中国ネットワーク事情のご紹介@AliEarters Fly to 上海#1 by takujiabe

D5b8fc98ec44dc520a334b15dd9c3f03?s=47 takujiabe
September 28, 2019

中国ネットワーク事情のご紹介@AliEarters Fly to 上海#1 by takujiabe

2019/9/28に上海で行われたAliEarters Fly to 上海#1 に登壇した際の資料を公開しました。
中国あるあるネタ、最近のGreat Firewallの挙動等について、実際の挙動の確認も混ぜてご紹介しました。

D5b8fc98ec44dc520a334b15dd9c3f03?s=128

takujiabe

September 28, 2019
Tweet

Transcript

  1. தࠃωοτϫʔΫࣄ৘ͷ ͝঺հ ˏ"MJ&BUFST'MZUP্ւ ҆෦୎࢘

  2. ࣗݾ঺հ ɾ҆෦୎࢘!UBLVKJBCF ɾதࠃྦྷܭ೥ ɾμΠΩϯ޻ۀ ɾ*P5঎඼Πϯϑϥͷӡ༻Λओʹ୲౰ ɾ-JOVYɺ1ZUIPO౳ ɾओʹ"84Λར༻ ɾ%BUB$BNQ%BUB4DJFOUJTUೖक़த ɾ্ւ*5ΤϯδχΞͷձൃىਓ

  3. ීஈͷ࢓ࣄ w *P5γεςϜӡ༻PO"84 O w ࣾ಺γεςϜ΁ͷϖωτϨʔγϣϯςετ w ؂ࢹӡ༻ͷվળ w ࣾ಺֤4FSWFSͷ؅ཧͱ͔ɺ7.XBSFPSΫϥ΢υ΁ͷҠߦ

  4. தࠃ"84ͷਏ͍ͱ͜Ζ

  5. தࠃ"84ͷਏ͍ͱ͜Ζ

  6. தࠃ"84ͷਏ͍ͱ͜Ζ ๺ژϦʔδϣϯ ೡՆϦʔδϣϯ

  7. தࠃ"84ͷਏ͍ͱ͜Ζ ೡՆ3FHJPOʹ͸"84*P5͕ͳ͍ ʢҎલ͸ͳ͔ͬͨʣ

  8. தࠃ"84ͷਏ͍ͱ͜Ζ ๺ژϦʔδϣϯ ೡՆϦʔδϣϯ

  9. தࠃ"84ͷਏ͍ͱ͜Ζ %JSFDU$POOFDU͕ $IJOB.PCJMFดҬ໢ ( ͱ઀ଓෆՄ

  10. தࠃࠔͬͨ͋Δ͋Δ w ݕࡧΤϯδϯ͕࢖͑ͳ͍ w (PPHMF w :BIPPݕࡧ w %VDL%VDL(P

  11. தࠃࠔͬͨ͋Δ͋Δ w ιʔγϟϧϝσΟΞ͕ݟΒΕͳ͍ w GBDFCPPL w UXJUUFS w *OTUBHSBN w

    1JOUFSFTU
  12. தࠃࠔͬͨ͋Δ͋Δ w ಈըαΠτ͕ݟΒΕͳ͍ w :PV5VCF w WJNFP w '$ಈը w

    χίχίಈը
  13. தࠃࠔͬͨ͋Δ͋Δ w ίϛϡχέʔγϣϯπʔϧ͕ϒϩοΫ w NFTTFOHFS w -*/& w 8BUTBQQ΋ͨ·ʹ΍ΒΕΔ

  14. http://tamakino.hatenablog.com/entry/2018/05/08/080000

  15. தࠃࠔͬͨ͋Δ͋Δ w &$αΠτ͕ݟΒΕͳ͍ʢӽڥ&$ن੍ͷӨڹʣ w "NB[PO+BQBO w ָఱ

  16. தࠃࠔͬͨ͋Δ͋Δ w ৘ใαΠτ͕ݟΒΕͳ͍ w 8JLJQFEJB w ೔ܦ৽ฉ w #MPPNCFSH

  17. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ w ଞʹ΋৭ʑݟΒΕͳ͍ w ৽3 w MJWFEPPSϒϩά w .FEJVN

