An analysis of the network traffic in and out of Iran over the last few days during the turmoil surrounding the election is offering a clearer picture of how the manipulation of Internet traffic within the country is affecting access to certain kinds of online content.
The analysis, by Arbor Networks, is based on security, traffic and routing data gathered by over 100 of Internet service provider (ISP) customers in 17 countries. What it shows is that in the one week or so since the contentious elections, Web and video traffic and most forms of interactive communications have been severely impacted inside Iran.
Web traffic to and from Iran has dropped by 50%, suggesting that Internet administrators are blocking those within the country from accessing a large number of Web sites, said Craig Labovitz, chief scientist at Arbor.
While it's not possible to know which sites or the number of sites that are being blocked, such a drop in traffic usually means that sites are being blocked, he said. Even so, the drop-off in Web traffic is relatively low compared with other kinds of traffic.
Traffic using the secure shell (SSH) protocol for instance, has fallen off by nearly 85%, while video and Bittorrent traffic has also declined by more than 80% when compared with immediately before the elections. Webcam traffic is down nearly 70%, and e-mail is down 50%.
The numbers strongly suggest that instead of simply pulling the plug on the Internet, Iranian authorities are choosing to selectively block certain kinds of applications, Labovitz said. "The truth is Iran has very centralized control of the Internet. They could very easily turn off everything," he said.
They probably have not chosen to do that because such a move could impact commerce, Labovitz said. While other countries such as Burma in 2007, "completely unplugged the country during political unrest, Iran has taken a decidedly different tact," he said.
A macro-level analysis by Arbor of Internet traffic touching Iran shows how the state-owned Data Communication Company of Iran (DCI), which acts as the country's Internet gateway, severed most its Internet connections for a brief period of time on June 13th.
The move resulted in Iran literally dropping off the Internet for some time with all six of the upstream ISPs connecting Iran to the rest of the world "reporting a complete loss in traffic," Labovitz said in a blog post yesterday.
That move was probably an attempt by Iranian authorities to further centralize and consolidate traffic flows in and out of the country in an attempt to exercise better control over it, he said.
James Cowie, chief technology officer at Internet monitoring firm Renesys Corp., which has also been analyzing network flows to Iran, said that all Internet routes into Iran have basically remained open so far, except for the brief outage on June 13.
Even that outage was fairly short-lived, with most of those impacted being redirected into Iran overland via Turkey instead of the usual undersea routes into the country, Cowie said.
He too was surprised that the Iran hasn't simply pulled the plug on the Internet. "Their Internet is so centralized it would be the work of two or three people to turn it off," and in a very short time, he said.
All it would require literally is for someone to disconnect the two fiber cables connecting Iran to the Internet, he said.