The holes in China's "Great Firewall"
The Great Wall used to protect the Chinese empire, and now the "Great Firewall" is China's way of censoring the Internet. State authorities in the People's Republic are not too keen on the free flow of information on the Internet and are using this firewall to stop it. Specifically, special computers look for keywords in the data stream and block the connection if a banned word is found. In addition, the Chinese government generally bans access to certain web sites. For instance, Wikipedia and a lot of other sites cannot be reached from China. Google even censors the Chinese edition of its search engine just to be on the safe side.
Now, researchers at the University of Cambridge have reported that there is a way around this blockade, at least if it is based on the search for keywords. For performance reasons, the data are not filtered on border routers, but on additional ones. Contrary to previous assumptions, the packets are not actually thrown out. Rather, the filter computer sends TCP reset packets (RST) to both ends of a connection, i.e. both the client and the server. As a result, both systems terminate the connection, stopping the further flow of data - the line has been successfully censored.
However, getting around this barrier is simple: all you need to do is have the client and server refuse resets, the Cambridge researchers found. They write that attempts to get around blocks of RST packets with a simple firewall went well. The researchers plan to present details about their censorship workaround at the "6th Workshop of Privacy Enhancing Technologies" in Cambridge. In addition to ignoring the resets, the TTL values of the server/client packets can be checked to see whether an RST came from the censors. The researchers want to have such functions in future operating systems so that Chinese citizens do not have to install any additional software. Otherwise, the Chinese government could just ban such software, while it would probably have to tolerate functions installed in an operating system.
- Ignoring the Great Firewall of China, Richard Clayton's report