The user-level norm normalizer processes a realistic 100,000-packet trace (88% TCP) at approximately 101,000 pkts/sec (397 Mb/s) with all normalizations enabled on a $1,000 AMD Athlon 1.1 GHz PC, compared to a memory-copy-only baseline of 727,270 pkts/sec; the authors conclude a kernel implementation could sustain a bidirectional 100 Mbps access link with sufficient headroom to weather high-speed small-packet flooding attacks.

An attacker can conduct stealth port scans against a victim without revealing their own IP by exploiting a 'patsy' host whose OS uses a globally incrementing IP Identifier: the attacker observes ID increments of 2 (rather than 1) in the patsy's traffic when the victim sends a RST to the patsy in response to a spoofed SYN, revealing open ports. Choosing a different patsy for each port makes the scan very hard to detect.

§5.1 detection

TCP RSTs are delivered unreliably and different OS stacks apply different validity rules, so a NIDS cannot safely tear down connection state on RST alone; a 'reliable RST' scheme — sending a keep-alive ACK behind every forwarded RST and tearing down state only upon observing a confirming RST from the trusted side — resolves this without violating end-to-end semantics. The cold-start problem (state loss on restart) can be addressed statelessly by stripping payload from unknown-connection packets from untrusted hosts and probing the trusted endpoint with a keep-alive before instantiating state.

§6.1–6.2 defense

Passive NIDS can be evaded via three fundamental classes of ambiguity: incomplete protocol analysis (none of the four commercial systems tested by Ptacek and Newsham in 1998 correctly reassembled IP fragments), divergent end-system behavior (different OS stacks resolve overlapping TCP retransmissions differently), and topology uncertainty (low-TTL packets may not reach the victim end-system, so the NIDS cannot determine which packets are delivered).

§1 detection

A traffic normalizer placed inline ('bump in the wire') can eliminate over 70 IP/TCP packet-level ambiguities before a NIDS inspects traffic — including fragment reassembly, TTL restoration, DF flag clearing, IP option removal, and cryptographic IP ID scrambling — leaving the classifier with an unambiguous byte stream and removing the degrees of freedom an attacker needs to evade detection.

§3, Appendix A defense

During the June 2025 Iran shutdown, circumvention tool performance diverged sharply by transport design. Psiphon's multi-protocol architecture sustained 1.5 million concurrent users—roughly one-third of its normal Iranian base. Lantern's "proxyless" protocol (domain-fronting via CDN, ~40% of Lantern's Iranian traffic) showed moderate success. Tor usage collapsed during the blackout but bridge connections surged and rebounded quickly after lifting. BeePass (serving 500k+ daily users at shutdown onset) used live A/B testing of port/obfuscation-prefix combinations to probe the censors' blocking parameters in real time. The Ceno Browser's P2P network grew from 600 active peers on June 13 to ~8,000 by July 11, indicating that decentralized fallback paths stayed up even during peak blocking.

2025-iran-shutdown-measurement §Tool Performance dpithrottling

The June 2025 Iran shutdown—carried out during the Iran-Israel war beginning ~June 19—did not use BGP route withdrawals as in 2019. Instead, authorities applied service-level restrictions at the national border: DNS poisoning of foreign destinations, protocol whitelisting permitting only pre-approved domestic services, and DPI to block circumvention-tool traffic. Iran's international traffic fell roughly 90% while the country's BGP routes remained advertised, making the shutdown invisible to BGP-based monitoring systems. OONI measurement volume, which totalled 121,333 in June 2025, collapsed to under 200 submissions on June 19-20.

2025-iran-shutdown-measurement Executive Summary / §2 dpidns-poisoningport-blockingip-blocking

During the June 2025 shutdown, Iranian authorities blocked international One-Time Password (OTP) SMS delivery, preventing new sign-ins to foreign secure-messaging platforms and VPN services. This forced users toward government-approved domestic platforms that lack security and privacy protections. The blockade of OTPs effectively weaponized account-recovery flows as a secondary shutdown layer, disproportionately affecting users who needed to activate new circumvention tools during the crisis.

2025-iran-shutdown-measurement §Human Rights Implications port-blockingdpikeyword-filtering

Input blocking in Chinese LLM services (DeepSeek, Qwen, Kimi, Doubao) is overwhelmingly consistent: all four services persistently block the exact same queries across all 5 measurement samples in both Simplified and Traditional Chinese. Output blocking is far less consistent, with only 29 out of 349 output-blocked queries blocked across all 5 samples. Baidu-Chat is exceptional: it performs almost no input blocking but instead relies heavily on post-search and output blocking (78.6% of blocks are output-phase).

2026-ablove-characterizing §VI-B keyword-filteringdpi

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation

The paper identifies a fundamental architectural vulnerability in single-IP circumvention designs: a relay must generate new observable flows (via DNS or TLS SNI) to reach end services after receiving client connections, creating a detectable server-and-client behavioral contrast. A relay accessing user-facing domains (news, social media) scores high on a Relay Suspicion Score (w=0.9) versus infrastructure domains (w=0.1). The paper argues this host-level signal is censorship-invariant and cannot be concealed by link obfuscation.

2026-almutairi-server §2.4, §4 traffic-shapedpisni-blocking