20100104

Defeating URL Filters

As a security person, I really consider things like firewalls speed bumps on the internet (especially when we can do rpc over http). But URL filters are another critter all together, and while not generally something that is good to defeat in the corporate environment, one has to wonder how these things are put together, and what would be a good way to defeat them so that people can go and access information that would otherwise be considered anti-social in what ever culture.

China has lead the way with countrywide URL filtering, and the middle east is not that far behind them in the process. While I do not really care what a country does at this point, what I do find interesting is the process of defeating those URL filtering systems that have been installed and are in place. The ability to obtain information despite a governments interests can open the door to new thoughts and ideas getting into countries where the media is controlled.

Boing Boing at 
http://www.boingboing.net came up with a distributed system that relied on people hosting URLS over DSL and Broadband lines, or as sub domains off primary domains like dbb.somedomain.com as a way to make sure that the URL filtering mechanism was subverted so that Boing Boing could carry on semi normally.

First, this is an educational pursuit and I will add to this body of knowledge as I move through this project. However, I see a number of ways that can be used for this process.

Friendly high speed DSL or Cable lines installed as either TOR or HTTP proxies.
Tor
Proxy services both fixed and mobile
Hitting refresh a lot
Intentionally allowing multiple bounce boxes on the internet
Opening boxes for unrestricted RDP or X-Windows

This concept raises an interesting theory that by allowing people guest access to boxes, using proxy and other services like Tor, along a long line of scattered and randomized DSL lines would help. As well as providing non-tracking search engines, news aggregators, and other services, it would be almost impossible for a country firewall/URL filtering schema to track all these kinds of friendly services.

The flaws in URL filtering software, such as blacklist download.com but not download.com.ru is common place in many systems. As well as using strait IP translation via host tables, or again the distributed model. Even just setting up a home proxy allows people to circumnavigate URL filtering systems, and our school kids know this and do this on a regular basis regardless of what the school district rules are. While the intent is bypass state sponsored firewalls and URL filtering systems, simple tricks at home can help people access data in countries where they can not. By using simple tricks that high school students can do. All the while state sponsored censorship will be costly, but easily bypassed as well.

No comments:

Post a Comment