Philip Tellis wrote:
Sometime on Jul 20, Amish Mehta assembled some asciibets to say:
- Make your DNS server host blogspot.com and redirect ALL port 53
traffic to it and block blockedblog.blogspot.com requests.
User can use an alternate DNS server
Well thats why I said redirect port 53. When port 53 is redirected alternate DNS would not work as user expects.
- Just like ip_conntrack_ftp module which tracks PORT commands,
develope ip_conntrack_http module which tracks HTTP "Host:" header and blocks the blocked sites.
User can use HTTP/1.0 which does not require the Host: header unless going through a proxy.
General users do not know how to do all that. There are many other ways to access sites too. Anonymous proxies (not necessarily running on port 80), SOCKS and all which is too tough to block.
But most of people do not know all that.
And if one is expert to do that, which means that person is doing something which is banned by Government and hence illegal so can get himself arrested.
Amish.
-
Amish Mehta