Researchers at Cambridge University in the United Kingdom have found some interesting holes in the "Great Firewall of China," a massive data filtering system that censors Internet content on the Chinese mainland. Whereas users in China generally resort to proxy servers in order to get around the firewall, the Cambridge researchers used "relatively trivial" packet filtering to achieve the same effect.
The researchers found that it was possible to circumvent the Chinese intrusion detection systems (IDS) by ignoring the forged transmission control protocol (TCP) resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.Being able to bypass the Great Firewall is only one aspect of the researchers' findings, though. China's Intrusion Detection System can also be tricked by forging the source IP address of packets containing banned keywords, thereby shielding the source IP from a particular destination for "up to an hour at a time." As such, were an attacker to learn the IP addresses of, say, Chinese government systems, they could block access to sites like Windows Update and even internal Chinese sites. According to the researchers, a user with a simple dial-up connection could prevent over 100,000 systems from accessing specific destinations at any one time. A detailed whitepaper of the researchers' findings can be downloaded in PDF form here.
"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."
|Gigabyte SA-SBCAP3350 puts formidable power on a single board||9|
|Alphacool Eisblock HDX-2 and HDX-3 help M.2 SSDs beat the heat||8|
|Corsair Lighting Pro Expansion Kit lets builders turn up the lights||8|
|Adata D16750 power bank is tougher than the average juice pack||16|
|Deals of the week: fast memory, an AM4 motherboard, and more||14|
|Corsair RMx White Series PSUs take a walk on the snowy side||24|
|Intel crams 100 GFLOPS of neural-net inferencing onto a USB stick||41|
|Toshiba's XG5 1TB NVMe SSD reviewed||9|
|Microsoft and Johnson Controls put Cortana in a thermostat||26|