Cenzic 232 Patent
Paid Advertising
web application security lab

China hates me

I got an interesting email from id immediately after I posed about how to DoS Chinese people using XSS:

So…right after you posted that article about the Chinese firewall,
guess what happens to all our return packets into China…

19:02:18.279696 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:02:19.706738 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:02:21.827586 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:02:23.702761 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:02:25.997517 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:02:26.456323 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:02:34.596689 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:02:43.715250 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:02:51.814670 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:03:06.728772 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:03:26.452484 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:03:52.658481 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:04:35.223478 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
19:05:25.269166 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:09:51.021360 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:09:51.577978 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:09:52.705064 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:09:54.955989 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:09:59.445295 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:10:08.404253 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:10:26.358232 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:11:02.667654 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:12:14.659422 211.151.239.39 > 69.12.144.65: icmp: host 211.151.239.39
unreachable - admin prohibited
19:49:21.225050 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:49:24.700345 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:49:31.698610 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:49:45.677806 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
19:50:13.648465 211.151.239.41 > 69.12.144.65: icmp: host 211.151.239.41
unreachable - admin prohibited
20:41:13.932165 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:14.449852 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:15.487234 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:17.560017 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:21.711272 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:29.995980 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:41:46.568665 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibitedc
20:42:19.811039 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:43:26.055585 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:41.142530 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:41.660478 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:42.704785 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:44.789354 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:48.956126 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:51:57.292101 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:52:13.970979 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:52:47.319824 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited
20:53:54.009886 211.151.239.37 > 69.12.144.65: icmp: host 211.151.239.37
unreachable - admin prohibited

The irony here is that I’m actually warning the Chinese of the possibility of using their own firewall against them. Why wouldn’t they want to know that? Oh well. Ignorance is bliss, I guess.

3 Responses to “China hates me”

  1. id Says:

    Just to clarify what’s going on here, people in China tried to connect to the ha.ckers.org web server, and that worked, but when the web server sent back the offending content it saw that and put a block up on all other return packets in the session(s).

  2. RSnake Says:

    Bastards! But, yah, I doubted there was any human intelligence in that, it was too specific and too immediate. As it always is when you try to submit “badwords” through their firewall.

  3. ha.ckers.org web application security lab - Archive » Ignoring the Great Wall of China Says:

    […] I wanted to post again about the great Chinese firewall.  Apparently someone had the same idea that id and I had around ways to get around the filters.  Apparently, according this post on bypassing the Chinese firewall, it uses RST packets when it sees the forbidden content pass over it’s firewalls.  The RST packets are sent in either direction. However, if your firewall is set up to ignore RST packets AND the person in China is also set up to do the same, the text will flow through the firewall indisciminately. […]