Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cambridge Breached the Great Firewall of China

Posted by ryuzaki0 on from the didn't-work-against-the-mongol-spammers-either dept.

Darren Rayes writes to mention a ZDNet article on Cambridge academics' claims that they have breached the great firewall of China. They also claim that by misusing the firewall they can launch DDoS attacks against IP addresses behind the wall. From the article: "The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a 'sensitive' keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time."

13 of 250 comments (clear)

  1. Submit details! by Anonymous Coward · · Score: 5, Funny

    With enough people working on it, we can temporarily block the entire country from the rest of the Internet. How's that for a fourth of July?

  2. Legal action against Cambridge? by zanderredux · · Score: 5, Insightful
    Isn't Cambridge deliberately creating an opportunity for the Chinese government to prosecute them?

    What about those inside China using those exploits for legitimate ends?

    Is Cambridge indirectly helping the Chinese government to fix firewall issues?

    Are Cambridge researchers after fame at the expense of the freedom of the Chinese people?

    1. Re:Legal action against Cambridge? by CaymanIslandCarpedie · · Score: 5, Informative

      Cambridge would leap off that cliff as well by helping China to further block any ways for citizens to bypass the firewall and obtain information about "sensitive" topics. It really bothers me that so many in the U.S. who claim to value freedom so much (who are out blowing up fireworks today to celebrate such - fireworks mostly bought from China I might add), will help a country who values freedom so little.

      FYI, Cambridge isn't a U.S. university.

      --
      "reality has a well-known liberal bias" - Steven Colbert
    2. Re:Legal action against Cambridge? by jabuzz · · Score: 5, Informative

      Wrong Cambridge, Cambridge Univeristy (fourth oldest in the world) is in the South East of England, and not in North America. Full marks you have displayed a typically parochial American outlook on the World.

  3. Mongolians? by veinard · · Score: 5, Funny

    Weird, I didn't know there were many mongolians at cambridge...

  4. Re:Stateless? by Just+Some+Guy · · Score: 5, Informative
    How exactly does a stateless IDS block connections for up to an hour?

    Stateless != ruleless. For example, you could use OpenBSD's "pf" to create a stateless firewall that references an external rules file, then use a cron job to rewrite that rules file once an hour. That might be a pretty reasonable approach if you're filtering billions of packets per hour and can't afford to track state for each connection.

    --
    Dewey, what part of this looks like authorities should be involved?
  5. That isn't technically a DDoS by Jeian · · Score: 5, Informative

    DDoS is using multiple computers to "flood" a target off the Internet. This would be a plain DoS attack using a software weakness to deny service.

  6. Try the Saudi firewall by Anonymous Coward · · Score: 5, Interesting

    Chinese firewall is nothing - try getting through the Saudi firewall. As I understand it, the Chinese are at least a bit less modest about what is banned, so you should be able to at least get some legit porn sites through Chinese internet. However Saudi internet would block not just porn sites, but womens rights websites, womens magazines websites, even medical sites - anything that would display a photograph or illustration of a naked woman or man was stricly banned. Even it was just part of a human body, i.e. shoulders up.

  7. Re:Congratulations by TubeSteak · · Score: 5, Interesting
    Well done on writting a 'how-to' on pointers to make the firewall better.
    Actually, this flaw is inherent to the design of the great firewall.

    It's not something that is trivial to fix. Others can do a better job of explaining why, but for now, suffice it to say that it'd require a significant effort on the part of the Chinese Gov't.

    Maybe it can be fixed in The Great Firewall of China v2.0
    --
    [Fuck Beta]
    o0t!
  8. Re:I wonder... by TubeSteak · · Score: 5, Interesting

    http://www.google.cn/search?q=Falun

    Falun Gong Is a Cult
    www.china-embassy.org

    Research Society of Falun Dafa and the Falun Gong organization under its control are held to be illegal
    english.people.com.cn

    Fifteen Falun Gong Cult followers attempted to sabotage cable TV network equipment
    app1.chinadaily.com.cn

    southcn:Falun Gong Cult OUTLAWED
    www.newsgd.com

    Here we should point out that the banning of "Falun Gong" by the Chinese government is also part of
    www.chinaembassycanada.org

    Falun Gong Practitioner Not Sorry for Killing Father, Wife
    news.xinhuanet.com

    Now compare all that to
    http://www.google.com/search?q=Falun

    Now, if the Chinese Gov't is making Google filter based on English keywords, you think they're not going to do the same with their uber-firewall?

    Many Chinese schools teach english. It isn't like they only speak various Chinese dialects over there.

    --
    [Fuck Beta]
    o0t!
  9. They're supposed to be helping them by Anonymous Coward · · Score: 5, Interesting
    I'm presenting a paper on Ignoring the Great Firewall of China at the 6th Workshop on Privacy Enhancing Technologies being held here in Cambridge this week. It turns out that this censorship system works by sending reset packets to each end of the connection, rather than blocking packets. If they don't dutifully close, but just discard the packets, the firewall is completely ineffective. More about this in the paper and in my security group blog posting. [http://www.cl.cam.ac.uk/~rnc1/]

    Their research is concerned with DRM ass hat tactics and such...pity!

  10. Re:Tiannamen Where? by Joe+Decker · · Score: 5, Interesting

    Me too, it was an incredible symbol. The story of one of the photographers who captured that image is pretty amazing as well.

    --
    I'm a nature photographer.
  11. National Security by subl33t · · Score: 5, Insightful

    Go ahead, mod me down.

    Couldn't the Chinese government view this as an act of terrorism? In the interest of national security the Chinese government will start an ambiguous "War on Terror" after the the US "War on Terror" and "War on Drugs" which are _also_ unwinnable and declared solely to keep the ruling party in power via fear.