[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Will people running a relay be blocked from accessing CN destinations?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ian, I made a new thread to avoid this discussion in the
'The Torouter and the DreamPlug' thread.

> On Thu, Jun 09, 2011 at 11:47:10PM +0200, tagnaq wrote:
>>> > > Doesn't "make random people into public (middle-only) relays" have the
>>> > > (well maybe not "problem", but "issue"?) that when GFW blocks them, they
>>> > > (the random people who bought an Excito/etc.) won't be able to connect
>>> > > to anything in .cn any more?  Although I don't _often_ connect to .cn
>>> > > domains, it seems unfortunate to effectively auto-ban these people from
>>> > > Chinese websites.
>> > 
>> > I did not experience any problems connecting to .cn while using a relay
>> > IP address. I think they are just blocking an IP:port combination and
>> > not the entire IP address.
>> > ...but things might change
> Hmm.  I wonder what happens if the packets are fragmented so that the
> TCP port information isn't in the first fragment...

possibilities:
a) a fragmented IP packet doesn't get blocked
b) they don't allow IP fragmentation (Don't Framgent Bit set)
c) their firewall is able to find out whether the fragment is part of a
blocked destination (IP:port)
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk3znv4ACgkQyM26BSNOM7ZB5QD+J7p1OSqD7uopViiigmop84sp
nlzbSV6dqK2ZvT+PrbUA/i2hLQKHkYZfVUQqTp4hu2o9bp5GbHsNylNP6l1lKByB
=aKCK
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev