|
Posted by Ansgar -59cobalt- Wiechers on April 30, 2008, 11:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Am Wed, 30 Apr 2008 03:17:11 -0700 schrieb Chilly8:
>> I doubt it. If you are using a VPN network, The Chinese government
>> cannot analyse, crack, monitor, or sniff your connection. Anything on
>> VPN cannot be monitored by the local auhorities, becuase it is
>> encrypted.
>
> They can't read it does not mean they don't filter. Every filter slows
> traffic down and if ther is enough traffic ....
It has been explained to him repeatedly that even though the contents
of an encrypted connection can't be read the connection itself can very
well be identified and filtered. He just chooses to ignore that. Don't
feed the idiot.
cu
59cobalt
P.S.: Role mailboxes like postmaster@ exist for well-defined purposes.
Please don't mis-use them for anything else.
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
|
|
Posted by Burkhard Ott on May 1, 2008, 2:57 am
If you were Registered and logged in, you could reply and use other advanced thread options
Am Wed, 30 Apr 2008 17:25:01 +0200 schrieb Ansgar -59cobalt- Wiechers:
> P.S.: Role mailboxes like postmaster@ exist for well-defined purposes.
> Please don't mis-use them for anything else.
You are right, I changed it.
Thx for the hint.
|
|
Posted by Chilly8 on May 2, 2008, 4:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
X-No-Archive: Yes
>> Am Wed, 30 Apr 2008 03:17:11 -0700 schrieb Chilly8:
>>> I doubt it. If you are using a VPN network, The Chinese government
>>> cannot analyse, crack, monitor, or sniff your connection. Anything on
>>> VPN cannot be monitored by the local auhorities, becuase it is
>>> encrypted.
>>
>> They can't read it does not mean they don't filter. Every filter slows
>> traffic down and if ther is enough traffic ....
>
> It has been explained to him repeatedly that even though the contents
> of an encrypted connection can't be read the connection itself can very
> well be identified and filtered. He just chooses to ignore that. Don't
> feed the idiot.
Well, VPN should always be used, when connecting a US office to a
foreign office, because of the fact that changes in the law now allow
the American authorities to monitor any communications without a
warrant. If you use VPN, the spooks in Washington cannot analyse
or monitor your communications.
|
|
Posted by Digital Mercenary For Honor on April 30, 2008, 4:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> My question is if this is the expected performance for connectivity
> between the US and China? I know that the chinese goverment filters
There might be some general network performance issues, which you
should examine through trace analysis to see if this is network malaise
and something client-fixable or it's really slow performance through
the ISP, it's worth the look.
I can confirm that the Chinese do filter and analyze traffic, I've
experienced this in the 2000's in travel there, where, when using
standard ports for protocols like http (80/tcp) and IM communication my
services disconnected and slowed down to a crawl. Trace analysis of my
own socket communication definitely showed that I was being
transparently proxied and also filtered by making a connection through
to a host in another country where I could see the "results" of the
communication, which showed invalid values for TCP windowing and TTL
values that proved a new socket connection was being made on behalf of
my host's original request (not even close to the correct hop-count or
TCP personality of my host).
Once I switched to use a secured tunnel, my performance actually
*improved*. While I don't know the legality of this, some potential
fixes are:
- Change your infrastructure to use non-standard port connections for
Citrix and any other application, or rotate the TCP/UDP ports used on a
regular basis to keep "hopping around".
- Encrypt everything with some QoS applied to preserve some semblance
of performance. The Open Source OpenVPN package is quite good for this,
and it's easy to tunnel everything through and change TCP/UDP ports on
a regular basis.
- Consider aggregating your Chinese connectivity to a neutral /
friendlier country nearby such as Japan or Korea so that the RTT /
latency from an end-point to an end-point is less, and then you can
take a "bundle" of your connections from China over unfiltered
bandwidth to wherever your corporate HQ is, potentially avoiding the
penalty of having both an under-performing filtering system and a
long-distance pipe both hitting your bandwidth.
- TCP/IP stacks need performance tuning when operating in special
conditions like this. Most OS's tune themselves for LAN-type access or
web-server performance where there are many incoming connections. This
doesn't suit this connection profile you're mentioning. Along with the
OpenVPN idea, it may be worth tuning those theoretical VPN boxes with
TCP/IP stack personalities that handle the long-thin or long-fat lossy
pipe problem. TCP Hybla, TCP BIC, or TCP CUBIC can help here - they are
all modifications of how the congestion-avoidance algorithm works in
TCP/IP.
Good luck.
/dmfh
--
_ __ _
__| |_ __ / _| |_ 01100100 01101101
/ _` | ' \| _| ' \ 01100110 01101000
\__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx
|
| Similar Threads | Posted | | ZA causes very slow boot | November 11, 2004, 5:43 am |
| internet speed browsing slow | February 9, 2005, 4:33 am |
| Does IPS in sonicwall slow download speed down? | February 16, 2005, 10:26 pm |
| Shared printer very slow with Windows Firewall | March 11, 2005, 7:42 am |
| [ IPCOP ] slow smtp flow from GREEN to ORANGE | April 7, 2005, 12:55 am |
| Think that China is reading here to. | April 6, 2005, 1:35 pm |
| IPSEC tunnel in China | April 12, 2005, 11:22 pm |
| VPN to China between Cisco Pix 515 and Netgear FVS318 | March 8, 2005, 8:48 am |
| Incoming port accesses from China | January 8, 2006, 4:34 pm |
| Trouble - Strange behaviour on VPN to China | May 4, 2006, 10:29 am |
|
XML site map