Ref: http://www.techgig.com/tech-news/editors-pick/How-to-bypass-internet-censorship-20363
IP Blocking
This is the most basic method used to filter content. It involves blocking the IP address of the target website. Unfortunately,websites sharing the same IP address, which is usually the case on a shared hosting server, are also blocked. This was the method used by ISPs in the UK to block The Pirate BayWorkaround:you need is a proxy with access to the blocked site. There are numerous free proxies online. This article by Guy McDowell lists four sites that give you a free updated proxy list. The proxy server fetches the website for you and displays it on your browser. Your ISP only sees the IP address of the proxy and not the blocked website. Blocked websites can also beat this censorship method by adding a new IP address and letting users know about it. Users are then able to access the site without any problems.
DNS filtering and redirection
This is a much more sophisticated filtering methodthe Domain Name Server (DNS) fails to resolve the correct domain or returns an incorrect IP address. ISPs in many countries use this method to block illegal sites, for example, Denmark and Norway use DNS filtering to block child porn websites. China and Iran have also used this method numerous times in the past to block access to legitimate sites. Read Danny's article on how to change your DNS for more in-depth information.
Workaround: One way to circumvent this is to find a DNS that resolves the domain name correctly, for example, OpenDNS or Google Public DNS. To change your DNSyour ISP to OpenDNS or Google Public DNS, you must configure it in your operating system or device. Both have excellent tutorials fortypes of operating systems. You can also type the numeric IP address in your URL bar instead of the actual domain name though this is less effective especiallysites share IP addresses.
URL filtering
With URL filtering, the requested URL is scanned for targeted keywords irrespective of the actual domain name typed in the URL. Many popular content control software and filters use this method. Typical users include educational institutions, private companies and government offices.
Workaround: A highly technical method to circumvent this is to use escapeacters in the URL. However, it is much simpler to use encrypted protocols such as a Virtual Private Network (VPN) service or Tor. Once the data is encrypted, the filter cannot scan the URL and you can therefore access any website.
Packet filtering
This method is also known as static packet filtering. It is a firewall technique used to control network access. Incoming and outgoing data packets are monitored and either stopped or allowed through based on pre-determined rules such as source and destination IP addresses, keywords and ports. When used in internet censorship, TCP packet transmissions are terminated by the ISP when targeted keywords are detected.
Workaround: Again, VPN services and Tor are the best ways to get around packet filtering. Packets sent over VPN and Tor contain dual IP headers. Firewalls are only able to apply the filtering rules to the outer header but not the inner header when these data packets are transmitted.
Man-in-the-middle (MITM) attack
I have only heard of this method being used by some of the regimes I mentioned earlier. It is a common hacking method, but in January 2010, Chinese authorities successfully used a MITM attack to intercept and track traffic to Github.com. As the name implies, an MITM attack is based on impersonation,the eavesdropper makes independent connections with the victims and makes them believe they are communicating with one another.
Workaround: The best defense against MITM attacks is to use encrypted network connections, such as offered by HTTPS (what is HTTPS?) and VPN. HTTPS utilizes SSL capabilities in your browser to conceal your network trafficsnooping eyes. There are Chrome and Firefox extensions known as HTTPS Everywhere, that encrypts your communication on most major sites. When browsing on HTTPS, always take note of any browser warnings to the effect that a website's certificate is not trusted. This could indicate a potential MITM attack. VPN and Tor technology also uses SSL, which forces the attacker to obtain the key used to encrypt the traffic.
TCP connection resets/forged TCP resets
In this method, when a TCP connection is blocked by an existing filter,subsequent connection attempts are also blocked. It is also possible for other users or websites to be blocked, if network traffic is routed via the location of the block. TCP connection resets were originally used by hackers to create a DOS (Denial of Service) condition, but Internet censors in many countries are increasingly finding the technique useful to prevent access to specific sites. In late 2007, it was reported that Comcast used this method to disable peer-to-peer communication. The US FCC ordered Comcast to terminate the practice in August 2008.Workaround: The workaround for this mainly involves ignoring the reset packet transmitted by the firewall. Ignoring resets can be accomplished by applying simple firewall rules to your router, operating system or antivirus firewall. Configure your firewall to ignore the reset packet so that no further action or response is taken on that packet. You can take this a step further by examining the Time-to-live (TTL) values in the reset packets to establish if they are cominga censorship device. Internet users in China have successfully used this workaround to beat the Great Firewall of China.
Deep Packet Inspection (DPI)
Now this one is really scary. Under the wings of the PRISM project, the NSA used this method to eavesdrop and read private email communications. China and Iran use deep packet inspection for both eavesdropping and Internet censorship. DPI technology allows prying eyes to examine the data part of a packet to search for non-compliance against pre-determined criteria. These could be keywords, a targeted email address, IP address or a telephone number in the case of VoIP. While DPI was originally used to defend against spam, viruses and system intrusion, it is clearrecent developments that it is a now a weapon of choice for Internet censorship.
Workaround: To beat a Deep Packet Inspection, you need to connect to a remote server using a secure VPN link. The Tor Browser bundle is ideal to evade deep packet inspection because it conceals your location or usageanyone carrying out network surveillance or traffic analysis.
