|
Full Disclosure
mailing list archives
Re: Gmail and China's GFW
From: bk <chort0 () gmail com>
Date: Mon, 21 Mar 2011 15:19:10 -0700
On Mar 21, 2011, at 1:43 PM, Cal Leeming wrote:
On Mon, Mar 21, 2011 at 8:39 PM, bk <chort0 () gmail com> wrote:
On Mar 21, 2011, at 10:52 AM, Alien Chatter wrote:
$ sudo iptables -I INPUT -m string --algo bm --hex-string
'|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|'
-j DROP
Try it, you will get a connection timeout:
$ curl --connect-timeout 60 https://mail.google.com/
curl: (28) SSL connection timeout
The same applies for Twitter, Facebook... Much more efficient than
DNS/IP blocking!
Because searching for a bytestring in payload generates so much less load than just overriding a DNS result at the
recursive server (that users are forced to issue queries to) or a simply drop SYNs based on IP header value that
routers/firewalls are optimized for...
I think you forgot your coffee this morning. It's not just for aliens you know.
--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I think what he meant by efficient, was that if their sites ever get re-numbered or more end nodes are added (which
may or may not be that often), then this would still catch the connections.
Imho, I think it'd be better to just have a script checking for it, but nether the less, it's a cute approach
(albeit, probably not usable in a production environment).
It's "efficient" in that humans get to be lazy. It's not efficient as far as hardware resource utilization.
--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
