-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Ian, I made a new thread to avoid this discussion in the 'The Torouter and the DreamPlug' thread.
On Thu, Jun 09, 2011 at 11:47:10PM +0200, tagnaq wrote:
Doesn't "make random people into public (middle-only) relays" have the (well maybe not "problem", but "issue"?) that when GFW blocks them, they (the random people who bought an Excito/etc.) won't be able to connect to anything in .cn any more? Although I don't _often_ connect to .cn domains, it seems unfortunate to effectively auto-ban these people from Chinese websites.
I did not experience any problems connecting to .cn while using a relay IP address. I think they are just blocking an IP:port combination and not the entire IP address. ...but things might change
Hmm. I wonder what happens if the packets are fragmented so that the TCP port information isn't in the first fragment...
possibilities: a) a fragmented IP packet doesn't get blocked b) they don't allow IP fragmentation (Don't Framgent Bit set) c) their firewall is able to find out whether the fragment is part of a blocked destination (IP:port)