Announcement

Collapse
No announcement yet.

China's Wall

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • China's Wall

    Having read this thread. I have summoned up all courage to ask.
    China has been blocking many of information giving sites such as BBC, Washington Post and CNN. And some other sites like .tk, geocities and tripods. I am only able to visit these sites when Im at work. Though the news are old, the dillemma remains the same.
    I do understand the reason behind the blockings but I am not a local and the need for information has always been with me.
    I have tried using an anonymous browser to this matter but only to some extent, some opens up with errors and some does not open at all. I have also tried using proxies but it also has the same effect. And even tried this but I was completely lost.
    I am not good at computers but I do try.

    In this regard, is there a way to bypass China's great firewall?
    BK

    My apologies if I should have posted this question in this thread. I was not sure if it the same topic. Mine is being blocked by the government.
    Last edited by Badkarma; February 25, 2005, 19:29. Reason: correcting links
    Temet Nosce

  • #2
    I guess I can ask if you have tried ebypass.org but by the time you read this the gov may have blocked it for you. How about Ghost Surf, is that available to you? Of course all you need it access to ONE machine that can access the world, then you can have it all using Citrix or other similar shell.

    Comment


    • #3
      I am afraid of a few things though:
      1) Any solution listed below will be too complex for you to implement.
      2) If this post remains here, there is risk for defcon.org to be blocked too by trying to subvert your government's authority. :-/ (I am perfectly fine with this post being deleted if this risk is an issue.)

      This is a long post.

      Originally posted by Badkarma
      Having read this thread. I have summoned up all courage to ask.
      China has been blocking many of information giving sites such as BBC, Washington Post and CNN. And some other sites like .tk, geocities and tripods. I am only able to visit these sites when Im at work. Though the news are old, the dillemma remains the same.
      I do understand the reason behind the blockings but I am not a local and the need for information has always been with me.
      I have tried using an anonymous browser to this matter but only to some extent, some opens up with errors and some does not open at all. I have also tried using proxies but it also has the same effect. And even tried this but I was completely lost.
      I am not good at computers but I do try.

      In this regard, is there a way to bypass China's great firewall?
      BK

      My apologies if I should have posted this question in this thread. I was not sure if it the same topic. Mine is being blocked by the government.
      (Very cool. You have wisdom and initiative! You have demonstrated you invested your own time into this problem, so I will try to help you more. :-)

      I have friends living in China and Taiwan and blocking of specific sites does make it difficult for them to browse. People have been able to use anonymous proxies, but as those in power find these anonymous proxies, they tend to block access to them as well.

      Nearly any plain-text proxy you choose to use (free anonymous or commercial) has the risk of eventually being blocked when you government finds them. Also, any encrypted traffic to a specific IP address runs the risk of being blocked if they are proactive enough to examine heavily accessed sites or use heuristics like excessive traffic to a specific IP address by many citizens with DNS lookups to sites known to be blocked.

      You are in a tough place. :-/

      The "ssh" method to a remote server by establishing SOCKS proxy through a port forward/redirect can work for windows, but requires the software I specified or something similar *and* a remote ssh server outside the realm of influence of your government.

      If you know someone who has a squid caching proxy who can run it over SSL/https, you may be able to use that method. Using a friend may permit your proxy service to not be noticed.

      However, both the SSL proxy and the SSH proxy are at risk for DNS lookups, if your government chooses to block DNS lookup to specific site lookups or track lookups to blocked sites and correlate to encrypted traffic.

      What else is there?

      Dan Kaminsky provided a presentation on (ab)using DNS requests to tunnel connections through UDP 53. But this has a greater risk, since excessive DNS traffic could also be a flag. http://www.defcon.org/html/defcon-12....html#kaminsky (There appears to be a Power Point Presentation link for downloading.)

      If you have a lot of bandwidth (at least 1.5Mbps download) you could buy an account with a shell provider outside China that uses ssh and allows X11 forwarding, and then install Mozilla on that shell server and have your web browser actually running on the remote host with DNS requests and transactions appearing to original from that remote host. (You can get "Free" cripple ware X Servers for Windows online. http://www.microimages.com/freestuf/mix/ (here is one) (The same free ssh client mentioned elsewhere (nifty telnet/ssh) supports X11 forwarding too if the remote server supports it.

      There was a presentation at DefCon ages ago on a distributed anonymous network which could be very good for you. This was DefCon... um. 6? 7? that is mentioned in this thread: http://forum.defcon.org/archive/index.php/t-3903.html buy if you read what dataworm posts, zeroknowledge got out of the anonymization network service. This however (zeroknowledge) may help you with google search on something similar. (Like a google search on: distributed encrypted networks for anonymous web browsing)

      I have not looked into any other solutions that might be cheaper or easier to setup. (If I find more, I'll edit this post over the next 24 hours.)

      Originally posted by astcell
      I guess I can ask if you have tried ebypass.org but by the time you read this the gov may have blocked it for you. How about Ghost Surf, is that available to you? Of course all you need it access to ONE machine that can access the world, then you can have it all using Citrix or other similar shell.
      The citrix suggestion can be a great one if the remote Citrix server offers encryption. (It can be enabled unless people running the remote service has chosen to disable encrypted access due to CPU overhead.)
      (It is also easy to install and use but still requires an offsite account and this will likely be commercial.)
      Last edited by TheCotMan; February 25, 2005, 22:28.

      Comment


      • #4
        Thank you for your answers astcell and Cotman.
        Very cool. You have wisdom and initiative! You have demonstrated you invested your own time into this problem, so I will try to help you more. :-)
        Lurking the forum for a long time has taught me that, thank you for the compliment.
        If this post remains here, there is risk for defcon.org to be blocked too by trying to subvert your government's authority. :-/ (I am perfectly fine with this post being deleted if this risk is an issue.
        I am in total agreement with this statement, my apologies if I have put defcon at risk. It was not my intention.

        I have copied this thread to my notepad so that in any event that this topic will be deleted, I will still have the resources. I know for a fact that it will take me a lot of time understanding ang testing all the suggestions rendered by Cotman and this topic might be flagged if it stays too long. I have also bookmarked the site given by astcell.

        I have tried that link to visit several sites and though I still can't access geocities and .tk's, I was able to enter usmc.mil and cnn.com *applause*
        Thank you astcell :)

        Again, hats off to defcon.
        BK

        special thanks for Cotman in his extra time and effort to address my case.
        Last edited by Badkarma; February 25, 2005, 23:11. Reason: spelling errors
        Temet Nosce

        Comment


        • #5
          Originally posted by Badkarma
          special thanks for Cotman in his extra time and effort to address my case.
          I can't tell you how nice it is to come across a post like yours where the user has worked on their own for a solution first. This is a rare gem in the forums for questions asked by users.

          May others learn from your example.

          Comment


          • #6
            I wonder if you would be better off pinging the IP you want, like defcon,org, then surfing to the pages you want and use the IP all the time instead of the name. That way the DNS you use will not be prompted for reverse look up, and it is one less place to log.

            England had one massive pipe through which all Internet traffic must go, so it may be easily watched. No doubt your part of the world has similar control over traffic, In that case the DNS may be moot, but as we say here in the US, "they may hang you but don't supply your own rope!"

            Comment


            • #7
              Originally posted by astcell
              I wonder if you would be better off pinging the IP you want, like defcon,org, then surfing to the pages you want and use the IP all the time instead of the name. That way the DNS you use will not be prompted for reverse look up, and it is one less place to log.
              This will not work on all web servers, but may work for many commercial sites. Some web server share one IP address across multiple domains and use the domain name handed over an HTTP request to figure out which virtualHost directory that should be served. (MS IIS and other web servers have similar options)

              Also, a ping of a host does perform a DNS lookup when a name is given. If the ping were conducted on a machine outside China's filtering, then this might help this to work on single IP host/domain pairs. (Assuming it is a DNS blocking issue, addition of the IP address and hostname to /etc/hosts or the equivalent file in Windows (LMHOSTS or hosts) to prevent DNS lookup for included hostnames. (This is a bit of a kludge though.)

              They probably block based on IP address [and port] instead of domain. HTTP domain name passing would be a layer 7 filter and incredebly slow compared to a Layer 3 IP filter. They may have also blocked DNS by providing DNS in their country that cache requests but block DNS requests from hosts other than their designated DNS. (This would be a lot of work, and take a great deal of effort though.

              Your idea causes me to think of another simple (but time consuming) solution:
              Use the "cache" feature from google. It is not ideal, but may grant you access to text from websites (even though the images, Java Applets and css may be blocked)
              Last edited by TheCotMan; February 26, 2005, 00:07. Reason: fixed content

              Comment


              • #8
                I wonder if you would be better off pinging the IP you want, like defcon,org, then surfing to the pages you want and use the IP all the time instead of the name. That way the DNS you use will not be prompted for reverse look up, and it is one less place to log.
                I have experienced this before. I was not able to visit a .tk site and then a friend gave me its IP. The access was immediate. I will just have to read more about pinging IP's.
                Thank you astcell :)

                Going through a search I have found an analysis on how China fiters the internet. And also found the list of blocked sites. Some of them I can access and some cannot (Im in Beijing)

                The information in this topic is already overwhelming but I know that the answers here are not solely for me. But also for the other members that may have the same dillemma.

