July 3, 2006 9:06 AM PDT

Academics break the Great Firewall of China

Computer experts from the University of Cambridge claim not only to have breached the Great Firewall of China, but have found a way to use the firewall to launch denial-of-service attacks against specific Internet Protocol addresses in the country.

The firewall, which uses routers supplied by Cisco Systems, works in part by inspecting Web traffic for certain keywords that the Chinese government wishes to censor, including political ideologies and groups it finds unacceptable.

The Cambridge research group tested the firewall by firing data packets containing the word "Falun" at it, a reference to the Falun Gong religious group, which is banned in China.

The researchers found that it was possible to circumvent the Chinese intrusion detection systems by ignoring the forged transmission control protocol resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.

"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."

Clayton added that this means the Chinese firewall can be used to launch denial-of-service attacks against specific IP addresses within China, including those of the Chinese government itself.

The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a "sensitive" keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time.

If an attacker had identified the machines used by regional government offices, they could block access to Windows Update, or prevent Chinese embassies abroad from accessing specific Chinese Web content.

"Due to the design of the firewall, a single packet addressed from a high party official could block their Web access," said Clayton.

Even though this technique would block communication between only two particular points on the Internet, the researchers calculated that a lone attacker using a single dial-up connection could still generate a "reasonably effective" denial-of-service attack. If an attacker generated 100 triggering packets per second, and each packet caused 20 minutes of disruption, 120,000 pairs of endpoints could be prevented from communicating at any one time.

Clayton, speaking at the Sixth Workshop on Privacy Enhancing Technologies in Cambridge last week, said that the researchers had reported their findings to the Chinese Computer Emergency Response Team.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
packet, China, denial of service, computer expert, Cambridge

37 comments

Join the conversation!
Add your comment
Let's help them improve their censorship!
Great -- so now the Chinese government can work on improving their firewall, to make it harder for their citizens to access information. That's a big step forward! Congratulations, Cambridge, on aiding censorship and totalitarianism!
Posted by E B (267 comments )
Reply Link Flag
Not really...
There is a way to hide all data while you do the attack, it is not that
difficult, the problem is that we are talking about morality here...

That being said, if they can crack into the firewall, which was one of
the toughest in the world to crack in the first place, then we have a
chance of taking it down and letting all information free on the net
if we do it correctly...
Posted by Cyberpawz (3 comments )
Link Flag
Anything that increases the costs...
...to the Chinese government of their censorship activities is a good thing.

The problem with security "holes" in Internet security is that, eventually, they all get discovered, exploited and, eventually, closed. Whether it is the person running the security or someone on the outside.

For the sake of argument, even if disclosing this "hole" puts the Chinese on notice, it does not, necessarily mean they will close it, that they can close it - unless they hire someone from
Cambridge - or that they feel that it is necessary to close it. AFter all, this could just be "disinformation" from the west...

Given the level of sophistication of average Internet users around the world, even with this hole, their system is still pretty secure. Most Internet users aren't interested enough to expend enough energy and effort to get around this level of security. It is only a "hole" if you can manage to exploit it...
Posted by MTGrizzly (353 comments )
Link Flag
agreed E B - this is not an automatic win here
Posted by robertrowshan (29 comments )
Link Flag
Let's help them improve their censorship!
Great -- so now the Chinese government can work on improving their firewall, to make it harder for their citizens to access information. That's a big step forward! Congratulations, Cambridge, on aiding censorship and totalitarianism!
Posted by E B (267 comments )
Reply Link Flag
Not really...
There is a way to hide all data while you do the attack, it is not that
difficult, the problem is that we are talking about morality here...

That being said, if they can crack into the firewall, which was one of
the toughest in the world to crack in the first place, then we have a
chance of taking it down and letting all information free on the net
if we do it correctly...
Posted by Cyberpawz (3 comments )
Link Flag
Anything that increases the costs...
...to the Chinese government of their censorship activities is a good thing.

The problem with security "holes" in Internet security is that, eventually, they all get discovered, exploited and, eventually, closed. Whether it is the person running the security or someone on the outside.

For the sake of argument, even if disclosing this "hole" puts the Chinese on notice, it does not, necessarily mean they will close it, that they can close it - unless they hire someone from
Cambridge - or that they feel that it is necessary to close it. AFter all, this could just be "disinformation" from the west...

Given the level of sophistication of average Internet users around the world, even with this hole, their system is still pretty secure. Most Internet users aren't interested enough to expend enough energy and effort to get around this level of security. It is only a "hole" if you can manage to exploit it...
Posted by MTGrizzly (353 comments )
Link Flag
Can someone please write a script for this DOS?
It would be fun to have 4 of my machines constantly DOSing those thieving commies.

