27 March 2001
Date: Tue, 27 Mar 2001 01:14:33 -0500 Subject: [C-NYC] dos against firewalls From: "Hugh Merwin" <[email protected]> To: [email protected] Reply-To: [email protected] I'm working on a paper about methods of defying all around censorship and blocked IPs in countries where the Internet is tightly controlled (like Belarus, Burma, China, North Korea, Sudan, Syria, Tajikistan, Tibet, Tunisia). Two major trends: 1) there's always nebulous reports of IP and URL based blocking, like arrays of firewalls, and laws mandating blocks of certain pages for local admins., and 2) censorship almost always deals exclusively with content (political and social), although its broader and duller edge extends to most in a general lack of connectivity (economic). I was reading about web bugs today. If somebody started a chain letter directed to recipients in one of the aforementioned countries about a mundane subject like pet's names or aphorisms about marriage, and included an HTML tag that instructed the email program to retrieve an image file from one of the blocked sites, the request would be deflected right? Okay. What if there were five chain letters, each with a tag corresponding to a different blocked site? With a low percentage of forwards, and a low percentage of total openings of the message, there could still be a substantial number of requests for the image file. Combined with the chances that the forwards, HTML tag included, ("send this to ten people. tell each of them to send this to ten people..."), will go to recipients behind the same firewall- this could result in a substantial amount of failed requests to retrieve the image. As pyramids are pyramids, this could be anywhere between 0 and billions of requests over time. However, given the fact that email usage is more coveted than browsing, and grows at a much faster rate, I see that this could have some effect. A massive and unintentional series of requests for this file would definitely skew statistics, and possibly allow some to "hide in plain sight," as it were. I imagine a legitimate, unblocked connection to the site would not stand out in traffic analysis in the midst of all of this. Larger question: Can a firewall be taken out this way? Much potential abuse in this technique (improving hit stats, etc.) Could this be used to increase the flow of information for such places? It's notoriously difficult to trace the lineage of a chain letter. I do believe, however, if successful, this would likely be treated as an act of aggression on the part of the blocked sites. Of course, in my feeble technological understanding, one really would need their permission. And the logic of engineering and the logic of usage are two different things. I'm just a cook, so I don't really know what would happen in this situation. Any guesses?
To subscribe to Cypherpunks-NYC, send mail to '[email protected]' with 'subscribe cypherpunks-nyc' in the body.