  18. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ "LBNBJͷ$%/΋ϒϩοΫ͞ΕͨΓ͢Δ

  19. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ ೔ຊʹͭͳ͕Δ"MFYB͕࢖͑ͳ͍

  20. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ

  21. ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ

  22. ·ͩ·ͩ͋Δதࠃࠔͬͨ͋Δ͋Δ ਌ѪͳΔ͓٬༷ ฐࣾJ%$͸໌ޙ೔ͷ͔Β·Ͱ ఀిΛ൐͏ϝϯςφϯεΛߦ͍·͢ɻ αʔόʔ΋શஅ͢ΔͷͰਓΛग़ͤɻ

  23. Great Firewall

  24. ('8ͱ͸ w தࠃͷࠃࡍઢग़ޱʹઃஔ w ಛఆͷ*1ʹର͢Δ௨৴ΛःஅʢϒϥοΫϗʔϧԽʣ w ಛఆͷΩʔϫʔυΛؚΉ௨৴ͷःஅ w ಛఆͷϓϩτίϧ )551ɺϝʔϧܥ౳

    ͷ௨৴ΛݕӾ w %/4࠮শʹΑͬͯಛఆυϝΠϯΛःஅࡁΈ*1ʹ޲͚Δ w ϧʔςΟϯά͕தࠃΛ௨Δୈࡾࠃؒ௨৴΋ର৅ มΘΓଓ͚ΔγεςϜ
  25. https://blog.thousandeyes.com/deconstructing-great-firewall-china/ https://blog.thousandeyes.com/the-war-between-chinas-great-firewall-and-circumvention-tools/

  26. ࠷ۙͷ71/ࣄ৘ ʢ๭71/ࣄۀऀ͔ΒͷΞφ΢ϯεʣ

  27. ࡢ໷ͷΦϨΦϨ4IBEPXTPDLTͷ໛༷ w 44TFSWFSͷϙʔτΛ൪ʹม͑ͯ͋͛Δ w Ṗͷ๚໰ऀ w ൪ϙʔτͷःஅ 44)͸ੜ͖ͯΔ ͜Ε୭ʁ

  28. ࡢ໷ͷΦϨΦϨ4IBEPXTPDLTͷ໛༷ w 44TFSWFSͷϙʔτΛ൪ʹม্͑ͯ͛௚͢ w ͓٬༷དྷ๚ w *1ؙ͝ͱϒϩοΫ ͓٬༷

  29. https://blog.thousandeyes.com/deconstructing-great-firewall-china/

  30. %/4࠮শͷ࣮ݧ

  31. None
  32. $%/͕ίέͯΔ

  33. ࠃ಺͔Β%/4ΛҾ͍ͯΈΔ $ dig a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN A

    ;; ANSWER SECTION: a248.e.akamai.net. 60 IN A 31.13.85.8 $ whois 31.13.85.8 % Abuse contact for '31.13.64.0 - 31.13.127.255' is 'domain@fb.com' inetnum: 31.13.64.0 - 31.13.127.255 netname: IE-FACEBOOK-20110418 country: IE org: ORG-FIL7-RIPE admin-c: RD4299-RIPE tech-c: RD4299-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: fb-neteng mnt-routes: fb-neteng created: 2011-04-18T12:00:34Z last-modified: 2019-02-19T23:15:54Z source: RIPE # Filtered
  34. ࠃ֎͔Β%/4ΛҾ͍ͯΈΔ $ dig a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN A

    ;; ANSWER SECTION: a248.e.akamai.net. 20 IN A 23.53.248.49 a248.e.akamai.net. 20 IN A 23.53.248.56 $ whois 23.53.248.49 NetRange: 23.32.0.0 - 23.67.255.255 CIDR: 23.64.0.0/14, 23.32.0.0/11 NetName: AKAMAI NetHandle: NET-23-32-0-0-1 Parent: NET23 (NET-23-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Akamai Technologies, Inc. (AKAMAI) RegDate: 2011-05-16 Updated: 2012-03-02 Ref: https://rdap.arin.net/registry/ip/23.32.0.0
  35. ࠃ಺͔Βਖ਼͍͠*1ʹDVSMͯ͠ΈΔ $ curl -I -H 'Host: a248.e.akamai.net' -k https://23.53.248.49/f/248/29350/7d/ pict.sbisec.co.jp/sbisec/js/qr_search_engine.min.js?20150508

