The great firewall of China



The great firewall of China may be just an illusion in technical terms. This article describes the details of how things work…. Basically when “banned content” is detected, both ends of the connection are sent a flood of tcp reset packets. Which (if both sides are designed to pay attention to) means that the two computers “hang up” assuming the other side reset the connection. But, while most current PC operating systems obey the reset packets…. it’s not something that is imperative. (You might think of this as a targeted/surgical denial of service attack using TCP reset packets…) The article goes a bit deeper though….


What if the pcs ignored reset packets…. yes they could. There’s no rule that a tcp stack HAS to obey a reset packet. IF the packets were ignored the firewall would turn out to be nothing more than an illusion technically speaking. Because the pcs on either end would continue communicating. Essentially ALL the packets are passing through the “firewall” unhindered, the resets are just being used to target and force the endpoints to drop “unwanted” connections.

From the article…

Ignoring resets is trivial to achieve by applying simple firewall rules… and has no significant effect on ordinary working. If you want to be a little more clever you can examine the hop count (TTL) in the reset packets and determine whether the values are consistent with them arriving from the far end, or if the value indicates they have come from the intervening censorship device. We would argue that there is much to commend examining TTL values when considering defences against denial-of-service attacks using reset packets. Having operating system vendors provide this new functionality as standard would also be of practical use because Chinese citizens would not need to run special firewall-busting code (which the authorities might attempt to outlaw) but just off-the-shelf software (which they would necessarily tolerate).

Of course, there are OTHER blocks that the Chinese government has on sites, but according to the writeup, these static blocks are more expensive (tedious) to setup and maintain. So this method would not work for everything.

Related Posts

Blog Traffic Exchange Related Posts
  • SSH, Proxies (Proxy's?), Tor and Web Browsing For quite some time I've been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I'm out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and......
  • Ping not working? try ARP I'll confess to having a lot to learn about IP ethernet networking. I feel pretty comfortable with basic TCP/IP (v4), the concept of UDP vs. TCP ports, ICMP pings, etc... but ARP is something that I haven't dabbled much with. It is, of course, a layer that TCP depends on.......
  • What a week.... I think it's time to pass along a long story of what's gone on over the last week or so here and some of the reasons there hasn't been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond......
Blog Traffic Exchange Related Websites
  • Wireless Internet Radios The Internet really is a fantastic place – everything there at our fingertips for us to use as and when. This is the case with Internet radio. It’s great – you can listen to stations from all over the world or perhaps even small local radio stations that are only......
  • The Key Advantages Of Using The Article Submission Service For Your Website Article Submission Service is really a fresh and reliable way to improve awareness, create high quality in content back links, develop word-of-mouth and hence draw in target viewers for your site. By writing and submitting a quality article, you are not just telling your potential prospects about your service, but......
  • Wireless Broadband Internet-whether It Is LAN Or WAN Service-is Associated Having A Wireless broadband Internet-whether it is LAN or WAN service-is associated having a number of diverse myths. These typically center on security and need to do with anxiety about how info is transmitted over a wireless connection and, furthermore, need to do with concerns about eavesdropping, in several cases. You will......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site