I used the same method to see what is the blocking mechanism in Iran. I tried to connect to www.bbc.com which is blocked in Iran.
The DNS injection is obviously in place. But something strange happened when I checked the SNI filtering. The curl command stopped at "TLSv1.2 (OUT), TLS alert, Client hello (1)" and never exited when I tried to connect to www.bbc.com but with a --connect-to that is not blocked. Nothing strange until now. If SNI blocking is in place, they probably drop all the remaining packets of the connection. The strange thing is that when I try the opposite test and I connect to www.kernel.org (not blocked in Iran, too!) but with www.bbc.com SNI it still stops at TLS client hello.
First I thought they blocked the IP address, but I was able to connect to 212.58.244.210 (the IP address of www.bbc.com) on port 443 with telnet command. So, is Iran's regime using some other blocking mechanism that I'm not aware of? Or am I doing some kind of mistake?
The DNS injection is obviously in place. But something strange happened when I checked the SNI filtering. The curl command stopped at "TLSv1.2 (OUT), TLS alert, Client hello (1)" and never exited when I tried to connect to www.bbc.com but with a --connect-to that is not blocked. Nothing strange until now. If SNI blocking is in place, they probably drop all the remaining packets of the connection. The strange thing is that when I try the opposite test and I connect to www.kernel.org (not blocked in Iran, too!) but with www.bbc.com SNI it still stops at TLS client hello.
First I thought they blocked the IP address, but I was able to connect to 212.58.244.210 (the IP address of www.bbc.com) on port 443 with telnet command. So, is Iran's regime using some other blocking mechanism that I'm not aware of? Or am I doing some kind of mistake?