中国ネットワーク事情のご紹介@AliEarters Fly to 上海#1 by takujiabe

Transcript

1. தࠃωοτϫʔΫࣄ৘ͷ
   ͝঺հ ˏ"MJ&BUFST
   'MZ
   UP
   ্ւ
   
   ҆෦୎࢘

2. ࣗݾ঺հ ɾ҆෦୎࢘
   !UBLVKJBCF
   ɾதࠃྦྷܭ೥
   ɾμΠΩϯ޻ۀ
   ɾ*P5঎඼Πϯϑϥͷӡ༻Λओʹ୲౰
   ɾ-JOVYɺ1ZUIPO౳
   ɾओʹ"84Λར༻
   ɾ%BUB$BNQ
   %BUB4DJFOUJTUೖक़த
   ɾ্ւ*5ΤϯδχΞͷձ
   ൃىਓ

3. ීஈͷ࢓ࣄ w *P5γεςϜӡ༻
   PO
   "84
   
   O
   w ࣾ಺γεςϜ΁ͷϖωτϨʔγϣϯςετ
   w ؂ࢹӡ༻ͷվળ
   w ࣾ಺֤4FSWFSͷ؅ཧͱ͔ɺ7.XBSF
   PS
   Ϋϥ΢υ΁ͷҠߦ

4. தࠃ"84ͷਏ͍ͱ͜Ζ

5. தࠃ"84ͷਏ͍ͱ͜Ζ

6. தࠃ"84ͷਏ͍ͱ͜Ζ ๺ژϦʔδϣϯ ೡՆϦʔδϣϯ

7. தࠃ"84ͷਏ͍ͱ͜Ζ ೡՆ3FHJPOʹ͸"84
   *P5͕ͳ͍ ʢҎલ͸ͳ͔ͬͨʣ

8. தࠃ"84ͷਏ͍ͱ͜Ζ ๺ژϦʔδϣϯ ೡՆϦʔδϣϯ

9. தࠃ"84ͷਏ͍ͱ͜Ζ %JSFDU
   $POOFDU͕
   $IJOB.PCJMFดҬ໢ ( ͱ઀ଓෆՄ

10. தࠃࠔͬͨ͋Δ͋Δ w ݕࡧΤϯδϯ͕࢖͑ͳ͍
    w (PPHMF
    w :BIPPݕࡧ
    w %VDL%VDL(P

11. தࠃࠔͬͨ͋Δ͋Δ w ιʔγϟϧϝσΟΞ͕ݟΒΕͳ͍
    w GBDFCPPL
    w UXJUUFS
    w *OTUBHSBN
    w

    1JOUFSFTU

12. தࠃࠔͬͨ͋Δ͋Δ w ಈըαΠτ͕ݟΒΕͳ͍
    w :PV5VCF
    w WJNFP
    w '$ಈը
    w

    χίχίಈը

13. தࠃࠔͬͨ͋Δ͋Δ w ίϛϡχέʔγϣϯπʔϧ͕ϒϩοΫ
    w NFTTFOHFS
    w -*/&
    w 8BUTBQQ΋ͨ·ʹ΍ΒΕΔ

14. http://tamakino.hatenablog.com/entry/2018/05/08/080000

15. தࠃࠔͬͨ͋Δ͋Δ w &$αΠτ͕ݟΒΕͳ͍ʢӽڥ&$ن੍ͷӨڹʣ
    w "NB[PO
    +BQBO
    w ָఱ

16. தࠃࠔͬͨ͋Δ͋Δ w ৘ใαΠτ͕ݟΒΕͳ͍
    w 8JLJQFEJB
    w ೔ܦ৽ฉ
    w #MPPNCFSH

17. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ w ଞʹ΋৭ʑݟΒΕͳ͍
    w ৽3
    w MJWFEPPSϒϩά
    w .FEJVN

18. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ "LBNBJͷ$%/΋ϒϩοΫ͞ΕͨΓ͢Δ

19. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ ೔ຊʹͭͳ͕Δ"MFYB͕࢖͑ͳ͍

20. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ

21. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ

22. ·ͩ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ ਌ѪͳΔ͓٬༷
    ฐࣾJ%$͸໌ޙ೔ͷ͔Β·Ͱ
    ఀిΛ൐͏ϝϯςφϯεΛߦ͍·͢ɻ
    αʔόʔ΋શஅ͢ΔͷͰਓΛग़ͤɻ

23. Great Firewall

24. ('8ͱ͸ w தࠃͷࠃࡍઢग़ޱʹઃஔ
    w ಛఆͷ*1ʹର͢Δ௨৴ΛःஅʢϒϥοΫϗʔϧԽʣ
    w ಛఆͷΩʔϫʔυΛؚΉ௨৴ͷःஅ
    w ಛఆͷϓϩτίϧ )551ɺϝʔϧܥ౳

    ͷ௨৴ΛݕӾ
    w %/4࠮শʹΑͬͯಛఆυϝΠϯΛःஅࡁΈ*1ʹ޲͚Δ
    w ϧʔςΟϯά͕தࠃΛ௨Δୈࡾࠃؒ௨৴΋ର৅ มΘΓଓ͚ΔγεςϜ

25. https://blog.thousandeyes.com/deconstructing-great-firewall-china/ https://blog.thousandeyes.com/the-war-between-chinas-great-firewall-and-circumvention-tools/

26. ࠷ۙͷ71/ࣄ৘ ʢ๭71/ࣄۀऀ͔ΒͷΞφ΢ϯεʣ

27. ࡢ໷ͷΦϨΦϨ4IBEPXTPDLTͷ໛༷ w 
    
    
    44
    TFSWFSͷϙʔτΛ൪ʹม͑ͯ͋͛Δ
    w 
    
    
    Ṗͷ๚໰ऀ
    w 
    
    
    ൪ϙʔτͷःஅ 44)͸ੜ͖ͯΔ ͜Ε୭ʁ

28. ࡢ໷ͷΦϨΦϨ4IBEPXTPDLTͷ໛༷ w 
    
    
    44
    TFSWFSͷϙʔτΛ൪ʹม্͑ͯ͛௚͢
    w 
    
    
    ͓٬༷དྷ๚
    w 
    
    
    *1ؙ͝ͱϒϩοΫ ͓٬༷

29. https://blog.thousandeyes.com/deconstructing-great-firewall-china/

30. %/4࠮শͷ࣮ݧ

31. None

32. $%/͕ίέͯΔ

33. ࠃ಺͔Β%/4ΛҾ͍ͯΈΔ $ dig a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN A

    ;; ANSWER SECTION: a248.e.akamai.net. 60 IN A 31.13.85.8 $ whois 31.13.85.8 % Abuse contact for '31.13.64.0 - 31.13.127.255' is '[email protected]' inetnum: 31.13.64.0 - 31.13.127.255 netname: IE-FACEBOOK-20110418 country: IE org: ORG-FIL7-RIPE admin-c: RD4299-RIPE tech-c: RD4299-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: fb-neteng mnt-routes: fb-neteng created: 2011-04-18T12:00:34Z last-modified: 2019-02-19T23:15:54Z source: RIPE # Filtered

34. ࠃ֎͔Β%/4ΛҾ͍ͯΈΔ $ dig a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN A

    ;; ANSWER SECTION: a248.e.akamai.net. 20 IN A 23.53.248.49 a248.e.akamai.net. 20 IN A 23.53.248.56 $ whois 23.53.248.49 NetRange: 23.32.0.0 - 23.67.255.255 CIDR: 23.64.0.0/14, 23.32.0.0/11 NetName: AKAMAI NetHandle: NET-23-32-0-0-1 Parent: NET23 (NET-23-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Akamai Technologies, Inc. (AKAMAI) RegDate: 2011-05-16 Updated: 2012-03-02 Ref: https://rdap.arin.net/registry/ip/23.32.0.0

35. ࠃ಺͔Βਖ਼͍͠*1ʹDVSMͯ͠ΈΔ $ curl -I -H 'Host: a248.e.akamai.net' -k https://23.53.248.49/f/248/29350/7d/ pict.sbisec.co.jp/sbisec/js/qr_search_engine.min.js?20150508

    HTTP/1.1 200 OK Server: Apache Last-Modified: Fri, 08 May 2015 06:21:12 GMT ETag: "2da0a-48d7-5158c08e944fe" Accept-Ranges: bytes Content-Length: 18647 Content-Type: application/javascript Date: Fri, 27 Sep 2019 14:38:09 GMT Connection: keep-alive X-N: S

36. தࠃࠃ಺͔ΒΛࢦఆͯ͠Ҿ͍ͯΈΔ $ dig @8.8.8.8 a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN

    A ;; ANSWER SECTION: a248.e.akamai.net. 80 IN A 173.252.110.21 $ whois 173.252.110.21 NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 NetName: FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent: NET173 (NET-173-0-0-0-0) NetType: Direct Assignment OriginAS: AS32934 Organization: Facebook, Inc. (THEFA-3) RegDate: 2011-02-28 Updated: 2012-02-24 Ref: https://rdap.arin.net/registry/ip/173.252.64.0

37. தࠃࠃ಺͔Βଞͷ%/4ͰҾ͍ͯΈΔ $ dig @210.224.163.4 a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN

    A ;; ANSWER SECTION: a248.e.akamai.net. 249 IN A 69.171.228.20 <= Facebook $ dig @210.224.163.4 a248.e.akamai.net +short 199.59.150.11 <= Twitter $ dig @210.224.163.4 a248.e.akamai.net +short 69.171.247.71 <= Facebook $ dig @210.224.163.4 a248.e.akamai.net +short 74.86.228.110 <= Softlayer

38. ࠃ಺͔Β%/4্͕͕ͬͯͳ͍
    αʔόʔͰҾ͍ͯΈΔ $ dig kembo-net.com +short 47.90.21.238 $ dig @47.90.21.238

    a248.e.akamai.net +short 199.59.148.209 <= Twitter $ dig @47.90.21.238 www.google.com +short 31.13.82.23 <= Facebook

39. ϒϩοΫ͞Εͯͳ͍υϝΠϯΛҾ͍ͯΈΔ $ dig kembo-net.com +short 47.90.21.238 $ dig @47.90.21.238 www.yahoo.co.jp

    ; <<>> DiG 9.10.6 <<>> @47.90.21.238 www.yahoo.co.jp ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached

40. %/4
    PWFS
    )5514Ͱ౤͛ͯΈΔ $ dig dns.google +short 8.8.4.4 8.8.8.8 $ curl -H

    'accept: application/dns-json' https://dns.google/dns-query? name=search.yahoo.co.jp&type=A curl: (7) Failed to connect to dns.google port 443: Operation timed out $ curl -H 'accept: application/dns-json' https://cloudflare-dns.com/dns-query? name=search.yahoo.co.jp&type=A {"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "search.yahoo.co.jp.", "type": 1}],"Answer":[{"name": "search.yahoo.co.jp.", "type": 5, "TTL": 628, "data": "edge12.g.yimg.jp."}, {"name": "edge12.g.yimg.jp.", "type": 1, "TTL": 19, "data": “183.79.250.251"}]} $ whois 183.79.250.251 … descr: Yahoo Japan

41. ຊ౰ʹ͋ͬͨා͍࿩ w "84্ʹΠϯτϥܥγεςϜΛҠߦ
    w Πϯτϥ͔Β71/ΛுͬͯηΩϡΞʹӡ༻
    w 71/͕ݪҼෆ໌ͷ઀ଓෆྑʹؕΔ
    w ࣾ಺نఆʹΑΓΠϯλʔωοτʹ΋ެ։Ͱ͖ͣɺೖΕͳ͍
    w

    ਺࣌ؒޙʹࣗવ෮چ

42. ຊ౰ʹ͋ͬͨා͍࿩ w ࠃ֎αʔόʔ͔Βࠃ಺αʔόʔ΁"1*࿈ܞ
    w ('8Λ·͙ͨ"1*࿈ܞʹࣦഊ͢Δ
    w ର৅4FSWFSʹDVSM͢ΔͱϨεϙϯε్͕தͰ੾ΕͯΔ
 5$1
    345

