MCCI (AS197207) blocks proxy IPs proportionally to observed connection volume: the more connections a phantom IP receives, the faster it gets blocked. A controlled experiment with a fresh /27 IPv4 subnet divided into 7 /30 sub-ranges with increasing weights confirmed that higher-weighted subnets were blocked first, demonstrating that the censor infers proxy IP reputation from traffic rate rather than from a static blocklist.

An internet-wide scan of 500k IP addresses from an in-country VPS vantage point found TCP establishment-interception injections on 43,479 addresses (8.7% of scanned), with over 70% concentrated in two Akamai ASes (AS16625 and AS20940). The injection pattern — triggered by the first packet sent to these addresses — is consistent with targeted blocking of domain-fronting proxies hosted on Akamai CDN.

§4.1.2 detection

Iran's censorship of refraction-networking proxies (Conjure via Psiphon) is not monolithic: different ISPs independently deploy different techniques and timelines. Over 800 million logged Conjure connections from July 2023–February 2025 across 10+ Iranian ASes show TCI (AS58224, ~33% of traffic) uses packet injection, while MCCI/Hamrah-e Avval (AS197207, ~22%) applies IP-based blocking, and some ASes (Parsonline AS16322, Shatel AS31549) show no proxy blocking at all.

§4 detection

Two Iranian ASes apply a protocol allowlist that drops traffic not matching known application-layer protocol patterns (after ~6 packets), independently of the destination IP. Experiments with fresh /26 phantom subnets showed that prefixing Conjure connections with a plain HTTP GET payload evaded this blocking for four weeks, while TLS Client Hello-prefixed and SSH-prefixed connections were blocked within 72 hours (TLS) or 72 hours after port rotation (SSH). HTTP GET on port 80 was the only tested prefix that survived the full experiment window.

§4.4, §5 detection

The report documents IMSI-catcher and mobile-network interception deployments in Pakistan that complement fixed-line DPI infrastructure. Mobile broadband users (dominant internet access mode in Pakistan) face surveillance at both the carrier level and via OTT platform coercion, with major platforms (YouTube, Twitter/X, TikTok) receiving and complying with blocking and content takedown orders from PTA, reducing the scope of accessible content even for users not running circumvention tools.

2025-amnesty-pakistan-shadows §6 traffic-shapeip-blocking

Amnesty International's 102-page investigation identifies a multi-vendor surveillance stack deployed in Pakistan: Chinese DPI (Geedge/MESA-derived), Canadian social-media monitoring (Netsweeper), and Emirati commercial spyware (Pegasus and FinFisher). The system enables deep packet inspection, SNI-based filtering, and traffic-shape classification at national scale, including targeted interception of encrypted messaging apps and VPN traffic.

2025-amnesty-pakistan-shadows §3, §5 dpisni-blockingip-blockingtraffic-shapeml-classifier

InterSecLab's 76-page analysis of the Geedge/MESA leak (based on nine months of indexing and translating >100,000 documents) characterizes the Tiangou Secure Gateway (TSG) product line as a commercially deployable detection stack that combines deep packet inspection, real-time mobile subscriber monitoring, active probing, ML-based traffic classifiers, and granular per-region rule sets. TSG is not a research prototype — leaked documentation includes deployment timelines and client government interactions for Kazakhstan, Ethiopia, Pakistan, Myanmar, and one unnamed country, with censorship rules explicitly tailored to each region.

2025-interseclab-internet-coup §3–§5 (InterSecLab report) dpiactive-probingml-classifiersni-blockingip-blockingtraffic-shapefully-encrypted-detect

Justice for Myanmar documents that Geedge Networks supplied Myanmar's military junta with GFW-derived surveillance and censorship infrastructure under Belt and Road frameworks following the February 2021 coup. The deployed system (Tiangou Secure Gateway / TSG) incorporates the same DPI, active-probing, and ML-classifier capabilities as the domestic Chinese GFW, giving Myanmar one of the most technically capable censorship systems in Southeast Asia.

2025-jfm-silk-road-surveillance §3, §5 dpisni-blockingip-blockingtraffic-shapeml-classifieractive-probing

The report documents that Myanmar's military has used its TSG-based infrastructure to execute targeted throttling and selective shutdowns of specific services and platforms, not only blanket internet shutdowns. This includes selective disruption of VPNs and circumvention tools during periods of civil unrest, demonstrating that Myanmar's censors have operationalized the granular per-service traffic control capabilities documented in the Geedge/MESA leak.

2025-jfm-silk-road-surveillance §5 throttlingip-blockingtraffic-shape

Chinese browsers transmit GPS coordinates alongside persistent user IDs (IMEI, GAID, CUID) and client IPs to vendor servers with poor transport security; an attacker with access to this stream can trivially detect VPN use without any DPI—GPS coordinates placing a user inside China combined with a non-Chinese client IP is an unambiguous VPN-use signal. This correlation attack succeeds against VPNs with perfect traffic obfuscation because the detection side-channel is entirely outside the encrypted tunnel.

2025-rodriguez-revisiting §5, §6 ip-blockingtraffic-shape