Iran and the Internet: Uneasy Standoff


Routing Redundancy: How much is enough?

June 22, 2009 Comments (30) Views: 25912 Internet, Security

The Proxy Fight for Iranian Democracy

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInShare on Reddit

If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC.

A proxy server is a simple bit of software that you run on your computer. It effectively lets you share your computer with anonymous strangers as a “repeater” for content that they aren’t allowed to fetch themselves. For example, an Iranian web browser might be manually configured to use your computer (identified by an IP address and a port number) as a Web proxy. When your anonymous friend reads, or posts a tweet, the request goes via your computer, instead of to Twitter’s web server directly. Except for a little delay, and the fact that your friend gets to see what the uncensored Internet looks like from New York or London or São Paolo instead of Tabriz or Qom, surfing through a proxy is pretty much like surfing without one.

As you might imagine, open web proxies are valuable commodities in places where it’s forbidden, possibly dangerous, to surf the Internet. Iran’s opposition movement has been vigorously trading lists of open proxies over the past week. And as you might further imagine, the Iranian government censors have worked overtime to identify these proxies and add them to the daily blacklists.

As an experiment, we geolocated a list of about 2,000 web proxies (unique IP addresses and port numbers) that were shared on Twitter and other web sites over the course of the last week, to see if we could discern patterns in the places that are hosting them. Most of these are no longer reachable from inside Iran, of course, precisely because they were made public. The following map shows the distribution of those proxies worldwide.


The USA and Western Europe were well-represented, but so were China, India, Russia, Romania, Bulgaria, Vietnam, … 87 countries in all, a pretty impressive breadth of representation, considering the relatively small size of this sample. (You can also see about a dozen Iranian IP addresses represented in the set. Not surprisingly, all but one of these belong to networks originated by DCI, the government-run service provider who operates the modern-day Internet equivalent of the Alamūt Castle.)

Here’s a geographic visualization of the proxies, drawn in Google Earth. In the first one, we’ve drawn Iran in green, with some of their domestic network sketched in white, and their major international connections drawn in red. Each of the colored arcs represents a single open web proxy; they are “fountaining” out of a cable landing or Internet traffic exchange point that makes approximate sense for their Iranian Internet routing. For example, all of the web proxies in Europe are drawn from the Marseilles termination of the Sea-Me-We-4 cable. The web proxies in Turkey are drawn in light blue, radiating from Ankara, where the Iran-Turkey gas pipeline passes through on its way from Bazargan. Those unusual Iranian proxies emerge from Tehran, and so forth.


If we rotate the globe, you can see how the countries of Asia are doing their part to keep the bits flowing in Iran. India, China, South Korea, Taiwan, Vietnam, and Japan are all visible sources of web proxy activity.


I’d like to be able to say that these maps are a measure of the strength of the democratic impulse and volunteer spirit in all the countries of the world. But that might be a stretch. You see, looked at another way, an open proxy is a security hole, something you might find in a machine that’s been compromised, or at the very least, badly administered. Security purists think of them as the “unlocked gun cabinet” of the Internet — a resource for anyone who wants to abuse a website, commit fraud, cover their tracks.

Some of the proxies in this dataset are undoubtedly fresh, created by people who want to keep the Internet alive for the Iranian people. But many of these proxies have probably been around for months or years, mapped out by those that map out such things.

We did see a few organizers try to explain the concept of an ACL (Access Control List) to all the new proud parents of open proxies. If you are diligent, it is possible to restrict the anonymous users of your new proxy to just the Iranians, or even just the Iranian non-government networks, if you have a good enough list of the IP address blocks (network prefixes) in question. But I expect that the complexity of configuring anything tighter than an “open access” proxy is going to prove too high a barrier to entry for most people who might volunteer to run one.

For one thing, we know how hard this is. Renesys has pretty good lists of per-country networks and their transit patterns, based on our analysis of the global routing tables, and trust me, they take some work to maintain. And even given good maps of Iran’s address space to work from, ACLs are notoriously hard to test, if you don’t have Iranian friends who can try your server from inside the protest zone and report back to you with problems. Most people aren’t going to bother, and that’s probably okay. Freedom is messy. There’ll be time for security later.


Perhaps the strangest thing of all, given how diverse and active and vocal the proxy server farmers have been, is that by and large, it isn’t working. The rate with which new proxies are being created has slumped over the last few days. It’s getting harder and harder to propagate new proxies to the people who need them, as the government consolidates its hold on the filtering mechanisms. Any new proxy addresses that are posted to Twitter, or emailed, will be blocked very quickly.

People we talk to inside Iran say that almost no proxies are usable any more. Freegate, a Chinese anti-censorship application that makes use of networks of open proxies, has proven popular in Iran. But this week, it, too, has been experiencing problems. Many popular applications, like Yahoo! Messenger, have stopped working. The authorities are said to be using power interruptions as a cyberweapon, causing brief outages during rallies that cause computers to reboot, just as people are trying to upload images and video. The net result, as Arbor’s excellent analysis shows, has been a drastic reduction in inbound traffic on filtered ports since the election.

If there’s a lesson here for the rest of the world, perhaps it’s this: Install a few proxy instances on machines you control. Learn how to lock them down properly. Swap them with your friends overseas who live in places where the Internet is fragile. Set up your tunnels and test them. And don’t wait until the tanks are in the streets to figure this out, because by that point, you may have already lost the proxy war.

