ISP/VPN's to China?

• Previous message (by thread): ISP/VPN's to China?
• Next message (by thread): ISP/VPN's to China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 22, 2009, at 8:14 AM, Alexander Harrowell wrote:

> On Thursday 22 October 2009 12:38:11 Chris Edwards wrote:
>> On Thu, 22 Oct 2009, Alex Balashov wrote:
>> | Understood.  I guess the angle I was going more for was:  Is this
>> | actually practical to do in a country with almost as many  
>> Internet users
>> | as the US has people?
>> |
>> | I had always assumed that broad policies and ACLs work in China,  
>> but most
>> | forms of DPI and traffic pattern analysis aren't practical simply  
>> for
>> | computational feasibility reasons.  Not unless the system were  
>> highly
>> | distributed.
>>
>> Perhaps they only need make an example of a few, and thus introduce  
>> an
>> element of fear for everyone else.
>
> I had always assumed that the Gt. Firewall, and especially the fake  
> RST
> element of it, existed precisely to let the geeks and weirdos stand  
> out of the
> naive traffic so they could be subjected to special treatment.
>
> Similarly, this is the approach the Iranians seem to have taken  
> after their
> disputed election - although there isn't a telco monopoly, there's a  
> wholesale
> transit monopoly, and they just had the transit provider rate-limit  
> everyone.
> My understanding of this was that "normal" users would give up and do
> something else, and only people who really wanted to reach the  
> outside world
> or each other  - i.e. potential subversives - would keep trying.  
> Therefore,
> not only would the volume of traffic to DPI, proxy etc be lower, but  
> the
> concentration of suspect traffic in it would be higher.
>
> From this point of view, I suppose there's some value in using an  
> IPSec or SSL
> VPN, because that's what corporate traveller applications tend to  
> use and
> they'll therefore never cut it off. I mean, are you suggesting that  
> the
> assistant party secretary of Wuhan won't be able to log into  
> CommunistSpace
> (Iike Facebook with Chinese characteristics) while he's on the road?
> Unthinkable!

Generally speaking, the definition of "corporate traveller  
applications" in such cases ==
"Whatever anyone tries to do from the following specific address  
ranges, which are known to be accessible exclusively inside certain  
international hotels, exclusively to users who are willing to pay the  
equivalent of 1-2 weeks of avg. local income for the privilege).

TV

• Previous message (by thread): ISP/VPN's to China?
• Next message (by thread): ISP/VPN's to China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]