On 2012-2-10 2:23, Mike Easter wrote:
> Lu Wei wrote:
>> Jay Garcia wrote:
>>>
>>> Definitely a problem on your end.
>
>>
releases.mozilla.org is blocked by the great firewall of china (GFW)
>> through DNS poisoning.
>
> DNS 'poisoning' is a little different than what the GFW (usually) does.
>
I don't know exactly what the difference between hijacking and poisoning, but it's normal that GFW do DNS tricks. What has been known to us is that GFW reports a wrong IP address and connection fails. The innovation now is that you still can connect to that fake address and download files as if nothing happens. It's getting more dangerous and aggressive. And I really get curious and furious that mozilla has been chosen a victim, since mozilla has no political relation to ccp -- maybe "An open web" just annoyed them?
I caught a log today. The fake IP address is
218.6.25.199:
GET /pub/
mozilla.org/thunderbird/releases/10.0-real/win32/en-US/Thunderbird%20Setup%2010.0.exe HTTP/1.1
Host:
releases.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en
Accept-Encoding: gzip, deflate
Referer:
http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/10.0-real/win32/en-US/
Cookie: WT_FPC=id=2bb0cb0e84cc108c6511274053975974:lv=1328562797045:ss=1328562796719; dloadday=65.49.68.155.1325471858384717; wtspl=219427DNT: 1
Connection: keep-alive
HTTP/1.1 200 OK
X-Backend-Server: cn-web01
Last-Modified: Mon, 30 Jan 2012 01:43:57 GMT
Accept-Ranges: bytes
Content-Length: 16811832
Content-Type: application/octet-stream
Date: Fri, 10 Feb 2012 05:11:29 GMT
Server: Apache
Powered-By-ChinaCache: MISS from CHN-WZ-V-3CA
Powered-By-ChinaCache: HIT from CHN-PT-2-336
Connection: close
MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
$........H...)u..)u..)u...~..)u.75{..)u......)u...q..)u..)t. )u.w&(..)u...~..)u.s/s..)u.Rich.)u.........PE..L...fJ.D.....
...
> What can you do about configuring your name service? Can you use a proxy?
Yes, we can use encrypted proxies. Thanks for the circumvent info. It's normally safe to browse only.