Punching through The Great Firewall of T-Mobile

[Jeffrey Walton <noloader () gmail com>]

> From Steve Bellovin on the Cryptography Mailing List.....

https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile

T-Mobile UK are moving towards a mobile network which works
(technically) in a very similar manner to the Great Firewall of China.
I've been using them for mobile Internet access for over a year now,
and recently received a second SIM card. When using this new SIM card
for Internet access, I've experienced some very odd network traffic.
...

I run my own Linux server, and self-host several services. I use SSL
whenever possible. If I connect to my mail submission service with
immediate encryption on port 465, T-Mobile instantly sends a spoofed
RST TCP packet to both my server and my client in order to
disrupt/disconnect the connection. I ran tcpdump on both ends of the
connection to verify that this was happening. They also do the same
for mail submission port 587. This time, they let you connect, but as
soon as you send a STARTTLS command, the RST packets appear, and the
connection drops. This isn't just for my mail server, I experienced
the same problems using smtp.gmail.com as well.

About six weeks ago, somebody else pointed out the same problem on the
T-Mobile forums....
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.