Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defeating China's National Firewall

Posted by ryuzaki0 on from the obligitory-harry-potter-reference dept.

Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."

8 of 370 comments (clear)

  1. Publish and Perish by Archangel+Michael · · Score: 5, Interesting

    Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

    On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Publish and Perish by JesseL · · Score: 5, Informative

      From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.

      --
      "Prefiero morir de pie que vivir siempre arrodillado!"
    2. Re:Publish and Perish by Anonymous Coward · · Score: 5, Insightful

      > You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly.

      If you had to send multiple resets for the same port pair, they're ignoring you.

  2. Dear Guys, by bunions · · Score: 5, Funny

    Thanks for doing the security analysis for us. We appreciate your hard work and excellent documentation.

    Your Pal,

    Wen

    --
    there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
  3. Damn you Mongolians! by x2A · · Score: 5, Funny

    That's the last time you break down my shitty firewall!

    Jeez, why is it everytime chinese build a wall, those damn mongolians gotta break it down?

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  4. Bad example! by Tribbin · · Score: 5, Funny
    ... and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾.


    Or you just type in:

    idspispopd = Walk through wall in noclip style
    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  5. It's not THEIRS by mrcaseyj · · Score: 5, Insightful
    >No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

    The chinese internet doesn't belong to the chinese government, it belongs to the chinese people. When they have a real democracy then "they" (the people) can decide how to run it. Until then we shouldn't respect how "they" (the government) want to run the internet any more than we would if some bank robbers were holding hostages and "they" (the robbers) wanted to decide how to run the bank.

  6. Re:Drug Parallel by Millenniumman · · Score: 5, Interesting

    Most libertarians believe that (currently) illegal drugs should only be legal for adults. Minors don't have the full responsibility of adults to take care of themselves. There are also a lot of more moderate ones who believe that taxing them is okay, especially if it can help lower other taxes. Their main reason for supporting legalization of drugs is that it would lower black market crime, and end up saving lives, although ideology is obviously an important reason.

    --
    Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.