcon ones are usually more reliable, even though the demo version lists just a handful of servers), note down the IP address and Port number. The next step is to set up your browser to use proxies.
If you are using Internet Explorer, go to the "Tools" menu. From the drop down, click on "Internet Options" Click the "Connection" tab.
Then click the "LAN Settings" button.
Check the "Use a proxy server" option and enter the IP address and port of the server you noted down from Defcon. Now press "OK" and the process is complete.
Due to the way it has been designed, this method will work with the Internet Explorer browser only if you are connecting via a LAN and not direct dial-up. Dial-up users can try browsers like Opera or Mozilla.
Another visit to Curlyfries is advisable. After setting up my browser to use proxies, a WHOIS on the IP address says that I am surfing from somewhere in Poland. Since the server there is looking up my requests, restrictions placed by my service provider do not come into play.
The downside is that it is quite difficult to find a server that is fast and reliable and most of them do not offer secure channels and services like FTP, making it a bit cumbersome for the average surfer.
Another problem is that hiding your real IP address is considered illegal in many countries. However, using proxy servers is not the same as IP spoofing, where you forge the IP address of your own computer. Internet Relay Chat service providers, too, ban connections from open proxy servers because Internet vandals use this technique to launch attacks of the kind that took down the English version of the Al Jazeera Web site.
Go For Text
If you are willing to forgo the bells and whistles of a normal browser, and read the restricted or censored information as text, sign up for a shell account, available in both paid and free flavours. After that, a text-based browser like Lynx is all you need.
For instance, my favoured provider is Rootshell. The sign ups at Rootshell are manual and it takes a while. You can pay and get instant activation at SDF. Once you have a shell account, use a secure client like Putty to connect to the server. After you log in, type "lynx" followed by the Web site you want to visit.
There is, once again, no guarantee for privacy on such a system as they log each and every command you enter and authorities can examine this information depending on the legal system of the country where the server is physically located.
Also remember that violations of access control can attract penalties depending on where you are. In country like Iran, being caught can have serious repercussions.
So, if you want to tinker around, do so at your own peril.
0 Comments:
Post a Comment
<< Home