11 Jun
2011
11 Jun
'11
7:20 p.m.
On Sat, Jun 11, 2011 at 07:14:52PM +0000, Jacob Appelbaum wrote:
On 06/11/2011 07:58 PM, Ian Goldberg wrote:
Yes, but the client (say, inside China) is perfectly capable of artificially fragmenting its SYN packet. It shouldn't be too hard to check what actually happens in this case? (At least, for the current GFW configuration.)
No it wouldn't be hard and I would be surprised if no one actually tried that already. To be honest I didn't do any search on this.
It seems prudent to mention sniffjoke at this point: http://www.delirandom.net/sniffjoke/
Right. Blocking by IP is simple enough to do. But go much deeper (even to TCP), and you can play such packetization games.
- Ian