An anonymous reader writes: Westerners living in China are getting used to Connection Rests after bumping into sensitive keywords in Google search results. After that the computer will not be able to open any websites in 1-2 minutes. Many people hate it, but do you know? It also helped people defeat hackers from China
A Chinese blogger blogged about how he helps his friend successfully defended his web space hosted on a HK server with the help of GrFW. The connection limit of their account is 500 and it's constantly suffering from "Service Unavailable". There is nothing unusual in their IP and VP records. But their server log bloated from 22M to 169M in the recent two days.There are 1million requests from 500 unique IP targeting a single asp page. The attacker is flooding the asp page without valid id parameter causing database query errors. He fixed the parameter check flaw. but still the cc attack is overwhelming the server. After their service provider changed their IP, He came up with a brilliant idea. The guy directed all request without valid parameters to to an address ended with a GrFiW approved sensitive keyword. "/?min9hui" (9 should be g).
China GFiW approved keywords are classified and filtered on different levels some are inspected by DPI. Will these key words become migic spell protecting our web from crawler and flooders from China ? God knows. But GrFW indeed helped the Chinese op effectively cooled the flooder down. According to his test, he refreshed the website 20 times both with and without this keyword. With the keyword, only 3 requests appear in server log. while without the keyword 20 request arrived his server, none miss.As a comment in the blog pointed out that this trick only works for cc attack, request flood, but has no effect on DDoS attack with fragmented packets. What about running a t0r relay to win a IP black hole ;)