Ignoring the Great Firewall of China
نویسندگان
چکیده
The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.
منابع مشابه
How the Great Firewall of China is Blocking Tor
Internet censorship in China is not just limited to the web: the Great Firewall of China prevents thousands of potential Tor users from accessing the network. In this paper, we investigate how the blocking mechanism is implemented, we conjecture how China’s Tor blocking infrastructure is designed and we propose circumvention techniques. Our work bolsters the understanding of China’s censorship ...
متن کاملAnalyzing the Great Firewall of China Over Space and Time
A nation-scale firewall, colloquially referred to as the “Great Firewall of China,” implements many different types of censorship and content filtering to control China’s Internet traffic. Past work has shown that the firewall occasionally fails. In other words, sometimes clients in China are able to reach blacklisted servers outside of China. This phenomenon has not yet been characterized beca...
متن کاملLarge-scale Spatiotemporal Characterization of Inconsistencies in the World's Largest Firewall
A nation-scale firewall, colloquially referred to as the “Great Firewall of China,” implements many different types of censorship and content filtering to control China’s Internet traffic. Past work has shown that the firewall occasionally fails. In other words, sometimes clients in China are able to reach blacklisted servers outside of China. This phenomenon has not yet been characterized beca...
متن کاملTowards a Comprehensive Picture of the Great Firewall's DNS Censorship
China’s Great Firewall passively inspects network traffic and disrupts unwanted communication by injecting forged DNS replies or TCP resets. We attempted to comprehensively examine the structure of the DNS injector, using queries from both within and outside China. Using these probes, we were able to localize the DNS monitors’ locations, extract the firewall’s DNS blacklist of approximately 15,...
متن کاملHow China Is Blocking Tor
Abstract. Not only the free web is victim to China’s excessive censorship, but also the Tor anonymity network: the Great Firewall of China prevents thousands of potential Tor users from accessing the network. In this paper, we investigate how the blocking mechanism is implemented, we conjecture how China’s Tor blocking infrastructure is designed and we propose countermeasures. Our work bolsters...
متن کامل