Re: [Full-disclosure] Gmail and China's GFW
- From: bk <chort0@xxxxxxxxx>
- Date: Mon, 21 Mar 2011 17:09:05 -0700
On Mar 21, 2011, at 4:53 PM, nix@xxxxxxxxxxxxxxxx wrote:
Try it, you will get a connection timeout:
$ curl --connect-timeout 60 https://mail.google.com/
curl: (28) SSL connection timeout
The same applies for Twitter, Facebook... Much more efficient than
Thanks for the information. I was not actually aware of that you can block
with iptables using hex strings. Very nice.
Forgot to say, in terms of performance. It's better to use -j REJECT
instead of DROP (then no timeout is caused and the connection is rejected
with ICMP destination unreachable.
Not if you want it to look like a problem with Google's infrastructure rather than an active block where initiator can see the source of the ICMP datagrams.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Gmail and China's GFW
- Next by Date: Re: [Full-disclosure] Mutt: failure to check server certificate in SMTP TLS connection
- Previous by thread: Re: [Full-disclosure] Gmail and China's GFW
- Next by thread: Re: [Full-disclosure] Gmail and China's GFW