British researchers break China's firewall

— 1:10 PM on July 3, 2006

Researchers at Cambridge University in the United Kingdom have found some interesting holes in the "Great Firewall of China," a massive data filtering system that censors Internet content on the Chinese mainland. Whereas users in China generally resort to proxy servers in order to get around the firewall, the Cambridge researchers used "relatively trivial" packet filtering to achieve the same effect.

The researchers found that it was possible to circumvent the Chinese intrusion detection systems (IDS) by ignoring the forged transmission control protocol (TCP) resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.

"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."

Being able to bypass the Great Firewall is only one aspect of the researchers' findings, though. China's Intrusion Detection System can also be tricked by forging the source IP address of packets containing banned keywords, thereby shielding the source IP from a particular destination for "up to an hour at a time." As such, were an attacker to learn the IP addresses of, say, Chinese government systems, they could block access to sites like Windows Update and even internal Chinese sites. According to the researchers, a user with a simple dial-up connection could prevent over 100,000 systems from accessing specific destinations at any one time. A detailed whitepaper of the researchers' findings can be downloaded in PDF form here.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.