Slashdot Mirror
Defeating China's National Firewall
Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."
But even in the west I feel more comfortable using Tor, a (well, close enough) anonymizing proxy.
I used to use JAP (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.
Think of the Children; Sleep with your Sister
From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.
"Prefiero morir de pie que vivir siempre arrodillado!"
Why plug it? I have a feeling that instead they'll just roll up the death vans and execute those criminals. After all, if they are defeating the firewall, they clearly are up to something sneaky and are a threat to the existing order...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
prove it! I have travelled to and from china multiple times in the last few years (I live in the UK but my parents live in China). I have been able to access /. everytime.
/., it is not the BBC or even Wikipedia for that matter.
Some people have ridiculously high opinion of
Just because it is not nice , doesn't mean it is not miraculous.
I think he meant by crush was that they crush the protest. Not that they ran over the protestor with tanks.
Third party off-to-the-side resets are actually hard to do against a modern OS. Remember that big TCP reset against Cisco routers that could tear down BGP sessions... The fix was to be more restrictive on accepting reset packets. To do a third-party reset you have to be able to send the reset in real-time or each endpoint will have advanced their sequence window (actually the ack window is what matters). The reset will be properly ignored as invalid because each endpoint has moved on which would be impossible if one had actually sent the reset.
A third party spoofer can play games with the TCP Timestamps to effectively shut down a connection and he only has to be near-realtime. Send the right value and all of the legitimate packets get dropped by the OSes PAWS checks. I'll leave that one as an exercise to the reader.
They're Mongorians!
And before someone lambasts me for making fun of Engrish, I should clarify that I'm amused by all variations of the English language. A good number of my fellow Maltese citizens butcher English, for example, even though it's supposed to be a first language. Only in Malta can you fill your car up with pitlor (petrol), have your football team lose on a pineltri (penalty), and make windows out of enimielju (aluminium). By the way, those aren't Maltese words, those are what many Maltese people think the English words actually are. Oh, and they also think that Hoover, Jablo, Kenwood, and Geyser literally mean a vacuum cleaner, polystrene foam, a cake mixer, and a hot water heater, respectively.
Here's the South Park clip about Mongorians from YouTube.
*blinking cursor*
Exactly. When I was teaching a Chinese girl this time last year as part of my TESOL course I couldn't help but ask those questions. She said that most people she met in the uk had asked her about the firewall and censorship. She told me that most people she knew didn't really notice or care, even her father who teaches at a university. Make of that what you will. I'm not sure what to make of it.
No, people were pretty much crushed by tanks. You see, GP was basically repeating (and I assume satirizing) the party line. For instance, if you are in the United States and do a google image search for Tiananmen Square you mostly find pictures of tanks. Do a China google images search for the same term and you get a much more patriotic view of things. Hmm... the ratio used to be a lot more unbalanced... I wonder if Google is intentionally letting the filtering slide, or if reporters have simply found ways around the google.cn filtering rules.
I'll never make that mistake again, reading the experts' opinions. - Feynman
5 - Informatative. If this is about another country, or another subject, similar post will result in -1 Off-Topic. Only slashdot population/moderators do this kind of BS. WTF does the national firewall has to do with the death van? It's like bringing up the topic of copyright, patent law and death penalty in the States. In slashdot, it seems like all you need is a subject about China, and then if the comments are anything negative about the China or Chinese, that could be totally unrelated, it'll modded +5 insightful/information/genius. I cannot believe how bigot this group is becoming in terms of the news post, comments and even moderation.
To me it is pretty much on-topic, as chinese actually kill people for spreading what they call "society de-stabilising" information or whatever. I'm too lazy to search for links, but i know yahoo gave up at least 3 or 4 journalist/bloggers/people up to the chinese government. And you kills mofo all the time for even offences, just ask Amnesty International.
I'm actually living in China now, so i see on a daily basis how fucked up the society. and how they lie to people. and it just scares the hell out me.
MikMik Baby Organics Mikkaworks