[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Gmail and China's GFW



On Mar 21, 2011, at 1:43 PM, Cal Leeming wrote:

> 
> 
> On Mon, Mar 21, 2011 at 8:39 PM, bk <chort0@xxxxxxxxx> wrote:
> 
> On Mar 21, 2011, at 10:52 AM, Alien Chatter wrote:
> 
> > $ sudo iptables -I INPUT -m string --algo bm --hex-string
> > '|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|'
> > -j DROP
> >
> > Try it, you will get a connection timeout:
> >
> > $ curl --connect-timeout 60 https://mail.google.com/
> > curl: (28) SSL connection timeout
> >
> > The same applies for Twitter, Facebook... Much more efficient than
> > DNS/IP blocking!
> >
> 
> Because searching for a bytestring in payload generates so much less load 
> than just overriding a DNS result at the recursive server (that users are 
> forced to issue queries to) or a simply drop SYNs based on IP header value 
> that routers/firewalls are optimized for...
> 
> I think you forgot your coffee this morning.  It's not just for aliens you 
> know.
> 
> --
> chort
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> I think what he meant by efficient, was that if their sites ever get 
> re-numbered or more end nodes are added (which may or may not be that often), 
> then this would still catch the connections.
> 
> Imho, I think it'd be better to just have a script checking for it, but 
> nether the less, it's a cute approach (albeit, probably not usable in a 
> production environment).

It's "efficient" in that humans get to be lazy.  It's not efficient as far as 
hardware resource utilization.

--
chort


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/