Full Disclosure mailing list archives

Re: Gmail and China's GFW

From: Cal Leeming <cal () foxwhisper co uk>
Date: Mon, 21 Mar 2011 22:20:02 +0000

Agreed ;p

On Mon, Mar 21, 2011 at 10:19 PM, bk <chort0 () gmail com> wrote:


On Mar 21, 2011, at 1:43 PM, Cal Leeming wrote:



On Mon, Mar 21, 2011 at 8:39 PM, bk <chort0 () gmail com> wrote:


On Mar 21, 2011, at 10:52 AM, Alien Chatter wrote:

$ sudo iptables -I INPUT -m string --algo bm --hex-string

'|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|'

-j DROP

Try it, you will get a connection timeout:

$ curl --connect-timeout 60 https://mail.google.com/
curl: (28) SSL connection timeout

The same applies for Twitter, Facebook... Much more efficient than
DNS/IP blocking!


Because searching for a bytestring in payload generates so much less load
than just overriding a DNS result at the recursive server (that users are
forced to issue queries to) or a simply drop SYNs based on IP header value
that routers/firewalls are optimized for...

I think you forgot your coffee this morning.  It's not just for aliens you
know.

--
chort

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


I think what he meant by efficient, was that if their sites ever get
re-numbered or more end nodes are added (which may or may not be that
often), then this would still catch the connections.

Imho, I think it'd be better to just have a script checking for it, but
nether the less, it's a cute approach (albeit, probably not usable in a
production environment).


It's "efficient" in that humans get to be lazy.  It's not efficient as far
as hardware resource utilization.

--
chort

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Gmail and China's GFW Alien Chatter (Mar 21)
- Re: Gmail and China's GFW bk (Mar 21)
  - Re: Gmail and China's GFW Cal Leeming (Mar 22)
    - Re: Gmail and China's GFW bk (Mar 21)
    - Re: Gmail and China's GFW Cal Leeming (Mar 22)
- Re: Gmail and China's GFW Valdis . Kletnieks (Mar 21)
- Re: Gmail and China's GFW nix (Mar 21)
  - Re: Gmail and China's GFW nix (Mar 21)
    - Re: Gmail and China's GFW bk (Mar 21)
- Re: Gmail and China's GFW Cal Leeming (Mar 22)