Search Mailing List Archives
[liberationtech] Fortinet's role in Syrian censorship
kheops at ceops.eu
Mon Apr 23 11:51:39 PDT 2012
It has been a long time now that we have kept receiving reports about
Fortinet devices being present in Syria.
They would be (the) key devices in the censorship of Internet traffic
going out of the country. They would notably be responsible for blocking
particular protocols, such as OpenVPN.
More precisely, there are at least two FortiGate-51B devices which
probably inspect all the country's traffic before it is routed outside
We collected some (publicly available) docs about these, which notably
show their capability of doing Deep Packet Inspection (DPI), through
their mechanism "Intrustion Protection System" (IPS). See:
http://telecomix.ceops.eu/material/fortinet-Syria/ and especially the
IPS Guide, on pages 29-31, which contains explanations on how to block
certain types of IP packets according to their payload's content. They
can indeed also block traffic according to the header's content, and
might be responsible for the blocade of a lot of TCP ports (see
These devices are not designed to cope with a whole country's traffic,
but rather to act at the scale of a company. We believe this explains
why the whole country's traffic has been slowed down: it would be in
order to let the FortiGates do their job.
The technical elements we have are thus coherent with the reports we
got, but we lack stronger evidence of their presence, whether it is
technical evidence or leaked documents. A more formal overview of their
role in the censorship would also be nice.
Does anyone have additional elements/ideas/relevant contacts on this topic?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 554 bytes
Desc: OpenPGP digital signature
More information about the liberationtech