    HTTP/1.1 200 OK Server: Apache Last-Modified: Fri, 08 May 2015 06:21:12 GMT ETag: "2da0a-48d7-5158c08e944fe" Accept-Ranges: bytes Content-Length: 18647 Content-Type: application/javascript Date: Fri, 27 Sep 2019 14:38:09 GMT Connection: keep-alive X-N: S
  36. தࠃࠃ಺͔ΒΛࢦఆͯ͠Ҿ͍ͯΈΔ $ dig @8.8.8.8 a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN

    A ;; ANSWER SECTION: a248.e.akamai.net. 80 IN A 173.252.110.21 $ whois 173.252.110.21 NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 NetName: FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent: NET173 (NET-173-0-0-0-0) NetType: Direct Assignment OriginAS: AS32934 Organization: Facebook, Inc. (THEFA-3) RegDate: 2011-02-28 Updated: 2012-02-24 Ref: https://rdap.arin.net/registry/ip/173.252.64.0
  37. தࠃࠃ಺͔Βଞͷ%/4ͰҾ͍ͯΈΔ $ dig @210.224.163.4 a248.e.akamai.net ;; QUESTION SECTION: ;a248.e.akamai.net. IN

    A ;; ANSWER SECTION: a248.e.akamai.net. 249 IN A 69.171.228.20 <= Facebook $ dig @210.224.163.4 a248.e.akamai.net +short 199.59.150.11 <= Twitter $ dig @210.224.163.4 a248.e.akamai.net +short 69.171.247.71 <= Facebook $ dig @210.224.163.4 a248.e.akamai.net +short 74.86.228.110 <= Softlayer
  38. ࠃ಺͔Β%/4্͕͕ͬͯͳ͍ αʔόʔͰҾ͍ͯΈΔ $ dig kembo-net.com +short 47.90.21.238 $ dig @47.90.21.238

    a248.e.akamai.net +short 199.59.148.209 <= Twitter $ dig @47.90.21.238 www.google.com +short 31.13.82.23 <= Facebook
  39. ϒϩοΫ͞Εͯͳ͍υϝΠϯΛҾ͍ͯΈΔ $ dig kembo-net.com +short 47.90.21.238 $ dig @47.90.21.238 www.yahoo.co.jp

    ; <<>> DiG 9.10.6 <<>> @47.90.21.238 www.yahoo.co.jp ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
  40. %/4PWFS)5514Ͱ౤͛ͯΈΔ $ dig dns.google +short 8.8.4.4 8.8.8.8 $ curl -H

    'accept: application/dns-json' https://dns.google/dns-query? name=search.yahoo.co.jp&type=A curl: (7) Failed to connect to dns.google port 443: Operation timed out $ curl -H 'accept: application/dns-json' https://cloudflare-dns.com/dns-query? name=search.yahoo.co.jp&type=A {"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "search.yahoo.co.jp.", "type": 1}],"Answer":[{"name": "search.yahoo.co.jp.", "type": 5, "TTL": 628, "data": "edge12.g.yimg.jp."}, {"name": "edge12.g.yimg.jp.", "type": 1, "TTL": 19, "data": “183.79.250.251"}]} $ whois 183.79.250.251 … descr: Yahoo Japan
  41. ຊ౰ʹ͋ͬͨා͍࿩ w "84্ʹΠϯτϥܥγεςϜΛҠߦ w Πϯτϥ͔Β71/ΛுͬͯηΩϡΞʹӡ༻ w 71/͕ݪҼෆ໌ͷ઀ଓෆྑʹؕΔ w ࣾ಺نఆʹΑΓΠϯλʔωοτʹ΋ެ։Ͱ͖ͣɺೖΕͳ͍ w

