G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W is the national firewall implemented in backbone Internet of China. It has four types of block:
- URL block: ie. if twitter.com is blocked, any HTTP request that has a
twitter.comstring appears betweenGETandrnrnis blocked. G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W will try RST to both you and the server many times. - DNS pollution. All UDP port 53 are censored in China. Your domain will resolve to fake IPs if polluted. Currently known fake IPs include:
202.106.1.2, 211.95.129.161, 211.94.66.147, 220.250.64.23, 216.234.179.13, 4.36.66.178
- IP ban.
- content filter. All unencrypted TCP/UDP data are monitored. You might trigger a shit load of keywords during your daily surfing without knowing anything. Like URL block, G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W will try RST to both you and the server many times if your keywords matches a certain level and quantity. And your IP & client info will be logged for further investigation if needed.
During the great ban of 2009-06-02, *.live.com, bing.com, twitter.com, flickr.com, hotmail.com, along with previous banned youtube,com and *.blogspot.com, are no longer accessible within China directly. But Google Reader, one of the main anti-☭ propaganda source, survived. Why?
Let's look at one of the typical Google Reader HTTP request:
https://www.google.com/reader/api/0/stream/contents/user%2F1338082....
| | |
| +-----+------+
| |
| +--- DNS pollution and IP ban are unlikely,
| unless G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W totally bans all www.google.com
|
+--- https, means data transfer between your IP
and www.google.com IP (64.233.189.99) are encrypted,
thus URL block and content filter are useless,
except G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W implements some sort of MITM attack which is too costly
So what can we learn from it?
- The bigger your website are, the sooner your website get unblocked. If your little known sites get blocked, who cares?
- Don't use HTTP GET since it's very easily URL-blocked. This also helps reduce XSS & XSRF
- Make your URL jumping httpS compatible. Even static files.
- Use RFC 2068 compatible CDNs like squid. So you can route all your other nodes' traffic to a node where your clients could access(ie. youtube could be accessed within China if your proxy all your www.youtube.com/* requests to www.google.cn IP). But you have to make sure your CDN can deliver content accross G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W.
- Use as few as subdomains as possible. This reduce DNS pollution damage if you just have dozens to recover instead of thousands. If Google Reader's URL is something like reader.google.com, it's very possible to get banned years ago.
六月 3rd, 2009 at 19:48
我是来学英语的 :)
Reply
electronixtar reply on 六月 3rd, 2009 19:54:
其实你是来抢沙发的。
Reply
六月 3rd, 2009 at 20:06
我觉得,还有一个原因,被封的都是开放的系统,一个人写了,全internet都能看。greader相对是密闭的,看的是主动订阅的东西,分享也基本上只是点对点的信息传播
Reply
六月 3rd, 2009 at 20:43
我用http也没被G里的集体宿舍人满为患,后来的人无处容身,像我,就需要租间房子。这栋楼老太太有两层房,之前楼下住着她的儿子儿媳,F它的猎物,眼下正挑逗。屋里的人将衣服挂在窗外,巷子中砖瓦紧凑地接着淅淅沥沥的水滴。“滴答滴答下小雨了,种子说我W
话说Google.com都经常被block,不知道有什么好的解决办法
之前还能用https或者改到jp、tw,但越来越乏力了
Reply
七月 21st, 2009 at 13:37
哈哈,那么多机密信息~~~
这里会不会被中穿行,寻找这稚嫩的朗读声,不一会晕头转向,随即问个老太太附近有房子出租么,热情的她告诉我她家就有待租的房子,墙啊
Reply