Search results

When I use gcp -pR to recursively copy a directory to another, there always is an error: preserving permissions for `xxxx': Invalid argument Later I find such kinds of problems only occur on the partition mounted with acls flag set. I want to ask if it is the gcp that cannot work with the...

I said it's unexpected because it wouldn't appear in a normal connection, but dropping the reset packet does not solve this issue. All I want is a rule like the iptables rule I gave to identify the packet containing the above html content and drop it. Now I know it cannot be that easy by...

Sorry, I didn't get what you meant. I mean, when the browser gets the fake html content you mentioned above, it should send a ACK packet back to the server, but it's a ACK to the fake packet, so the web server then sends a RST packet. Yes, it's unexpected.

This issue might not be considered as a sort of censorship because of the apparent commercial behaviors, but it does show how the individual's rights aren't protected. Off topic.:)

Sorry maybe I have misguided you guys. If you take a look at the dump again, you can find a packet with flag RESET at about line 161. If I analyzed it correctly, the whole process should be: When the fake packet attend before the real one, the browser would give a response, but this would...

Okay here it is: iptables -I FORWARD -p tcp --sport 80 --tcp-flags FIN,PSH,ACK FIN,PSH,ACK -m tos --tos 0x10/0x3f -m string --algo bm --string "hijack keyword" -j DROP The keyword is something in the HTTP section of the packet

After checking that rule I found one thing: the rule involves a string match which I think is a Layer7 functionality. Now I realize PF cannot provide this kind of checking. Thanks all the same.

Honestly speaking, I'm from China and the ISP is ChinaTelecom. Actually many people have encountered this, a Joe Sixpack may just bear it because he does not know what's going on under the hood, on the other side many IT guys do know and have called them for complaint. The problem is: Sometimes...

Thanks for your concern. I don't know what technology they use, but I can confirm that if I drop the fake packet the real response would attend because the key of this tech is the fake packet attends *FIRST*, so the browser drops the latter one. I'm so sure because my friend uses a Linux...

I'm sure they do tricks in IP layer and TCP layer. If you know I'm from the country which built the largest censoring network in the world, you may believe they have the techs and motivations to do so. sigh...

BTW, can OP tell us which version of iOS includes PF, and with or without jailbreak? Thanks

Not all in application I think, I found some characteristics of such kind of packets: 1. in IP header, the fake packet has its TOS(type of service) set to 0x10, meaning minimize delay and has different TTL. 2. in TCP header, the fake packet has its flags set to FIN PSH ACK. All I want...

1. It depends on browser. 2. what's more, the iframe still exists even if advertisements do not show up, this sometimes influences the browsing experience and web dev much.

Background: My ISP is doing evil, it will randomly insert malicious packets to my HTTP connections to hijack my browser and push their advertisements. The process is: When you send out a Get request, ISP will immediately return a packet which contains a iframe pointing to my target before...

I'm new to FreeBSD, so I thought it would have the same concept. Never mind, I solved this specific problem myself. Miredo has a script called client-hook, which is called when teredo tunnel is established and is to set up routing: .... case "$STATE" in up) "$IFCONFIG"...

Sorry, it's a concept on other platform. Maybe the correct question is how to make balance route when having multi-interface

It seems there is no routing metric concept in FreeBSD, so I cannot use different default routes with different metrics.

I have a native IPv6 setting that worked well until I installed the miredo client. After starting the miredo daemon, it will create a new default route overriding the original one. My intention is to use miredo to connect to other teredo nodes, not for IPv6 surfing. And, according to the...