2011年3月25日星期五
中国如何修改网络流量
Google指控中国故意干扰Gmail服务,让中国用户以为故障出在Google身上。那么中国政府是如何做的?《MIT技术评论》报导,安全专家认为中国最有可能使用的是“透明代理”,拦截和转发网络信息,快速修改通信内容。
Security experts say that China is most likely using invisible intermediary servers, or "transparent proxies," to intercept and relay network messages while rapidly modifying the contents of those communications. This makes it possible to block e-mail messages while making it appear as if Gmail is malfunctioning.
企业常用透明代理去过滤雇员的网络访问,ISP也常常会用透明代理将网站上的广告替换成自己的广告。当政府试图审查和跟踪持不同政见者时透明代理日益普遍。一个网络的所有流量被迫通过代理,所有的通信被监视和即时修改。拦截和转发流量又被称为“中间人攻击”。
Companies regularly use transparent proxies to filter employees' Web access. Some ISPs have also used the technique to replace regular Web advertisements with those of their own. But it's becoming increasingly common for governments to use transparent proxies to censor and track dissidents and protestors. All traffic from a certain network is forced through the proxy, allowing communications to be monitored and modified on the fly. Intercepting and relaying traffic is known as a "man in the middle" attack.
所做的只是重写返回到用户的内容。中国的ISP可以利用透明代理跟踪每一位Gmail用户,可以通过植入JavaScript键盘记录程序,记录所有行动。
"What you are doing is rewriting the content as it is delivered back to the user," says Nicholas J. Percoco, the head of SpiderLabs, which is part of the security firm Trustwave. Percoco said China's ISP could track everyone who uses Gmail. To do this, it would "inject a JavaScript keystroke logger, which would record every keystroke they typed on the service."
防御这类攻击很难,特别是ISP拥有有效加密证书,几乎所有的主要ISP都拥有。防止中间人攻击的方法是使用HTTPS加密访问。但在微软发布的安全公告中列举了9个流行网站的伪造证书,伪造的CA证书可以拦截加密通信。
Defenses against the attack are few, especially if the Internet service provider has a valid cryptographic certificate, which all major national ISPs should have. Using a protocol known as HTTPS can prevent a man-in-the-middle attack, because it encrypts information in transit. However,, Microsoft revealed in a security advisory issued today that it had detected nine fraudulent certificates for popular Web sites, including Google Mail, Microsoft's Live service, and Yahoo's services. These fake certificates could also be used to intercept encrypted communications.
Google称,中国对Gmail的干扰是临时性的屏蔽和解封,突尼斯也被发现采用透明代理试图劫持抗议者的Facebook帐号。
标签: gmail
订阅 博文 [Atom]