27 March 2001


Date: Tue, 27 Mar 2001 01:14:33 -0500
Subject: [C-NYC] dos against firewalls
From: "Hugh Merwin" <[email protected]>
To: [email protected]
Reply-To: [email protected]

I'm working on a paper about methods of defying all around censorship and 
blocked IPs in countries where the Internet is tightly controlled (like
Belarus, Burma, China, North Korea, Sudan, Syria, Tajikistan, Tibet,
Tunisia).  Two major trends:  1) there's always nebulous reports of IP and
URL based blocking, like arrays of firewalls, and laws mandating blocks of
certain pages for local admins., and 2) censorship almost always deals
exclusively with content (political and social), although its broader and
duller edge extends to most in a general lack of connectivity (economic).

I was reading about web bugs today.  If somebody started a chain letter
directed to recipients in one of the aforementioned countries about a
mundane subject like pet's names or aphorisms about marriage, and included
an HTML tag that instructed the email program to retrieve an image file from
one of the blocked sites, the request would be deflected right?  Okay.

What if there were five chain letters, each with a tag corresponding to a
different blocked site?  With a low percentage of forwards, and a low
percentage of total openings of the message, there could still be a
substantial number of requests for the image file.  Combined with the
chances that the forwards, HTML tag included, ("send this to ten people.
tell each of them to send this to ten people..."), will go to recipients
behind the same firewall- this could result in a substantial amount of
failed requests to retrieve the image.  As pyramids are pyramids, this could
be anywhere between 0 and billions of requests over time.

However, given the fact that email usage is more coveted than browsing, and
grows at a much faster rate, I see that this could have some effect. A
massive and unintentional series of requests for this file would definitely
skew statistics, and possibly allow some to "hide in plain sight," as it
were.  I imagine a legitimate, unblocked connection to the site would not
stand out in traffic analysis in the midst of all of this.   Larger
question: Can a firewall be taken out this way?

Much potential abuse in this technique (improving hit stats, etc.)  Could
this be used to increase the flow of information for such places?  It's
notoriously difficult to trace the lineage of a chain letter.  I do believe,
however, if successful, this would likely be treated as an act of aggression
on the part of the blocked sites.  Of course, in my feeble technological
understanding, one really would need their permission.  And the logic of
engineering and the logic of usage are two different things.

I'm just a cook, so I don't really know what would happen in this situation.
Any guesses?


To subscribe to Cypherpunks-NYC, send mail to '[email protected]' with 'subscribe cypherpunks-nyc' in the body.