Re: China blocking DNS servers

[Clyde Hoadley <hoadleyc () MSCD EDU>]

This may, or may not, be related...

This was on the SANS Internet Storm Center (http://isc.incidents.org/)
web site Fri. Jan 2.

>
>According to Email Security Company Postini, IP addresses in the 218.107.x.x
>class are in the top 10 for both spam and directory harvest attacks. 8 of the
>top 10 spam sources and 4 of the top 10 DHA sources came from this class for
>December 31 and January 1. These IP's are registered to China Netcom and have
>a hostname "host.better-delivery.com". It looks like these ip's may be good
>candidates to block.
>
>www.postini.com/stats

--Clyde

Pete Hoffswell wrote:
> The report is now about a year old.
>
> In August 2003 it looks like it got slashdotted.  At the time, the real-time reporter may or may not have been working 
> very well to begin with.
>
> http://slashdot.org/articles/02/08/31/0557256.shtml?tid=153
>
> I have an associate that manages connectivity to a factory in China via vpn, with a split tunnel.  He has no complaints 
> of blocked sites.  I wonder if they have a different ruleset for foreign companies doing business out there.
>
> It would be interested to know if anyone else knows of a real-time filter-checker for china, or other countries, for 
> that matter.  My googlinig has not been productive.
>
> Cheers!
>
> - pete
>
>
>
> Pete Hoffswell                                            616-732-1101 (Grand Rapids, x1101)
> University LAN/WAN Coordinator              616-510-1198 (Mobile)
> IT Services                                                 pete.hoffswell () davenport edu
> Davenport University                                  http://www.davenport.edu
>
>  -=-=-  Check out DU WiFi services - http://www.davenport.edu/du/currentstudents/wifi -=-=-
>
>
>
> > > > liudvikas.bukys () ROCHESTER EDU 01/06/04 08:58AM >>>
>
> My university and a number of others are apparently having
> some DNS server traffic blocked by some Chinese ISPs.
>
> There is an excellent summary of the situation at:
>   <http://cyber.law.harvard.edu/filtering/china/>
> (this includes a real-time test interface that unfortunately,
> at the moment, seems to classify all results as "indeterminate")
> and there are related recent articles at:
>   <http://www.mail-archive.com/ip () v2 listbox com/msg00290.html>
>   <http://www.politechbot.com/pipermail/politech/2003-November/000212.html>
>
> It was noticed here because there were some complaints from
> potential Chinese applicants, followed by a remarkably low number
> of Chinese applicants on a particular deadline.  For any of our
> institutions seeking Chinese applicants, this is a business-critical
> outage.
>
>
> For the workgroups:
>
> * One technical countermeasure is to beef up secondary DNS servers,
>   particularly with high-volume DNS services (Akamai or UltraDNS?)
>   that may be less likely to be blocked.  Has anyone looked into
>   this angle?
>
> * (Short-term measures could include migrating DNS servers to
>   unblocked IP addresses -- an annoying and messy shell game.)
>
> * Are the EDUCAUSE .edu operators aware of this issue?
>   Any recommendations from them?  (How does one contact them?)
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.