Tags: , ,

Learn More About Dyn Internet IntelligenceLearn More

Not sure how your network is affected by events? Check out the tool our research team uses!

30 Responses to The Proxy Fight for Iranian Democracy

  1. I’m curious, how many of these proxies are AWS instances (174.129.*.*)?
    {Three, all out of equinix ashburn. –jim }

  2. Network analysts Renesys

    Network analysts Renesys

  3. Glenn Rempe says:

    This analysis seems to focus on traditional open web proxies. It would be interesting to understand the usage and rate of growth change for the Tor (The Onion Router) network which provides secure anonymous proxy services. I added a Tor Relay yesterday, and I’m sure I’m not alone. You could track and geocode the number of nodes in the Tor network, and the exit points available.

  4. Nart says:

    Quick question: When you say “no longer reachable from inside Iran” did you manage to test them from inside Iran? How many of the 2000 are still accessible from Iran, how many are still accessible to anyone? I’m wondering how many are no longer reachable just because they are random open proxies and how many are no longer reachable because the Iranian authorities blocked them?
    {Excellent question, Nart. We were told that most have been closed, but we were unable to independently verify that. Perhaps we need volunteers inside Iran to run open proxies, so that we can use them to test whether Iran can still see these open proxies! It gets a bit recursive. –jim}

  5. Arrash says:

    I’m an Iranian, lucky me

  6. anon8mizer says:

    I created a proxy. I noticed that very few connections came in from Iran. Most have been from China.

  7. Jim, could we develop a tool to automatically test whether a proxy (or website) is being blocked? Time to find volunteer servers in Iran, perhaps?

  8. @anon8mizer — Chinese spammers seem to be having a good time with all these proxies. I accidentally left mine open and notice most the hits were Chinese ips towards advertising sites.

  9. mehdi says:

    plz send me new proxy every day

  10. Alireza says:

    I found this website while I was searching for an anti filter (I mean in Iran), so I’m very happy to be a volunteer to test these proxies, but how can I get these proxies?

  11. Alireza says:

    I’m from Iran, can I have your proxy?

  12. saman says:

    i need an anti-filter.

  13. iman says:

    pay attention … gmail isn’t filtered yet 😀

  14. terra says:

    ive been running tor for a week, as a relay. id like the just be able to help those who need it, but as i check my logs from a packet app, i see in the past few days almost 1000 hits that lead to serious pedo photo sharing sites. so this sets up an issue for me, can i easily limit use of tor, and if not, does this mean theres now 1000 records of my personal ip on all these ped sites? any advice is appreciated…

  15. adel says:

    i need to Free Proxy Sites!

  16. pari says:

    i’m really sorry for my self and also for other iranian young people!there is abig qestion before asking any question! where is our freedom whit this governments?????!!!!!!!!!!!!!! i need a proxy too!

  17. someone says:

    The use of
    Can be used in a practical way I think!

  18. orion says:

    Please be careful replying to people asking here for proxy info. The safest thing to do is work with others, configure your proxy correctly, allowing only Iranian IPs. has been set up to support the underground effort. PLEASE do not post proxy info in public. You should submit your proxies to the addresses listed on the web site, and then they make their way in-country, as secure as people can make it.
    There is also an ACL based tor network being set up. has info on that also.

  19. there are tools in checking whether you’re being block or not but why bother there are a lot of proxy sites out there if there’s a time that you can’t login to website just try using a proxy site if it still doesn’t work then there must be a deeper problem than block

  20. hamid111 says:

    i need a new anti filter

  21. arash says:

    send me proxy

  22. psalm34one says:

    Great info! That is why there is #irantech. The Iranian govmt. even tried to break through that as well and take it down:-)

  23. parsa says:

    plz send me new proxy every day

  24. 김용호의 생각

    sookyung님 here’s an idea: have yr friend consider supporting her ppl in Xinjiang by providing open proxies HT Mlsif님

  25. qwerty says: free proxy #iranelection

  26. behrang says:

    I am iranian and becauase in our country we donot have any access to some websitesbecause of filtering by government, so I would be grateful If you can send me some anticensorship and proxy websites to use them for visiting websites

  27. John (not really) says: 8080 high anonymity Norway 2009-08-04

  28. John (not really) says:

    Check this out. You can download that, link is at the bottom. It´s a proxy finder tool. Proxy Finder is the fastest fresh proxy list leech tool.Automatically search & leech proxies servers from internet, which offers often updated HTTP proxy list. In 2 minutes, it will get 10000+ fresh proxy servers.
    Intelligent and Automatic – It just connects to hundreds of internet forums and web sites that publish free public proxy lists daily, then picks up proxies automatically.
    Search Very Fast – Just in 2 minutes, it will give you 10000+ public HTTP proxies. No any duplicate.
    Fresh – All the fresh proxy lists that be updated very often, most be updated every day even every minute.
    Easy – Very easy to use. Just need to click one “Find” button.
    Filter – Automatically remove gov, military & planetlab IP.
    Random Order – All the proxies addresses will be displayed in random order.
    Download link

  29. John (not really) says:

    Check out this very informative link for what you want.
    Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *