Researchers at Cambridge University in the United Kingdom have found some interesting holes in the "Great Firewall of China," a massive data filtering system that censors Internet content on the Chinese mainland. Whereas users in China generally resort to proxy servers in order to get around the firewall, the Cambridge researchers used "relatively trivial" packet filtering to achieve the same effect.
The researchers found that it was possible to circumvent the Chinese intrusion detection systems (IDS) by ignoring the forged transmission control protocol (TCP) resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.Being able to bypass the Great Firewall is only one aspect of the researchers' findings, though. China's Intrusion Detection System can also be tricked by forging the source IP address of packets containing banned keywords, thereby shielding the source IP from a particular destination for "up to an hour at a time." As such, were an attacker to learn the IP addresses of, say, Chinese government systems, they could block access to sites like Windows Update and even internal Chinese sites. According to the researchers, a user with a simple dial-up connection could prevent over 100,000 systems from accessing specific destinations at any one time. A detailed whitepaper of the researchers' findings can be downloaded in PDF form here.
"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."
|TR's 2017 Christmas giveaway: four days left and counting||0|
|Samsung CHG displays are the first to net DisplayHDR 600 certification||0|
|Acer details specs and prices of its Ryzen Mobile-powered Swift 3s||12|
|Google Project Tango is dead—long live ARCore||10|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||26|
|Aerocool's Project 7 P7-C1 Pro case reviewed||8|
|Antec P110 Silent touts quiet looks and quiet operation||11|