Case report on GFW’s continued interference with normal overseas IP access in late August 2022

Leave a Comment / 24/08/2022 /

Original link: https://www.blueskyxn.com/202208/6452.html

2022年8月下旬GFW持续干扰境外IP正常访问的案例报告

foreword

After the Central Propaganda Department held a series of press conferences on the theme of “This Decade of China” on August 19, and after the Central Cyberspace Administration and other departments issued documents, GFW continued to interfere, block and pollute overseas IPs. The latest and greatest in recent years.

At the same time, the tricks are indeed of the inferior three. I blocked them, but I did not block them, because sometimes, some places, and some networks are active, and some are not. You say I have a wall, but I don’t have a wall, you say I don’t have a wall, but people just can’t open it, you say people can’t open it, but some people can open it.

Oracle related case studies

GFW randomly blocks HTTPS in these areas and IP segments of Oracle Cloud

  • Oracle Phoenix, paragraphs 158 and 129
  • Oracle bone script Chuncheon paragraphs 152, 129, 146
  • Oracle London Section 132

Because in these environments with the same bad network (packet loss delay), the speed of the following web pages is basically 200, and the above abnormal IP segment is a large number of failures

  • Oracle Melbourne Section 168
  • Oracle Dubai Section 193

Considering the actual use of users in mainland China, there are indeed many illegal uses that focus on abnormal IP segments.

CloudFlareCDN related case analysis

For peer’s GcoreCDN, almost all normal 200

In theory, CloudFlareCDN, which has a better network, is abnormal in many IP segments.

On the evening of August 23, 2022, I tested some IP segments, and got the known abnormal IP segments of CF CDN (tested on real machines):

  • 172.65.253.X
  • 104.17.126.X
  • 104.17.80.X
  • 104.18.66.X
  • 104.16.86.X
  • 104.26.6.X
  • 104.16.2.X
  • 172.64.2.X
  • 172.64.128.X
  • 172.64.192.X
  • 104.16.248.X

The known normal IP segments of CF CDN (tested on real machines) are:

  • 172.66.42.X
  • 172.67.68.X
  • 172.67.0.X
  • 103.21.244.X
  • 188.114.96.X

In the case of the same ordinary garbage line, the three networks have random exceptions (failure, not 200), and the normal IP is almost all 200, but it is a bit slower, which does not seem to be “stuck” to explain.

CloudFlare, as one of the world’s largest CDN providers and the problem of free services, has a large number of users. This move will undoubtedly cause a large number of websites to be unable to access normally (note that it is unable to access normally, not inaccessible, because some can be accessed, some no)

At the same time, I also found a domain name that is whitelisted in some IPs (I don’t know if it is invalid to change the IP or blocked by the firewall): www.gov.hk

On August 24, 2022, I will revisit some of the above IPs

172.65.253.X [Most return to normal]

104.17.126.X [The mobile part is abnormal, Telecom Unicom is abnormal in a large area]

104.17.80.X【Large area anomaly】

104.18.66.X【Large area anomaly】

104.16.86.X【Large area anomaly】

104.26.6.X【Large area anomaly】

104.16.2.X【Large area anomaly】

172.64.2.X [Large area of ​​mobile abnormality, some abnormality of Telecom Unicom]

172.64.128.X [most of them are back to normal, some moving parts are abnormal]

172.64.192.X [mostly return to normal]

104.16.248.X [mostly return to normal]

104.25.55.X【Large area anomaly】

104.19.104.X【Large area anomaly】

104.19.0.X【Large area anomaly】

172.66.42.X [Keep Normal]

172.67.68.X [Keep Normal]

172.67.45.X [Keep Normal]

172.67.0.X [Keep normal]

103.21.244.X [Keep normal]

188.114.96.X【Large area anomaly】

At the same time, it was found that the same situation occurred on many websites using CloudFlareCDN, including but not limited to www.gov.hk.

It is recommended that CloudFlare users use methods such as DNS partition resolution, use G-CoreCDN, AWSCFT and other methods, select normal self-selected IP/reverse IP and other methods when targeting users in mainland China, and build their own reverse generation servers to solve this problem.

US CN2 related case analysis

On August 15, 2022, it was detected that the CN2 hosts of server merchants including but not limited to DMIT and bandwagonhost were obviously abnormal when they were accessed in mainland China, with a packet loss rate of 20~60%, and appeared on the three networks at the same time. However, other physical reasons cannot be ruled out.

However, as of August 24, 2022, the CN2GIA network in the United States still has an abnormal phenomenon of intermittent blockage.

This article is reprinted from: https://www.blueskyxn.com/202208/6452.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment