, a computer security researcher at the University of Cambridge, has been poking around at the technical structure of China's "great firewall." On the lightbluetouchpaper
collective blog, he says
he's come up with a way to penetrate that "wall" by ignoring the reset TCP packet returned by Chinese routers to maintain connection. As he explains it, if those packets are discarded instead of being dutifully returned as expected, then -- poof, the firewall becomes utterly ineffective. Clayton acknowledges that Internet filtering in China involves other methods, too, but this still seems significant:
The Great Firewall of China is an important tool for the Chinese Government in their efforts to censor the Internet. It works, in part, by inspecting web traffic to determine whether or not particular words are present. If the Chinese Government does not approve of one of the words in a web page (or a web request), perhaps it says “f” “a” “l” “u” “n”, then the connection is closed and the web page will be unavailable — it has been censored.
This user-level effect has been known for some time… but up until now, no-one seems to have looked more closely into what is actually happening (or when they have, they have misunderstood the packet level events).
It turns out [caveat: in the specific cases we’ve closely examined, YMMV] that the keyword detection is not actually being done in large routers on the borders of the Chinese networks, but in nearby subsidiary machines. When these machines detect the keyword, they do not actually prevent the packet containing the keyword from passing through the main router (this would be horribly complicated to achieve and still allow the router to run at the necessary speed). Instead, these subsiduary machines generate a series of TCP reset packets, which are sent to each end of the connection. When the resets arrive, the end-points assume they are genuine requests from the other end to close the connection — and obey. Hence the censorship occurs.
However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall’s reset packets, then the connection will proceed unhindered! We’ve done some real experiments on this — and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall — just shut your eyes and walk onto Platform 9¾.
. Clayton is presenting a paper on this topic (PDF link to paper
) at the 6th Workshop on Privacy Enhancing Technologies
being held in Cambridge this week. (Thanks, Mike Liebhold
for what it is worth, when I was in China last year there was a lot of pages I couldn't get until I ran them through the LoBand (loband.org) proxy and then at least the blogs that were blocked all worked great.
Neglected public payphones in New York City are being turned into “GuyFi” stations: a place where one can rub one out for the sake of “stress relief.” Annalee Newitz reports on the wank booths from a company named “Hot Octopus”… The company reported that at least 100 men used the booth on its opening day […]
You’d be forgiven for thinking the videocassette format long-dead, but it turns out that Betamax is still around. Sony is finally going to withdraw tapes from sale, bringing a 40-year story to an end. The last recorders were sold in 2002. ベータビデオカセットおよびマイクロMVカセットテープ出荷終了のお知らせ [Sony; via The Verge]
A leaked Comcast memo discloses that the company’s consumer data caps have nothing to do with network congestion, contrary to its public claims. The internet service provider has often complained (such as when lobbying against net neutrality) that it must impose limits on service to prevent network congestion. The argument suggests that these measures are […]
Remember back to the time when people thought java was just a hip way to talk about coffee? Or you vaguely remembered from geography class that it’s an island in the South Pacific? We’ve come a long way since then and now that we’ve rocket blasted into the tech future, you’re going to need to […]
Plastic is so 2013. You don’t want to buy something only to throw it away or lose it and barely care. You like nice things and want to hang onto them. The Plazmatic lighter here is a high quality, high tech alternative to the typical cheap, plastic lighter you get at the old gas station. […]
Real engineers build things. Super cool engineers build things with their hands and fingers, like our engineering forefathers did. No idea where to even begin to do that? This step by step Arduino course is now 92% off and is going to get you up and running, from zero to hero, in no time. So […]