Manual analysis of 700+ unique packet groupings from possibly tampered connections yielded 19 high-confidence tampering signatures — up from 6 in prior work — covering 86.9% of all possibly tampered connections. Post-SYN signatures account for 43.2% of possibly tampered connections (99.5% matching a known signature), post-ACK for 16.1% (98.7%), and post-first-data-packet (PSH+ACK) for 5.3% (97.9%), with 19 signatures described as flag-sequence patterns of the form ⟨X→Y⟩ in Table 1.

Sampling 1-in-10,000 TCP connections at Cloudflare's 285+ PoPs (serving ~17–20% of the Internet's websites, handling 45M HTTP requests/second at average load) over two weeks in January 2023 revealed that 25.7% of all sampled connections were 'possibly tampered.' The passive technique requires no vantage points inside censored networks, covering cellular, enterprise, and low-penetration-country networks that active measurement cannot reach.

§3.2, Abstract evaluation

Post-handshake tampering signatures (⟨SYN;ACK→RST⟩ and ⟨SYN;ACK→RST+ACK⟩) constitute 34.4% of tampered connections from Iranian networks, but over 70% from Sri Lanka networks and over 81% from Turkmenistan networks, suggesting that censors in the latter two countries disproportionately block at the IP/TCP-handshake level before any application-layer content is visible — consistent with IP-list-based blocking rather than SNI-based DPI.

§4.1 detection

Censoring middleboxes predominantly use RST injection rather than in-path packet dropping because injecting forged RST/RST+ACK packets does not require the middlebox to sit in the data path — off-path copies of packets suffice. The GFW specifically injects both RST and RST+ACK packets simultaneously after an offending PSH, a known idiosyncratic signature, while Iran's censor uses post-handshake RST injection (⟨SYN;ACK→RST⟩) and packet drops at the same stage.

§2.1, §4.1 detection

Passive measurement of real user connections demonstrates that published active-measurement test lists (Citizen Lab, Herdict, GreatFire, Berkman Klein, and top-K lists) miss a considerable fraction of domains that are actively being tampered with, as confirmed in §5.5. Because passive measurement is driven by real user requests rather than an a priori domain list, it can discover blocked domains that were never included in any test list and has no dependency on volunteers providing ground truth.

§5.5, §2.2 evaluation

Iran's censorship of refraction-networking proxies (Conjure via Psiphon) is not monolithic: different ISPs independently deploy different techniques and timelines. Over 800 million logged Conjure connections from July 2023–February 2025 across 10+ Iranian ASes show TCI (AS58224, ~33% of traffic) uses packet injection, while MCCI/Hamrah-e Avval (AS197207, ~22%) applies IP-based blocking, and some ASes (Parsonline AS16322, Shatel AS31549) show no proxy blocking at all.

2025-alaraj-iran-refraction §4 rst-injectionip-blockingpacket-injectiondpi

The GFI's HTTP and HTTPS filters are now stateful (requiring initial SYN packet with matching sequence numbers) and have been activated on all TCP ports—not only standard ports 80 and 443 as reported by prior studies. This is a significant departure from previous work that found stateless HTTP/HTTPS blocking limited to standard ports. The HTTP filter injects a 403 Forbidden blockpage (not RST packets as used by the GFW), while HTTPS injects a single RST+ACK packet. The GFI also exhibits TCP non-compliance (not requiring a full three-way handshake to trigger filtering), enabling outside-in measurement without in-country servers.

2025-tai-irblock §2.1, §3.2 dpirst-injectionpacket-injectionmiddlebox-interference

The Great Firewall of China does not inject blockpages — it resets connections via TCP RST injection — making it invisible to blockpage-based detection systems. In contrast, the Iran firewall accounted for 97.1% of disruptions observed in Iranian vantage points, and the Bahrain and Saudi Arabia firewalls caused 71.2% and 80.2% of disruptions respectively, all using application-layer blockpage injection.

2020-raman-measuring §V-A-2 rst-injectiondpipacket-injection

By comparing echo-server (bidirectional) versus discard-server (inbound-only) results across 11 censoring countries, Quack finds that only 4 countries (China, Egypt, Jordan, Turkey) also block inbound traffic; the remaining 7 apply DPI exclusively to outbound data. Direction-sensitive blocking is a confirmed capability of deployed middleboxes.

2018-vandersloot-quack §6.3 dpipacket-injectionrst-injection

Censors in Russia, Iran, and India implement all three measured censorship techniques simultaneously: block pages, RST injection, and TTL anomalies. Iran and Cyprus censoring ASes censor content across many URL categories (including General News, Internet Services, Pornography, Gambling), while most other censoring ASes restrict only a few category types.

2017-cho-churn §4, Table 2 rst-injectionpacket-injectiondpi

Yemen's national ISP (YemenNet) uses explicit blockpages for social and Internet-tools content while applying stealthy techniques — TCP RST injection and unrequited HTTP GETs — specifically for political and conflict content that is constitutionally protected. Censorship also ceases intermittently when the ISP exhausts filtering product licenses.

2015-gill-characterizing §4.2, Fig. 6 rst-injectionpacket-injectiondpi