d.o.s. on firewalls

["Hugh Merwin" <hmerwin () earthlink net>]

Hi.  I posted this to the C-punks NYC list Monday night. 
Elyn Wollensky kindly referred me to this list.

I am inquiring about the accuracy of the following idea:
(this is the original message)
"I'm working on a paper about methods of defying all around censorship and
blocked IPs in countries where the Internet is tightly controlled (like
Belarus, Burma, China, North Korea, Sudan, Syria, Tajikistan, Tibet,
Tunisia).  Two major trends:  1) there's always nebulous reports of IP and
URL based blocking, like arrays of firewalls, and laws mandating blocks of
certain pages for local admins., and 2) censorship almost always deals
exclusively with content (political and social), although its broader and
duller edge extends to most in a general lack of connectivity (economic).

I was reading about web bugs today.  If somebody started a chain letter
directed to recipients in one of the aforementioned countries about a
mundane subject like pet's names or aphorisms about marriage, and included
an HTML tag that instructed the email program to retrieve an image file from
one of the blocked sites, the request would be deflected right?  Okay.

What if there were five chain letters, each with a tag corresponding to a
different blocked site?  With a low percentage of forwards, and a low
percentage of total openings of the message, there could still be a
substantial number of requests for the image file.  Combined with the
chances that the forwards, HTML tag included, ("send this to ten people.
tell each of them to send this to ten people..."), will go to recipients
behind the same firewall- this could result in a substantial amount of
failed requests to retrieve the image.  As pyramids are pyramids, this could
be anywhere between 0 and billions of requests over time.

However, given the fact that email usage is more coveted than browsing, and
grows at a much faster rate, I see that this could have some effect. A
massive and unintentional series of requests for this file would definitely
skew statistics, and possibly allow some to "hide in plain sight," as it
were.  I imagine a legitimate, unblocked connection to the site would not
stand out in traffic analysis in the midst of all of this.   Larger
question: Can a firewall be taken out this way?

Much potential abuse in this technique (improving hit stats, etc.)  Could
this be used to increase the flow of information for such places?  It's
notoriously difficult to trace the lineage of a chain letter.  I do believe,
however, if successful, this would likely be treated as an act of aggression
on the part of the blocked sites.  Of course, in my feeble technological
understanding, one really would need their permission.  And the logic of
engineering and the logic of usage are two different things.

I'm just a cook, so I don't really know what would happen in this situation.
Any guesses?"

Further, If permission is not neccessary of the blocked sites administrators
(the chain letter's originator looks for a readily available GIF in the
blocked site's source), then if this was initiated by a third party, nobody
could really be clearly blamed.  I know this is naive.  (for instance, the
Chinese government sentenced the engineer Lin Hai to 2 years in jail in
1999, for merely trading email lists that were used down the line to
distribute Dacankao, a dissident publication)

Further, in an instance where the blocked sites admins are collaborating,
(e.g. a coalition of human rights sites), would it be possible for
themselves not to suffer a dos, if the firewalls were taken down under fire,
because of bottlenecks?

Further, can anyone recommend a good source on this particular aspect of
firewall administration?  This is a massive void for a lot of researchers
and human rights activists.  Movements have proceeded around it with
assumptions.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards