Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defeating China's National Firewall

Posted by ryuzaki0 on from the obligitory-harry-potter-reference dept.

Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."

43 of 370 comments (clear)

  1. Publish and Perish by Archangel+Michael · · Score: 5, Interesting

    Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

    On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Publish and Perish by JesseL · · Score: 5, Informative

      From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.

      --
      "Prefiero morir de pie que vivir siempre arrodillado!"
    2. Re:Publish and Perish by x2A · · Score: 4, Funny

      But can we use this with a machine coded matrix to get Jack Bauer out?

      --
      The revolution will not be televised... but it will have a page on Wikipedia
    3. Re:Publish and Perish by irm · · Score: 3, Funny

      It doesn't really matter: no one in China can read Slashdot, so they'll never know.

    4. Re:Publish and Perish by wealthychef · · Score: 3, Insightful
      I have a feeling that instead they'll just roll up the death vans and execute those criminals. After all, if they are defeating the firewall, they clearly are up to something sneaky and are a threat to the existing order...

      But how will they know? You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly. This seems like it will work.

      --
      Currently hooked on AMP
    5. Re:Publish and Perish by Anonymous Coward · · Score: 5, Insightful

      > You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly.

      If you had to send multiple resets for the same port pair, they're ignoring you.

    6. Re:Publish and Perish by timeOday · · Score: 4, Insightful

      Yes, we can mock the Great Firewall implementors for incompetence, but let's remember that the technical means are really only a reminder of the underlying law. Many laws don't have any built-in means of enforcement at all. My car has no speed governor to keep it under 65 mph, does that mean the government is just stupid? Or that I can't get busted for speeding? Almost all laws are easy to break; the real problem is getting away with it, especially if the government decides to target you for whatever reason.

    7. Re:Publish and Perish by TheLastUser · · Score: 3, Funny

      Someone should tell them that they put their firewall in backwards.

  2. The sound you hear... by jollyroger1210 · · Score: 4, Funny

    ...is a billion Chinese walking into the great wall of China...all at once.

    --
    Purple, because ice cream has no bones.
  3. Dear Guys, by bunions · · Score: 5, Funny

    Thanks for doing the security analysis for us. We appreciate your hard work and excellent documentation.

    Your Pal,

    Wen

    --
    there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
  4. Duh ... just use Gopherspace by Average_Joe_Sixpack · · Score: 4, Interesting

    No one is monitoring that protocol

  5. Detectable and Illegal by mrcaseyj · · Score: 4, Interesting

    Wouldn't this be easily detectable and probably illegal (for someone in china)? It sounds like a good way to get in trouble.

    1. Re:Detectable and Illegal by hahafaha · · Score: 3, Insightful

      I am neither a lawyer nor a Chinese resident, so I am not sure, but I don't think that it is illegal. If someone in China wants to connect to a server in the USA, and that server happened to be told to ignore reset packets from China, then that can't be illegal. If a Chinese citizen's computer just happened to be configured to ignore reset packets, then I doubt that it will be illegal. Having said that, actually looking at forbidden content is probably illegal.

    2. Re:Detectable and Illegal by s13g3 · · Score: 3, Insightful

      i am neither a lawyer nor a Chinese resident, so I am not sure, but I don't think that it is illegal. If someone in China wants to connect to a server in the USA, and that server happened to be told to ignore reset packets from China, then that can't be illegal. If a Chinese citizen's computer just happened to be configured to ignore reset packets, then I doubt that it will be illegal. Having said that, actually looking at forbidden content is probably illegal.

      The problem hinges on the fact that the is no (enforceable) law preventing the Chinese government from doing what it likes to who it likes that does anything they don't like. Remember, they require no warrants, no subpoenae, and no trial. They only have to notice that you have accessed something they don't like enough to pay attention to you, and you're toast (see above mentioned death vans).

      Perhaps, as another poster mentioned above, the Chinese will restrain themselves up unto the 2008 Olympics, but I doubt it. Again, see the above death wagons, which "look like any other police van." Also, whoever said they haven't got the resources is deluding themselves. If the RIAA has the resources to track people downloading illegally (though the lack the resources to document and prosecute anywhere near the majority), there are 1.3 billion with a "B" people in China. Even though you don't hear about it much, they assault US networks (telecom and government) with regularity. I'm sure they have enough people to monitor home traffic closely enough to suit their purposes - remember, all it takes is a small app to parse logs for forbidden traffic in the past X days or whatever. Combined with random live monitoring and historical traffic analysis, I'm sure they can monitor more than enough to make it as unsafe to commit thought crime on the internet as it is for the average American to get away with hacking the average website hosted by a paranoid provider. I rather doubt they care about anyone posting on /. too much (especially if you are a foreign national simply visiting family there), but if they even begin to think you're a subvesrive engaged in treason or sedition, pO.of, you're done, no proof required. Stop, do not pass Go, do not collect $200. Go with the nice men in blue uniforms directly to the "police van that looks like any other" parked right outside your front door.

      --
      "Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
  6. When are they going to realise... by Poromenos1 · · Score: 4, Insightful

    that most of the Chinese people don't know/care about the firewall?

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:When are they going to realise... by thebdj · · Score: 4, Insightful

      If these stats are even semi-accurate, then internet penetration is less then 10% of the population. I guess that would mean a whopping 90% really could care less about the great firewall. Now, how many of the 10% (roughly 110 million people) care about the great firewall? Well this is somewhat more debatable, but you'd have to imagine some of them are supporters of the current system and would therefore not mind...

      --
      "Some days you just can't get rid of a bomb."
    2. Re:When are they going to realise... by Random+Destruction · · Score: 3, Insightful

      If one really could care less, then one must really care. I believe you meant they couldn't care less, meaning they do not care at all.

      --
      :x
    3. Re:When are they going to realise... by surgicaltubing · · Score: 4, Informative

      Exactly. When I was teaching a Chinese girl this time last year as part of my TESOL course I couldn't help but ask those questions. She said that most people she met in the uk had asked her about the firewall and censorship. She told me that most people she knew didn't really notice or care, even her father who teaches at a university. Make of that what you will. I'm not sure what to make of it.

  7. Damn you Mongolians! by x2A · · Score: 5, Funny

    That's the last time you break down my shitty firewall!

    Jeez, why is it everytime chinese build a wall, those damn mongolians gotta break it down?

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  8. Irresponsible by Professor_UNIX · · Score: 3, Insightful

    It is irresponsible for people to post ways of bypassing the security restrictions a sovereign nation has enacted upon its people. If the Chinese people don't like the way their government is restricting their access to information then they have a moral obligation to overthrow that government, either peacefully via voting in the next election, or by force using a militia formed from the people. By showing the Chinese people ways to exist comfortably within the restrictions imposed by an immoral government we're not helping them to reach a better place in life.. namely a free and democratic Republic of China.

    1. Re:Irresponsible by jcr · · Score: 3, Insightful

      It is irresponsible for people to post ways of bypassing the security restrictions a sovereign nation has enacted upon its people.

      Why wait for the revolution before taking any other action? Your position is ridiculous.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    2. Re:Irresponsible by jandrese · · Score: 4, Interesting

      Back in the real world however, you can't overthrow the government whenever you don't agree with it, especially when they have lots of guns and tanks and all you have are disgruntled peasents. Sometimes civil disobediance is the best policy. Besides, you can't generate outrage against something like this until most of the people actually know about it, and even then many of them will believe the government line that they're only blocking "harmful materials" that you shouldn't be looking at anyway. Enough people start getting in trouble over bypassing the firewall and you might actually start educating the public about this.

      --

      I read the internet for the articles.
    3. Re:Irresponsible by twiddlingbits · · Score: 4, Insightful

      Your post should be modded as Funny or Stupid (not Insightful) because 1) Chinese don't have elections with several parties, they are all from the Communist party and are approved office holders regardless of who wins, there is ONLY 1 party 2) Militia? WTF? The Chinese can't own firearms, and the last organized oppisition protest in Tiannimen (sp?) Square they squashed the opposition (with tanks) 3) It's NOT irresponsible for showing ways around Chinese Internet Security because the restrictions of the "immoral" Government don't ALLOW people access to information that they could USE to make China a better place. We are not showing them how to Exist comfortably within restrictions we are showing them how to get around the restrictions so they can share information and learn things that WILL allow them to have a free China one day. I'd rather we were called "irresponsible" and did something than be called moral and responsible but did nothing to advance the cause of Freedom.

    4. Re:Irresponsible by shawb · · Score: 3, Informative

      No, people were pretty much crushed by tanks. You see, GP was basically repeating (and I assume satirizing) the party line. For instance, if you are in the United States and do a google image search for Tiananmen Square you mostly find pictures of tanks. Do a China google images search for the same term and you get a much more patriotic view of things. Hmm... the ratio used to be a lot more unbalanced... I wonder if Google is intentionally letting the filtering slide, or if reporters have simply found ways around the google.cn filtering rules.

      --
      I'll never make that mistake again, reading the experts' opinions. - Feynman
  9. I don't kmow about China by also-rr · · Score: 4, Informative

    But even in the west I feel more comfortable using Tor, a (well, close enough) anonymizing proxy.

    I used to use JAP (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.

    --
    Think of the Children; Sleep with your Sister
  10. How to get drugs into USA by EmbeddedJanitor · · Score: 3, Insightful
    Why should American's be denied drugs just because their govenment makes such huge efforts to limit the drugs flowing into America? Here's how you can get those poor miserable people the drugs they want and need...

    See the parallel?

    --
    Engineering is the art of compromise.
    1. Re:How to get drugs into USA by bunions · · Score: 4, Funny

      Sure do. Dear Rest Of The World: SEND MORE DRUGS.

      --
      there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
    2. Re:How to get drugs into USA by JesseL · · Score: 4, Insightful

      I see the parallel, but I don't see what you think it proves. There are a lot of people who think that censorship and prohibition are equally immoral.

      --
      "Prefiero morir de pie que vivir siempre arrodillado!"
    3. Re:How to get drugs into USA by mi · · Score: 4, Insightful
      See the parallel?

      There is no parallel. The prohibitions on freedom of speech on and information about the different forms of government are uniquely self-perpetuating. Prohibitions on alcohol, drugs, and almost anything else are not like that and can be abolished by the popular will within a reasonably democratic society because discussing them remains legal, even if using is not.

      --
      In Soviet Washington the swamp drains you.
  11. for those who didn't read harry potter by Lord+Ender · · Score: 3, Funny

    Could we just think of this as the "Indiana Jones and the Last Crusade" approach?

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  12. This should take a while to plug by the_crowbar · · Score: 4, Interesting
    Because the filtering is not done on the routers, but rather on external machines this should take some time to plug. Off the top of my head I can't imagine how the Chinese government would change their filtering to defeat this trick. On a Linux box you could just set an iptables rule:
    bash-3.0# iptables -s 0/0 -d 0/0 -p tcp --tcp-flags RST -j DROP
    should take care of the reset packets at the local end. The remote end would need to drop them as well, but that would be easy to setup. Maybe we could setup some proxies for those in mainland China that would drop the resets so they could surf anywhere. Might be hard to restrict to those coming from mainland China.

    Just a thought.

    the_crowbar
    --
    Have you read the Moderator Guidelines
  13. Bad example! by Tribbin · · Score: 5, Funny
    ... and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾.


    Or you just type in:

    idspispopd = Walk through wall in noclip style
    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  14. It's not THEIRS by mrcaseyj · · Score: 5, Insightful
    >No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

    The chinese internet doesn't belong to the chinese government, it belongs to the chinese people. When they have a real democracy then "they" (the people) can decide how to run it. Until then we shouldn't respect how "they" (the government) want to run the internet any more than we would if some bank robbers were holding hostages and "they" (the robbers) wanted to decide how to run the bank.

  15. Huh? Why can't they have help? by sirwired · · Score: 4, Insightful

    Do you recall that little American Revolution way back in the mid 1770's? You know, the one the then-English colonies were LOSING? The U.S. would have been in quite a pickle without the French providing financial and military aid. Sure, it was in their own self-interest, but that makes their aid no less valuable.

    Just because a Revolution receives assisstance from the outside makes it no more or less legitimate.

    SirWired

  16. You forgot something... by Kadin2048 · · Score: 4, Funny

    I think your post got cut off. Would you please repost?

    You can pick up from "Here's how you can get those poor miserable people the drugs they want and need..."

    Thanks!

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  17. They're not Mongolians... by merdaccia · · Score: 3, Informative

    They're Mongorians!

    And before someone lambasts me for making fun of Engrish, I should clarify that I'm amused by all variations of the English language. A good number of my fellow Maltese citizens butcher English, for example, even though it's supposed to be a first language. Only in Malta can you fill your car up with pitlor (petrol), have your football team lose on a pineltri (penalty), and make windows out of enimielju (aluminium). By the way, those aren't Maltese words, those are what many Maltese people think the English words actually are. Oh, and they also think that Hoover, Jablo, Kenwood, and Geyser literally mean a vacuum cleaner, polystrene foam, a cake mixer, and a hot water heater, respectively.

    Here's the South Park clip about Mongorians from YouTube.

    --

    *blinking cursor*

  18. Why is revolution the only answer? by akratic · · Score: 4, Insightful

    Why do you think that the only legitimate way to deal with a bad government is to overthrow it, by election or force? What's wrong with getting a bad government to change its ways?

    Do you think that any time a government is doing something bad, that the government should be overthrown (or voted out)? What if a government is doing some really wrong things, but it's also doing some good things? Suppose you think that a President has done one thing that's very wrong, but that aside from that one thing, he's done a fantastic job. Are you morally obliged to vote that President out? Imagine it's 1948. You think Truman did a terrible thing when he used nuclear weapons in Japan, but you approve of everything else he's done, and you don't like Dewey. Are you morally required to vote for Dewey anyway?

    Do you think that armed rebellion is the only way for a non-democratic government to become democratic? If so, why do you think this? There are examples in recent history of non-democratic governments becoming democratic without a shot being fired (e.g., most of Eastern Europe). Or think about the way the U.K. changed from a non-democratic monarchy to a parliamentary democracy with a figurehead monarch.

    Have you thought about what would be involved in overthrowing China's government by force? For some period of time, China would be without any government at all. Think how wonderful it would be for a country with a population of over a billion and a large supply of nuclear weapons to find itself suddenly without a government.

    One way to get a government to stop trying to regulate something is to make its efforts to regulate it spectacularly ineffective. This happened in the United States with Prohibition. Why can't it happen in China?

  19. Drug Parallel by Archangel+Michael · · Score: 3, Insightful

    Why yes, I do. It is why I am a Libertarian. It is a huge waste of time, effort and money to stop drugs. Instead the government should regulate the HELL out of them like they do Cigarettes and Alcohol, and tax them into oblivian. Prolly would get rid of the Income Tax with the revenue.

    AND it would clean up the Drug Cartel Violence found in Brazil, Argentina, Mexico .........

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Drug Parallel by packeteer · · Score: 4, Insightful

      More people die from the narco traffic violence than from the war in Iraq in the same time period. All of these deaths are caused by US policy but nobody cares about people dying who are not in our country. (One of) the reasons we invaded Iraq was to spread democracy. If we really wanted to spread democracy we could first start by legalizing and taxing drugs in the USA. This would nearly shut down many of the large violent drug cartels that keep dictators in power.

      --
      unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
    2. Re:Drug Parallel by Millenniumman · · Score: 5, Interesting

      Most libertarians believe that (currently) illegal drugs should only be legal for adults. Minors don't have the full responsibility of adults to take care of themselves. There are also a lot of more moderate ones who believe that taxing them is okay, especially if it can help lower other taxes. Their main reason for supporting legalization of drugs is that it would lower black market crime, and end up saving lives, although ideology is obviously an important reason.

      --
      Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
    3. Re:Drug Parallel by JesseMcDonald · · Score: 3, Insightful
      Libertarianism isn't necissarily opposed to taxes and regulations. It is opposed to FORCED taxes and regulations. Taxes should be "optional" in the sense that if you "use" (buy/sell/trade) something that is taxed, you are volunteering to pay/levy that tax.

      You do realize that this policy would justify every existing form of regulation and taxation? Income, after all, is nothing more than a straight trade, currency for labor. Even inheritance taxes would be justified, since inheritance is a gift from one person to another, and gifts are merely a subset of trades in which "goodwill" is traded for tangible property. What, then, would you consider a "forced" tax, since you have apparently chosen to define all taxes and regulations as "voluntary"?

      More generally, any claim by a third party for a portion of the goods exchanged in any trade against the will of both the buyer and the seller must be considered theft from a libertarian point of view. That includes all taxes, which -- by definition -- differ from trades only in that they are coerced, i.e. non-voluntary. That has always been the libertarian position, despite the claims of the so-called Libertarian Party to the contrary. The LP has been sacrificing libertarian principles for political power for some time now; their present goals, while more liberal than the two major parties, are hardly "libertarian" in nature.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  20. Great walls not so great in China by balls199 · · Score: 3, Interesting

    This sort of reminds me of the way the Mongols defeated the Great Wall of China.

    Did they tear the wall down? No.

    Did they march around one end of the wall? No.

    They simply bribed a guard to open the gates.

    Maybe China shouldn't be so fixated on walls.

  21. Re:the chinese government is illegitimate by 808140 · · Score: 4, Interesting

    Illegitimate? Whatever, dude. The Chinese are, with the exception of Americans, the most patriotic people I've ever come into contact with -- nationalist fervor is so ingrained here it's absolutely frightening. They're not interested in revolt and on the whole are happy with the status quo. They love their country and go on and on about it. Really. If there were a vote tomorrow there is no doubt in my mind that the CCP would win.

    During the Chinese civil war, the Communist party was overwhelmingly supported by the people.

    Your assertion that non-democratic societies are illegitimate suggests that most societies in history have been illegitimate. I'm not sure that's a particularly useful definition of legitimacy.