                May others learn from your example.
                Thank you Cotman.
                It is saddening that I can't offer more to this forum because of my lack of knowledge. If I could, I would. I just feel that the forum is shortchanged by me.

                BK
                Last edited by Badkarma; February 26, 2005, 00:33. Reason: added information
                Temet Nosce

                Comment


                • #9
                  Originally posted by Badkarma
                  Its only saddening that I can't offer more to this forum because of my lack of knowledge. If I could, I would. I just feel that the forum is shortchanged by me.
                  Perhaps when you have a more experience, you will choose to share technical information on the forums in the future. :-) (Not all discussions are technical...many are about planning of defcon, or general discussion and socialization... these dont require much knowledge.)

                  I generally do not flame people for not being correct, but I will harass people who are inconsiderate, do not learn from their mistakes, or seem to lack a finesse that usually comes from doing a bit of lurking.

                  Comment


                  • #10
                    Thank you for pointing that out Cotman. I will try to participate and bring something relevant to a more non-technical discussions.
                    Indeed the "Lurking" aspect of the rules has helped a lot. I think some members does take advantage of this privilege.
                    Now, in most forums lurking is considered a bad thing. Well, that’s not the case here on the Defcon forums. We actively encourage new users to lurk before making their presence known. Lurking provides you the advantage of being able to figure what’s going on before you enter the conversation. Spend your first week laying low and getting the lay of the land before making your first post. This will probably save you a fair amount of grief, as it takes very little time around here to figure out what is and is not acceptable on the board. There’s no rush, take your time.
                    I also think that lurking is vital if not the most important part of the rules. Because if one lurks long enough, one will be able to observe and understand how and why the forum community acts as it is. Ergo, knowing the do's and dont's.

                    Thanks again,
                    BK
                    Last edited by Badkarma; February 26, 2005, 01:14. Reason: grammar check
                    Temet Nosce

                    Comment


                    • #11
                      One only hopes BK is not a China official getting lastest and greatest ideas to be proeactive. Although I have not seen many gov's that take a "proactive" approch anyways.

                      /Jus sayin
                      "Never Underestimate the Power of Stupid People in Large Groups"

                      Comment


                      • #12
                        Yes, I do hope so.
                        But after being a member of the WTO in 2001, there has been some changes on its freedom. Also being the host on the next summer olympic games, I am sure that there will be more revamps on its policy in information gathering and sharing.

                        BK
                        Temet Nosce

                        Comment


                        • #13
                          Originally posted by Badkarma
                          Yes, I do hope so.
                          But after being a member of the WTO in 2001, there has been some changes on its freedom. Also being the host on the next summer olympic games, I am sure that there will be more revamps on its policy in information gathering and sharing.

                          BK
                          Wholy crap!!! Maybe I was right!!!!
                          "Never Underestimate the Power of Stupid People in Large Groups"

                          Comment


                          • #14
                            Originally posted by hackajar
                            Wholy crap!!! Maybe I was right!!!!
                            I think something was lost in translation. (heh)

                            Being proactive means Acting in advance to deal with an expected difficulty

                            For a government to be proactive (China) in how they advance control to limits on network access means even tighter controls and restrictions to network access by trying to find ways to deal with the above suggestions..

                            I think that proactive was thought by BK to be "the government being more open to freedom of information."

                            China's admisson to WTO in 2001 and host of the summer Olympics are, perhaps, examples from BK on how there is perception China is becoming more open.

                            It certainly would be problematic if China was host to the Olympics and Internet access was restricted for visiting foreigners like the local population.

                            Comment


                            • #15
                              That was confusing :) anyway, I will not deny the fact that before I posted my last reply I did look up the word proactive.
                              I was saying, In my opinion, there will be less room for proactive government officials (in this matter) because of the changes China is and will experience. These events will force or persuade the government to look again on their books.
                              And yes, I was talking about how China is a opening up to the world.

                              BK

                              My apologies for the confusion, English is not my first language.
                              Last edited by Badkarma; February 26, 2005, 11:04.
                              Temet Nosce

                              Comment

                              Working...
                              X