[SANS ISC] Can you make the Great Chinese Firewall work for you?, (Tue, Oct 19th)

ve often been cited as being blocked. Adding them to the mail server’s banner should also expose them before, for example, STARTTLS is activated.

I used my mail server as an example for several reasons:

It receives almost no actual email, but pretty much only spam.
A large number of brute-forcing and other connections to the mail server originate from China.
I could not find much about how the great Chinese firewall affects email. Email is often controlled on the mail server and may not be affected by the firewall to the same extend.

The pie charts display the top countries before and after making the change. While there was a slight change in the number of Chinese IP addresses (9% instead of 11% of the total number of connections), the difference is not what I would consider significant. So, for now, I call the rumor busted that you can get the Chinese firewall to block traffic to your system by injecting simple keywords.
I think this may require a more detailed investigation. For example, the keywords will likely matter. It may also matter in what context the keywords are sent. HTTP content is more likely going to be blocked (I think). Or maybe the SMTP content is ignored if it is part of the SMTP envelope?


[1] https://en.wikipedia.org/wiki/Great_Firewall
[2] https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[SANS ISC] Malicious Content Delivered Through archive.org, (Thu, Jul 29th)

All posts, Sans-ISC

archive.org[1], also known as the “way back machine” is a very popular Internet site that allows you to travel back in time and browse old versions of a website (like the ISC website[2]). It works like regular search engines and continuously crawls the internet via bots. But there is another way to store content on archive.org: You […]

Read More

[BleepingComputer] Audi, Volkswagen data breach affects 3.3 million customers

Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. […] Source: Read More (BleepingComputer)

Read More

[ThreatPost] Iranians Charged in Cyberattacks Against U.S. 2020 Election

All posts, ThreatPost

The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation. Source: Read More (Threatpost)

Read More