hello great firewall
I'm in the public library, in the USA, and outgoing SMTP connections are MITM'd, and STARTTLS is filtered out.
joey@darkstar:~>telnet kitenet.net smtp Trying 220.127.116.11... Connected to kite.kitenet.net. Escape character is '^]'. 220 kitenet.net ESMTP Postfix (Debian/GNU) STARTTLS 500 Syntax error, command unrecognized
Compare with the same command run from elsewhere.
Amazing. I don't know where to start. Well, other than configuring my laptop's MTA to force use of TLS so this downgrade attack doesn't work, and bringing up my ipv6 tunnel or tor to bypasses this.
This kind of problem is one of the reason we (neutrinet.be) and the FFDN federation, are building alternative and associative Internet Service Providers. We propose to the users to assemble in small ISP they control by their votes as members and not paying as clients.
Our first project in Neutrinet is to gives users a box alike the Freedombox with a VPN connection, so it cleans up a dirty and spyied over internet connection by a commercial ISP...
 we have tested this method against the Great Firewall of China with success ;)
Claes Wallin (韋嘉誠) likes this.