Ooops. Redundancy here. Thieves and Commies are two faces of the same coin. With thieves being the more honorable face.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
your so up to date
for 1950s politics
Posted by jabbotts (492 comments )
Link Flag
Can someone please write a script for this DOS?
It would be fun to have 4 of my machines constantly DOSing those thieving commies.

Ooops. Redundancy here. Thieves and Commies are two faces of the same coin. With thieves being the more honorable face.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
your so up to date
for 1950s politics
Posted by jabbotts (492 comments )
Link Flag
(almost) a script kiddie, lawl
4 whole machines of yours working on a DOS attack, good idea, they might just make a difference, champ.

By the way, if anyone sent you a script, there is a very good chance they just sent you a virus instead for being a wannabe script kiddie.
Posted by osbjmg (14 comments )
Reply Link Flag
(almost) a script kiddie, lawl
4 whole machines of yours working on a DOS attack, good idea, they might just make a difference, champ.

By the way, if anyone sent you a script, there is a very good chance they just sent you a virus instead for being a wannabe script kiddie.
Posted by osbjmg (14 comments )
Reply Link Flag
Never claimed to be a programmer. Duh.
Sigh. Another stuck up programmer wanna-be. Scripts are the easiest thing to use. And you can always monitor what the scripts does. And as to four machines... well if they're on four seperate fiber optic lines and they run 6 hours at night while no one is using it. And China is 12 hours differential, yeah, I would say it would make a diff.

Now stay in your bedroom and continue to be master of the universe / know it all.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
Idiot
You my friend are a complete idiot. You have no idea what you are talking about.
Posted by warx1 (2 comments )
Link Flag
There is another issue to concider before you suck the 4 dogs of war on the
bouncing script wars between friends can be a whole lot of fun but more than talk about attacking china through the network needs some consideration:

If you attack your friend's computer, you get your friend coming after you or saying "wow, nice hack, how'd you do that?"

If you attack an irc channel full of suppremists or similar anti-social collection (while fun and self folfilling) you have the risk of some very real and far reaching organizations coming to your front door.

If you attack a local school or organization, you have the local police probably with the FBI in towe nocking at your door.

If you attack across state lines it's federal and you most assuredly have the FBI knocking on your door possibly with the local police in towe.

If you attack a government facility, you most assuredly have the FBI along with government techies (likely military trained security/counter-security IT folks) showingup at your door.

If you attack across government borders, it's an act of war requireing a whole lot of scrambling and political apologies. If your lucky, it's the FBI coming to your door but it could just as easily be some nameless "tourist" with no identifying markings or documents who doesn't knock at the front door.
Posted by jabbotts (492 comments )
Link Flag
consider the escalation before you "make a difference"
Yeah, setting a few boxes to hurrass the chinese firewall at night could be fun but concider this first:

If one attacks there friend or neibour's computers they may get an upset friend or someone knocking on there door going "wow, that was cool. How'd you do that?"

If one attacks local businesses they get local police at there door possibly with FBI along for hte ride.

If one attacks across state borders they definately get FBI at the door possibly with local police along for the ride.

If one attacks across country borders they risk being interpreted as an act of war on behalf of there country and would be lucky if it was only the FBI at there door but more likely, secret service is going to become interested which means military trained government security/counter-security IT folks.

Now similarily, attacking an IRC chat channel devoted to iddle babble is going to upset the IRC ops depending on the user discomfort caused. Attacking a channel devoted to oneo f the various suppremist groups be it the K's or other, while self satisfying, risks having someone unfriendly and unaffiliated with law inforcement nocking at your door.

To me, four computers screaming my current location at another country across political borders in what would be a first attack in any future war between IT enabled nations is less apealing when I consider the Act of War and Secret Service/FBI/local police interest (best case) or "tourist" without identifying marks or documents "visiting" me during the night.

I know your a good little scripter and nobody is ever going to catch you but just imagine that these governments have the resources to follow the server logs back to your house. We're beyond the marry days of modem connections and IRC script wars. I'm good, but I'm not going to joust with government sactioned proffessionals.
Posted by jabbotts (492 comments )
Link Flag
Never claimed to be a programmer. Duh.
Sigh. Another stuck up programmer wanna-be. Scripts are the easiest thing to use. And you can always monitor what the scripts does. And as to four machines... well if they're on four seperate fiber optic lines and they run 6 hours at night while no one is using it. And China is 12 hours differential, yeah, I would say it would make a diff.

Now stay in your bedroom and continue to be master of the universe / know it all.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
Idiot
You my friend are a complete idiot. You have no idea what you are talking about.
Posted by warx1 (2 comments )
Link Flag
There is another issue to concider before you suck the 4 dogs of war on the
bouncing script wars between friends can be a whole lot of fun but more than talk about attacking china through the network needs some consideration:

If you attack your friend's computer, you get your friend coming after you or saying "wow, nice hack, how'd you do that?"