IP Blocking
This is the most basic method used to filter content. It involves blocking the IP address of the target website. Unfortunately,websites sharing the same IP address, which is usually the case on a shared hosting server, are also blocked. This was the method used by ISPs in the UK to block The Pirate BayWorkaround:you need is a proxy with access to the blocked site. There are numerous free proxies online. This article by Guy McDowell lists four sites that give you a free updated proxy list. The proxy server fetches the website for you and displays it on your browser. Your ISP only sees the IP address of the proxy and not the blocked website. Blocked websites can also beat this censorship method by adding a new IP address and letting users know about it. Users are then able to access the site without any problems.
DNS filtering and redirection
This is a much more sophisticated filtering methodthe Domain Name Server (DNS) fails to resolve the correct domain or returns an incorrect IP address. ISPs in many countries use this method to block illegal sites, for example, Denmark and Norway use DNS filtering to block child porn websites. China and Iran have also used this method numerous times in the past to block access to legitimate sites. Read Danny's article on how to change your DNS for more in-depth information.
Workaround: One way to circumvent this is to find a DNS that resolves the domain name correctly, for example, OpenDNS or Google Public DNS. To change your DNSyour ISP to OpenDNS or Google Public DNS, you must configure it in your operating system or device. Both have excellent tutorials fortypes of operating systems. You can also type the numeric IP address in your URL bar instead of the actual domain name though this is less effective especiallysites share IP addresses.
URL filtering
With URL filtering, the requested URL is scanned for targeted keywords irrespective of the actual domain name typed in the URL. Many popular content control software and filters use this method. Typical users include educational institutions, private companies and government offices.
Workaround: A highly technical method to circumvent this is to use escapeacters in the URL. However, it is much simpler to use encrypted protocols such as a Virtual Private Network (VPN) service or Tor. Once the data is encrypted, the filter cannot scan the URL and you can therefore access any website.
Packet filtering
This method is also known as static packet filtering. It is a firewall technique used to control network access. Incoming and outgoing data packets are monitored and either stopped or allowed through based on pre-determined rules such as source and destination IP addresses, keywords and ports. When used in internet censorship, TCP packet transmissions are terminated by the ISP when targeted keywords are detected.
Workaround: Again, VPN services and Tor are the best ways to get around packet filtering. Packets sent over VPN and Tor contain dual IP headers. Firewalls are only able to apply the filtering rules to the outer header but not the inner header when these data packets are transmitted.
Man-in-the-middle (MITM) attack
I have only heard of this method being used by some of the regimes I mentioned earlier. It is a common hacking method, but in January 2010, Chinese authorities successfully used a MITM attack to intercept and track traffic to Github.com. As the name implies, an MITM attack is based on impersonation,the eavesdropper makes independent connections with the victims and makes them believe they are communicating with one another.
Workaround: The best defense against MITM attacks is to use encrypted network connections, such as offered by HTTPS (what is HTTPS?) and VPN. HTTPS utilizes SSL capabilities in your browser to conceal your network trafficsnooping eyes. There are Chrome and Firefox extensions known as HTTPS Everywhere, that encrypts your communication on most major sites. When browsing on HTTPS, always take note of any browser warnings to the effect that a website's certificate is not trusted. This could indicate a potential MITM attack. VPN and Tor technology also uses SSL, which forces the attacker to obtain the key used to encrypt the traffic.
TCP connection resets/forged TCP resets
In this method, when a TCP connection is blocked by an existing filter,subsequent connection attempts are also blocked. It is also possible for other users or websites to be blocked, if network traffic is routed via the location of the block. TCP connection resets were originally used by hackers to create a DOS (Denial of Service) condition, but Internet censors in many countries are increasingly finding the technique useful to prevent access to specific sites. In late 2007, it was reported that Comcast used this method to disable peer-to-peer communication. The US FCC ordered Comcast to terminate the practice in August 2008.Workaround: The workaround for this mainly involves ignoring the reset packet transmitted by the firewall. Ignoring resets can be accomplished by applying simple firewall rules to your router, operating system or antivirus firewall. Configure your firewall to ignore the reset packet so that no further action or response is taken on that packet. You can take this a step further by examining the Time-to-live (TTL) values in the reset packets to establish if they are cominga censorship device. Internet users in China have successfully used this workaround to beat the Great Firewall of China.
Deep Packet Inspection (DPI)
Now this one is really scary. Under the wings of the PRISM project, the NSA used this method to eavesdrop and read private email communications. China and Iran use deep packet inspection for both eavesdropping and Internet censorship. DPI technology allows prying eyes to examine the data part of a packet to search for non-compliance against pre-determined criteria. These could be keywords, a targeted email address, IP address or a telephone number in the case of VoIP. While DPI was originally used to defend against spam, viruses and system intrusion, it is clearrecent developments that it is a now a weapon of choice for Internet censorship.
Workaround: To beat a Deep Packet Inspection, you need to connect to a remote server using a secure VPN link. The Tor Browser bundle is ideal to evade deep packet inspection because it conceals your location or usageanyone carrying out network surveillance or traffic analysis.
No comments:
Post a Comment