62 chapter 4 Protocol Tunneling The Great firewall China's Golden Shield project, widely known to the rest of the world as the Great Firewall of China, is an attempt to control access to the Internet by various methods, including blocking certain Internet addresses, blocking or redirecting specific hosts and domains, URL filtering, and even packet filtering. G Despite these efforts, there are still unblocked communications channels (or nothing would get through). This has spawned a cottage industry of tools for bypassing the Great Firewall. Some of these include the following. · · The Gollum "browser" uses advanced Web technology to allow access to the English language Wikipedia from within China. H Freegate and UltraSurf are anti-censorship tools that use P2P-like protocol tunnel network to transmit data. I Setting up a Channel with SSH One of the most common protocol tunnels to establish is a secure shell (SSH) tunnel. This uses the SSH tool to create an encrypted tunnel between two computers. The channel encrypts and decrypts any data sent, and any informa- tion may be sent through the channel. This allows setting up secure versions of otherwise insecure connections, such as mail, File Transfer Protocol, and remote desktop. It can also be used to bypass a firewall. Suppose you've discovered that you can't access some service from work (bit- torrent, instant messaging, or perhaps your favorite "graphics" site). Or perhaps you don't like having your Internet browsing monitored. Sure, you spend most of your time at work on social networking sites arguing about whether Kirk or Picard was the best captain of the Enterprise, but that's not your boss' business, now is it? You decide to use SSH to create a secure tunnel, bypass the company firewall and packet monitoring system, and cloak your traffic. Recall what is needed for protocol tunneling. You have access to your machine at work (inside the firewall), but you need access to a machine outside the firewall. There are a few possibilities. · You can get an SSH account on an SSH provider. There are many Internet service providers (ISPs) that offer SSH accounts, at varying prices. A quick visit to Google at the time of writing turned up several sites with plans under $10 per month. J G On May 20, 2008, the U.S. Senate Judiciary Committee held a hearing titled "Global Internet Free- dom: Corporate Responsibility and the Rule of Law" that discusses both Internet censorship and the technologies that are used to bypass it. At the time of writing the webcast and transcripts are available from http://judiciary.senate.gov/. In particular, Dr. Shiyu Zhou discussed China's Golden Shield proj- ect and the role of U.S. companies operating in China. H http://gollum.easycp.de/en/ I Freegate: www.dit-inc.us/freegate/. UltraSurf: www.ultrareach.com/. J The site www.red-pill.eu/freeunix.shtml lists (at the time of writing) several free shell providers, including http://freeshell.org/ and www.grex.org/.