Free Wireshark Training Course Online

Take a free Wireshark Jumpstart training class online at

Wednesday, January 13, 2010

Google vs. China

Posted: 2010-01-13 09:19:54
Call for Case Studies at left!

In essence, Google discovered a security breach with the following
  • the attack was not just against Google - at least 20 other large
    companies worldwide have been targeted
  • the target appeared to be Gmail accounts of Chinese human rights
  • other Gmail accounts of human rights activists have been breached

Imagine if Google decides to pull because of the human rights
violations persistently perpetrated by the Chinese government! Whoa!

For a while now I've been saying... the only way to run a secure network in China
is to... not run a network in China.

The Chinese government has their paws over every bit of data at their whim. If
you are a Chinese dissident, they are listening. If you are a foreign company with
intellectual property (IP) to steal, they are listening.

I applaud Richard Bejtlich at for focusing on China
(read his October 22, 2009 blog and follow him religiously) and loved his
prediction of a cloud-based security incident. Did you read my "cloud concerns"
article at as well?

So -- is your company gong to jump to cloud computing? Are you going to open
up that China office and try to set up a 'secure connection to the US?' (best of
luck there - just wait for the knock on your door asking you to install a tap for
government snooping).

The Chinese government is totally out of control. It will be interesting to see the
details emerge. I am certain the CG will respond with some shrug and a sly grin.
They realize the value and economical nature of cyber-espionage and they don't
give a damn who they step on.

Ok... yeah - this hit a nerve.

Have you looked at your traffic today?

The image above shows the traffic to/from a host in our lab that was hacked.
Notice the interesting target? Have you set up GeoIP in Wireshark yet?

C'mon - check out the setup/use video over at
to-Track-IP-Address-Locations-in-Wireshark-video.aspx - use Firefox as your
default browser to save yourself some troublshooting time.

(GeoIP was the topic of the last Wireshark Weekly Tip - sign up at www. to get an email each week with a new tip.)

Ok... now to go throw out some "Made in China" junk around here!

Enjoy life one bit at a time!

p.s. Thanks to everyone who is submitting case studies for the book! I am
reviewing them, categorizing them, responding with questions (if I have some)
and moving right along in reading them - some really great ones! I'm also
interested in those 'newbie tips' so keep 'em coming in - see the link at left to
submit your case study!