43. ຊ౰ʹ͋ͬͨා͍࿩ w ࠃ֎4FSWFS͔͠ͳ͍๭ࣾ4BB4͔Βࠃ಺αʔόʔ΁)5514 Ͱ"1*࿈ܞ
    w )5514ͷϨεϙϯε͕
    4FSWJDF
    6OBWBJMBCMFͰฦΔ
    w ࠃ಺αʔόʔʹ͸ϩάͳ͠
    w ࠃ಺ςετ؀ڥ΁ͷΞΫηε͸໰୊ͳ͠
    

    w )ޙɺࣗવ෮چ

44. ౎౓ɺݪҼΛཁௐࠪɻɻ

45. ਅ໘໨ʹಇ͍͍ͯΔެ҆ w ެ͔҆Β&MBTUJDTFBSDI্͕͕ͬͯΔαʔόʔ͕͋Δ͔Β ੬ऑੑͷରࡦ΍ͬͯΔ͔ճ౴ͤΑͱͷ͓ୡ͠
    w ެ͕҆&MBTUJDTFBSDIͷϙʔτΛεΩϟϯͯ͠ൃݟͯ͠Δ
    w ଟ෼ɺҎԼͷ੬ऑੑͷௐࠪ

46. ਅ໘໨ʹಇ͍͍ͯΔެ҆ w 8FCαΠτʹରͯ͠TRMNBQΛར༻ͯ͠ϖωτϨʔγϣ ϯςετ
    w ৵ೖʹ੒ޭͨ͠αΠτʹ͸ੋਖ਼ࢦࣔ
 ʢͱɺग़಄ใࠂ໋ྩʣ

47. தࠃͰ฻Β͢೔ຊਓΤϯδχΞͷπϥϛ w άάΕͳ͍ɺϠϑΕͳ͍
    w CBJEVͷݕࡧ݁Ռ͕෗ͬͯΔ
    
    %PHFEPHFׂ͕ͱ͍͍ Β͍͠
    w "84άϩʔόϧ͕ձࣾͰ࢖͑ͳ͍ʢؿථ໰୊ʣ
    w .BWFOͰϏϧυࣦഊɺQJQ͕ίέΔPSܹ஗͍

48. தࠃͷ͍͍ͱ͜Ζ w ࠃ͕੒௕͍ͯ͠Δʢ#"5ɺඒ๶ɺόΠτμϯεɺ )VBXFJɺ9JBPNJɺJ'MZUFLɺ4FOTF5JNF
    FUDʣ
    w εϐʔυ͕଎͘ɺܹมͷ࣌୅ͷதʹ਎Λஔ͚Δ
    w ଟগόάͬͯͯ΋จ۟ݴΘͳ͍ɺग़͙ͯ͢͠௚͢
    w ੜ׆ΊͬͪΌศར
    

    w ָ͍͠ʂ

49. ্ւ*5ΤϯδχΞͷձ w ϲ݄ʹ౓ΏΔ͍ҿΈձ
    w ΤϯδχΞͱ͍͏ؾ͕֓
 ͋Ε͹ࢀՃ0,
    w ʮδϟϐΦϯݟ·ͨ͠ʂʯ
 ͰॳճݩׂҾ͢Δ͔΋
    w

    8F$IBU
    
    UBLVKJBCF

50. ඇ*5ܥاۀͷΠϯϋ΢εΤϯδχΞͷ೰Έ w ϨΨγʔͳ΋ͷ͕ଟ͍
    w ੜ࢈ܥ΍ࣾ಺ΠϯϑϥܥͷόοΫάϥ΢ϯυ͕ଟ͍
    w *5اۀʹൺ΂ͯΤϯδχΞͷϨϕϧ͕௿͍
    w ٕज़ͷਐาʹਓͷ੒௕͕શ͘௥͍͔ͭͳ͍
    w

    ྲྀߦΓͷΩʔϫʔυʹགྷΒ͞Ε͕ͪ

51. ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