Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sourceforge.net Blocked In Mainland China

Posted by timothy on

gzipped_tar contributed a link to Moonlight Blog, which says that "SourceForge, the world's largest development and download repository of Open Source code and applications, appears to be blocked in Mainland China. The current blocking may be related to the recent anti-China protests of Beijing Olympic Games, which will begin on 8 August. Some days before, a very popular free source code editor in SourceForge named Notepad++ start to boycott Beijing 2008. The project's developer said that the action is not against Chinese people, but against Chinese government's repression against Tibetan unrest earlier in this year. SF.net has once been banned by China in 2002. However, the ban was lifted later in 2003." gzipped_tar adds: "As a SourceForge user in Beijing, I can confirm this first-hand. I also tried traceroute to sourceforge.net, only to find the connection being dropped at a Beijing ISP's gateway router. It appears that the projects' respective homepages are available even if they are hosted by SF, but the summary and download pages are blocked." (As you probably know, Slashdot and Sourceforge share a corporate overlord.)

2 of 279 comments (clear)

  1. Re:How is it blocked by Paralizer · · Score: 5, Informative

    As a SourceForge user in Beijing, I can confirm this first-hand. I also tried traceroute to sourceforge.net, only to find the connection being dropped at a Beijing ISP's gateway router.
    Sounds like their router (or firewall) has a null route (or some equivalent device) for SF's IP addresses rather than where they are normally supposed to be sent to, ie the next closest router. DNS is just for IPhostname conversions, which would be done before the traceroute even starts (if he did traceroute sf.net).
  2. Re:How is it blocked by houjenming · · Score: 5, Informative

    Posting from Shanghai.

    There are at least a couple of methods to the GFW. One, which you mentioned, is the bi-directional RST packet method. This is typically reserved for the higher infractions, such as searching in google or yahoo for the religious group "Fa1unG 0ng" ( i can't actually spell it out, lest the RST packets disconnect me from slashdot for a while). Or sometimes, there will be something similar, like tÂbet (inverted exclamation used here for 'i' - ) in a web page - the page will load halfway, the GFW will see that and then the page will disappear with a "the connection was reset" (in firefox, of course). Different keywords are bad at different times for different people. Lack of reliable and clear No-No words keeps people unsure and reluctant to take chances, which is undoubtedly more effective than telling people exactly what they can't do. For the *most* part, domains are not blocked this way. There *are* some exceptions, like xanga.com, for whatever reason.

    Second: Usually, IP blocks (or full-domain/subdomain blocks, which i think are just IP blocks) come in the form of a connection that times out, or firefox resulting in a "The server at sourceforge.net is taking too long to respond." (IE produces the same error for both the above mentioned situations). It is my belief that the method in one of the parent posts (null-route or something to that effect) is used for these type of blocks.

    The reason, I guess, is that the first kind of block, where the server is sending out lots of RST packets, and has to *SCAN* the entire payload of each POST/GET, and its entire response, is very resource-heavy, and having to scan for too much stuff would be a lot more expensive than just Null-routing a bunch of IP addresses.

    For the second kind of block, a proxy server works quite well (furthering my suspicion that it's actually just an IP block). For the first kind (RSTpacket kind), you need a secure connection like a VPN, or other terminal-type connection where plaintext is not so visible.