How the Chinese internet is tapped.
Jun-ichiro itojun Hagino
itojun at itojun.org
Tue Jul 10 10:24:56 EDT 2007
on a similar topic as Greek.
i was in Shinsen and DongAng, mainland china (right next to HongKong).
i was able to experience GSM/GPRS Internet as well as hotel wired
Internet (both are IPv4, sigh).
in both cases, TCP port 80 (http) was sucked into transparent web proxy
(squid). i was careful enough not to type offensive words, but
zh.wikipedia.org was invisible (squid raises some kind of connection
error, always). ja.wikipedia.org and en.wikipedia.org were visible.
luckily TCP port 22 was open. the hotel net was behind NAT so i could
not use IPsec VPN. i did not have enough time to configure NAT
traversal stuff.
from my past experience with chinese academic network operated in
some university in Beijing (i forgot the name of the network/
university), i know that every connectivity from china goes out of
Beijing. at least in year 2000-2002 timeframe.
so if it is still true (inject me some clue if you know about the
current situation), all the traffic that go out of china are tapped
in Beijing. i'm wondering what kind of server farm they are
operating which are able to suck all TCP port 80 traffic from the
entire china... i forgot to run nmap OS fingerprint :-(
also, my friend in china was using Skype from Tom Online on top of
Windows. i did not believe it until i see it, but ContentFilter.exe
was really there. it is the backdoor process for Tom Online Skype
which transmits cleartext content to somewhere, which is likely to be
some law enforcement or government organization. otherwise, Skype
traffic is totally encrypted - see "silver needle in skype" paper.
i was informed that it is a common practice for south east asian
nations to run censorship on the internet. for instance, in thai
www.youtube.com is not accessible. they have never seen dodolook,
very cute taiwanese girl from canada (IIRC) i guess.
for more info, the following URL would be useful. Japanese content
and English content are a bit different so if possible be sure to
check both of them (and other languages if possible). the email is
encoded in iso-2022-jp (Japanese standard encoding for email) but when
you click it please click it Japanese URL in utf-8.
http://en.wikipedia.org/wiki/Golden_Shield_Project
http://ja.wikipedia.org/wiki/金盾
http://en.wikipedia.org/wiki/Internet_censorship_in_the_People%27s_Republic_of_China#International_corporations
http://ja.wikipedia.org/wiki/中国のネット検閲
http://ice.citizenlab.org/?p=219
itojun
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list