    ਺࣌ؒޙʹࣗવ෮چ
  42. ຊ౰ʹ͋ͬͨා͍࿩ w ࠃ֎αʔόʔ͔Βࠃ಺αʔόʔ΁"1*࿈ܞ w ('8Λ·͙ͨ"1*࿈ܞʹࣦഊ͢Δ w ର৅4FSWFSʹDVSM͢ΔͱϨεϙϯε్͕தͰ੾ΕͯΔ
 5$1345

  43. ຊ౰ʹ͋ͬͨා͍࿩ w ࠃ֎4FSWFS͔͠ͳ͍๭ࣾ4BB4͔Βࠃ಺αʔόʔ΁)5514 Ͱ"1*࿈ܞ w )5514ͷϨεϙϯε͕4FSWJDF6OBWBJMBCMFͰฦΔ w ࠃ಺αʔόʔʹ͸ϩάͳ͠ w ࠃ಺ςετ؀ڥ΁ͷΞΫηε͸໰୊ͳ͠

    w )ޙɺࣗવ෮چ
  44. ౎౓ɺݪҼΛཁௐࠪɻɻ

  45. ਅ໘໨ʹಇ͍͍ͯΔެ҆ w ެ͔҆Β&MBTUJDTFBSDI্͕͕ͬͯΔαʔόʔ͕͋Δ͔Β ੬ऑੑͷରࡦ΍ͬͯΔ͔ճ౴ͤΑͱͷ͓ୡ͠ w ެ͕҆&MBTUJDTFBSDIͷϙʔτΛεΩϟϯͯ͠ൃݟͯ͠Δ w ଟ෼ɺҎԼͷ੬ऑੑͷௐࠪ

  46. ਅ໘໨ʹಇ͍͍ͯΔެ҆ w 8FCαΠτʹରͯ͠TRMNBQΛར༻ͯ͠ϖωτϨʔγϣ ϯςετ w ৵ೖʹ੒ޭͨ͠αΠτʹ͸ੋਖ਼ࢦࣔ
 ʢͱɺग़಄ใࠂ໋ྩʣ

  47. தࠃͰ฻Β͢೔ຊਓΤϯδχΞͷπϥϛ w άάΕͳ͍ɺϠϑΕͳ͍ w CBJEVͷݕࡧ݁Ռ͕෗ͬͯΔ%PHFEPHFׂ͕ͱ͍͍ Β͍͠ w "84άϩʔόϧ͕ձࣾͰ࢖͑ͳ͍ʢؿථ໰୊ʣ w .BWFOͰϏϧυࣦഊɺQJQ͕ίέΔPSܹ஗͍

  48. தࠃͷ͍͍ͱ͜Ζ w ࠃ͕੒௕͍ͯ͠Δʢ#"5ɺඒ๶ɺόΠτμϯεɺ )VBXFJɺ9JBPNJɺJ'MZUFLɺ4FOTF5JNFFUDʣ w εϐʔυ͕଎͘ɺܹมͷ࣌୅ͷதʹ਎Λஔ͚Δ w ଟগόάͬͯͯ΋จ۟ݴΘͳ͍ɺग़͙ͯ͢͠௚͢ w ੜ׆ΊͬͪΌศར

    w ָ͍͠ʂ
  49. ্ւ*5ΤϯδχΞͷձ w ϲ݄ʹ౓ΏΔ͍ҿΈձ w ΤϯδχΞͱ͍͏ؾ͕֓
 ͋Ε͹ࢀՃ0, w ʮδϟϐΦϯݟ·ͨ͠ʂʯ
 ͰॳճݩׂҾ͢Δ͔΋ w

    8F$IBUUBLVKJBCF
  50. ඇ*5ܥاۀͷΠϯϋ΢εΤϯδχΞͷ೰Έ w ϨΨγʔͳ΋ͷ͕ଟ͍ w ੜ࢈ܥ΍ࣾ಺ΠϯϑϥܥͷόοΫάϥ΢ϯυ͕ଟ͍ w *5اۀʹൺ΂ͯΤϯδχΞͷϨϕϧ͕௿͍ w ٕज़ͷਐาʹਓͷ੒௕͕શ͘௥͍͔ͭͳ͍ w

    ྲྀߦΓͷΩʔϫʔυʹགྷΒ͞Ε͕ͪ
  51. ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