Educause Security Discussion mailing list archives
Re: China blocking DNS servers
From: Clyde Hoadley <hoadleyc () MSCD EDU>
Date: Tue, 6 Jan 2004 13:46:52 -0700
This may, or may not, be related... This was on the SANS Internet Storm Center (http://isc.incidents.org/) web site Fri. Jan 2. > >According to Email Security Company Postini, IP addresses in the 218.107.x.x >class are in the top 10 for both spam and directory harvest attacks. 8 of the >top 10 spam sources and 4 of the top 10 DHA sources came from this class for >December 31 and January 1. These IP's are registered to China Netcom and have >a hostname "host.better-delivery.com". It looks like these ip's may be good >candidates to block. > >www.postini.com/stats --Clyde Pete Hoffswell wrote:
The report is now about a year old. In August 2003 it looks like it got slashdotted. At the time, the real-time reporter may or may not have been working very well to begin with. http://slashdot.org/articles/02/08/31/0557256.shtml?tid=153 I have an associate that manages connectivity to a factory in China via vpn, with a split tunnel. He has no complaints of blocked sites. I wonder if they have a different ruleset for foreign companies doing business out there. It would be interested to know if anyone else knows of a real-time filter-checker for china, or other countries, for that matter. My googlinig has not been productive. Cheers! - pete Pete Hoffswell 616-732-1101 (Grand Rapids, x1101) University LAN/WAN Coordinator 616-510-1198 (Mobile) IT Services pete.hoffswell () davenport edu Davenport University http://www.davenport.edu -=-=- Check out DU WiFi services - http://www.davenport.edu/du/currentstudents/wifi -=-=-liudvikas.bukys () ROCHESTER EDU 01/06/04 08:58AM >>>My university and a number of others are apparently having some DNS server traffic blocked by some Chinese ISPs. There is an excellent summary of the situation at: <http://cyber.law.harvard.edu/filtering/china/> (this includes a real-time test interface that unfortunately, at the moment, seems to classify all results as "indeterminate") and there are related recent articles at: <http://www.mail-archive.com/ip () v2 listbox com/msg00290.html> <http://www.politechbot.com/pipermail/politech/2003-November/000212.html> It was noticed here because there were some complaints from potential Chinese applicants, followed by a remarkably low number of Chinese applicants on a particular deadline. For any of our institutions seeking Chinese applicants, this is a business-critical outage. For the workgroups: * One technical countermeasure is to beef up secondary DNS servers, particularly with high-volume DNS services (Akamai or UltraDNS?) that may be less likely to be blocked. Has anyone looked into this angle? * (Short-term measures could include migrating DNS servers to unblocked IP addresses -- an annoying and messy shell game.) * Are the EDUCAUSE .edu operators aware of this issue? Any recommendations from them? (How does one contact them?) ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- China blocking DNS servers Liudvikas Bukys (Jan 06)
- <Possible follow-ups>
- Re: China blocking DNS servers Pete Hoffswell (Jan 06)
- Re: China blocking DNS servers Clyde Hoadley (Jan 06)
- Re: China blocking DNS servers H. Morrow Long (Jan 06)
- Re: China blocking DNS servers Joe St Sauver (Jan 06)