Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Gmail and China's GFW
From: nix () myproxylists com
Date: Tue, 22 Mar 2011 01:53:57 +0200

Gmail can be blocked by simply blocking Google's SSL certificate(s).

When you visit Gmail, Google sends your browser its SSL Server
Certificate. Without this certificate, no connection can be made.

For example, running the following command, then browsing to
<https://mail.google.com/>, will produce the following output:

$ sudo ngrep -d eth0 -x 'Google Inc'
...
  47 6f 6f 67 6c 65 20 49    6e 63 31 18 30 16 06 03    Google Inc1.0...
  55 04 03 14 0f 6d 61 69    6c 2e 67 6f 6f 67 6c 65    U....mail.google
  2e 63 6f 6d 30 81 9f 30    0d 06 09 2a 86 48 86 f7    .com0..0...*.H..
...

This output shows part of Google's ASN.1 encoded X.509 certificate.

Therefore, the following Linux firewall commands will stop any
connection to Gmail:

$ sudo iptables -I INPUT -m string --algo bm --hex-string
'|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|'
-j DROP

Try it, you will get a connection timeout:

$ curl --connect-timeout 60 https://mail.google.com/
curl: (28) SSL connection timeout

The same applies for Twitter, Facebook... Much more efficient than
DNS/IP blocking!


Thanks for the information. I was not actually aware of that you can block
with iptables using hex strings. Very nice.


Forgot to say, in terms of performance. It's better to use -j REJECT
instead of DROP (then no timeout is caused and the connection is rejected
with ICMP destination unreachable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault