Log in

No account? Create an account
HOWTO: Avoid Internet Filtering - NIHIL VEL PERTINAX SUM — LiveJournal
The Web Log of Linuxrocks123

Date: 2011-04-22 12:13
Subject: HOWTO: Avoid Internet Filtering
Security: Public
When I was in elementary through high school, my public school district used an Internet filtering system to stop students from accessing "evil" websites, such as those containing nudity or email. I have no idea if the PISSED (inside joke) school district has decided to lighten up any, but I decided to do a comparison of my school district's censorship system with that of China. I have also decided to include instructions on evading censorship of each.

PISSED school district:
- Annoying picture of stupid dog displayed when site is blocked.
- No DNS hijacking.
- Dedicated servers for censorship.
- HTTPS not blocked and not censored because contents of website couldn't be examined.
- I seem to recall port blocking was in effect, with only ports 80 and 443 allowed through.
- Unknown whether running an ssh server on port 80 or 443 would work (would unless they're doing deep packet inspection).
- CGIProxy was effective.
- Booting Linux eliminated need for login.

Communist China:
- Blocked site simply fails to load.
- DNS hijacking stops effectiveness of evasion tools that do not also tunnel DNS.
- Dedicated servers for censorship (assumed).
- Contents of HTTPS websites not examined; some https websites might still be blocked.
- No port blocking in effect.
- CGIProxy not tried but should work if run as https server.

I have successfully evaded both of these censorship systems in the past. Now, I want to tell others how to do this, too.

For the PISSED school district system, the following method should work:
1. Run a proxy server using SSH SOCKS5 proxying or HTTPS CGIProxy on your home Internet connection. If you choose SSH, use port 443.
2. Boot a PISSED computer from a Linux Live CD or DVD so that you don't have to log in and can't be tracked.
3. Connect to your proxy server.
4. Visit blocked websites.

For Communist China, the following method should work:
1. Run a proxy server in another country using SSH SOCKS5. CGIProxy probably won't work because of China's DNS hijacking.
2. Configure Firefox to redirect DNS requests through SOCKS to evade the DNS hijacking by setting network.proxy.socks_remote_dns in about:config.
3. Connect to your proxy server.
4. Visit blocked websites.

On Linux, to connect to an SSH server from a client and use it as a proxy, do ssh -C2qTnN -D 8080 username@remote_machine.com. Add a "-p 443" if you configured your SSH server to use port 443 to evade PISSED port blocking.

If you are personally suffering under the evil, anti-freedom regimes of China or PISSED, or otherwise have a need for evading Internet censorship, please post below so that I can assist you with your specific censorship evasion needs. I recognize these directions are rather skeletal; I feel that, if you are running into trouble, I can best help you by discussing the issue with you personally.

Post A Comment | | Link

my journal
May 2016