[tor-dev] Will people running a relay be blocked from accessing CN destinations?

tagnaq tagnaq at gmail.com
Sat Jun 11 16:59:42 UTC 2011

Hash: SHA512

Ian, I made a new thread to avoid this discussion in the
'The Torouter and the DreamPlug' thread.

> On Thu, Jun 09, 2011 at 11:47:10PM +0200, tagnaq wrote:
>>> > > Doesn't "make random people into public (middle-only) relays" have the
>>> > > (well maybe not "problem", but "issue"?) that when GFW blocks them, they
>>> > > (the random people who bought an Excito/etc.) won't be able to connect
>>> > > to anything in .cn any more?  Although I don't _often_ connect to .cn
>>> > > domains, it seems unfortunate to effectively auto-ban these people from
>>> > > Chinese websites.
>> > 
>> > I did not experience any problems connecting to .cn while using a relay
>> > IP address. I think they are just blocking an IP:port combination and
>> > not the entire IP address.
>> > ...but things might change
> Hmm.  I wonder what happens if the packets are fragmented so that the
> TCP port information isn't in the first fragment...

a) a fragmented IP packet doesn't get blocked
b) they don't allow IP fragmentation (Don't Framgent Bit set)
c) their firewall is able to find out whether the fragment is part of a
blocked destination (IP:port)


More information about the tor-dev mailing list