> Gmail can be blocked by simply blocking Google's SSL certificate(s). > > When you visit Gmail, Google sends your browser its SSL Server > Certificate. Without this certificate, no connection can be made. > > For example, running the following command, then browsing to > <https://mail.google.com/>, will produce the following output: > > $ sudo ngrep -d eth0 -x 'Google Inc' > ... > 47 6f 6f 67 6c 65 20 49 6e 63 31 18 30 16 06 03 Google Inc1.0... > 55 04 03 14 0f 6d 61 69 6c 2e 67 6f 6f 67 6c 65 U....mail.google > 2e 63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 .com0..0...*.H.. > ... > > This output shows part of Google's ASN.1 encoded X.509 certificate. > > Therefore, the following Linux firewall commands will stop any > connection to Gmail: > > $ sudo iptables -I INPUT -m string --algo bm --hex-string > '|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|' > -j DROP > > Try it, you will get a connection timeout: > > $ curl --connect-timeout 60 https://mail.google.com/ > curl: (28) SSL connection timeout > > The same applies for Twitter, Facebook... Much more efficient than > DNS/IP blocking! >
Thanks for the information. I was not actually aware of that you can block with iptables using hex strings. Very nice. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