If you attack an irc channel full of suppremists or similar anti-social collection (while fun and self folfilling) you have the risk of some very real and far reaching organizations coming to your front door.

If you attack a local school or organization, you have the local police probably with the FBI in towe nocking at your door.

If you attack across state lines it's federal and you most assuredly have the FBI knocking on your door possibly with the local police in towe.

If you attack a government facility, you most assuredly have the FBI along with government techies (likely military trained security/counter-security IT folks) showingup at your door.

If you attack across government borders, it's an act of war requireing a whole lot of scrambling and political apologies. If your lucky, it's the FBI coming to your door but it could just as easily be some nameless "tourist" with no identifying markings or documents who doesn't knock at the front door.
Posted by jabbotts (492 comments )
Link Flag
consider the escalation before you "make a difference"
Yeah, setting a few boxes to hurrass the chinese firewall at night could be fun but concider this first:

If one attacks there friend or neibour's computers they may get an upset friend or someone knocking on there door going "wow, that was cool. How'd you do that?"

If one attacks local businesses they get local police at there door possibly with FBI along for hte ride.

If one attacks across state borders they definately get FBI at the door possibly with local police along for the ride.

If one attacks across country borders they risk being interpreted as an act of war on behalf of there country and would be lucky if it was only the FBI at there door but more likely, secret service is going to become interested which means military trained government security/counter-security IT folks.

Now similarily, attacking an IRC chat channel devoted to iddle babble is going to upset the IRC ops depending on the user discomfort caused. Attacking a channel devoted to oneo f the various suppremist groups be it the K's or other, while self satisfying, risks having someone unfriendly and unaffiliated with law inforcement nocking at your door.

To me, four computers screaming my current location at another country across political borders in what would be a first attack in any future war between IT enabled nations is less apealing when I consider the Act of War and Secret Service/FBI/local police interest (best case) or "tourist" without identifying marks or documents "visiting" me during the night.

I know your a good little scripter and nobody is ever going to catch you but just imagine that these governments have the resources to follow the server logs back to your house. We're beyond the marry days of modem connections and IRC script wars. I'm good, but I'm not going to joust with government sactioned proffessionals.
Posted by jabbotts (492 comments )
Link Flag
Yeah, great going guys!
Way to go to help overcome an oppressive and restrictive regime - show them their faults and help them fix them to keep their people under control.
Posted by robbtuck (132 comments )
Reply Link Flag
Yeah, great going guys!
Way to go to help overcome an oppressive and restrictive regime - show them their faults and help them fix them to keep their people under control.
Posted by robbtuck (132 comments )
Reply Link Flag
As if you are the first to discover it, dumb ass...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
As if you are the first to discover it, dumb ass...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
This is news? You gotta be kidding...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim it to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
This is news? You gotta be kidding...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim it to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
This is news? You gotta be kidding...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
This is news? You gotta be kidding...
There are a few known methods to break through the firewall a long time ago, and yet to use it to DoS attack is only a theory!

Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.

To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.

This is no freaking news... heh!
Posted by deeptii (6 comments )
Reply Link Flag
ah so much fun
man how awsome would that be to take down chinas internet infastructure im sure a 1337 h4x0r and his buddys with drone computers could really do alot of damage but thats what you get for not being smart china
Posted by sirfragalot (52 comments )
Reply Link Flag
ah so much fun
man how awsome would that be to take down chinas internet infastructure im sure a 1337 h4x0r and his buddys with drone computers could really do alot of damage but thats what you get for not being smart china
Posted by sirfragalot (52 comments )
Reply Link Flag
I'm using Freedur to get around the great firewall. It is fast and stable. Youtube videos stream very fast.
Posted by jajalolo (2 comments )
Reply Link Flag
FYI, the owner of Freedur Chris Mathews and his operations are very shady. There is so many bad comments floating around the internet about Chris Mathews, Freedur, ShoeMash and OpenTerrace LTD. Supposedly, Chris Mathews has stolen Freedur from its real owner - StackFile (owner - Paul Hay).

Freedur server is full of stolen files, just as example - https://freedur.net/images/placeholder/stackfile_logo.jpg

You can read the law suit against Freedur/Chris Mathews here http://www.skydur.com/law-suit-against-chris-mathews.php.

If I were you I would stay away from Freedur, ShoeMask and Open Terrace LTD.

Simon
Posted by simon1978011 (2 comments )
Link Flag
The above comment and content of links are fabricated lies. Skydur is a copycat service that was created after Obrad Grujic, Paul Hay, and Jovica Mizdrak (all former developers of the Freedur application terminated due to poor work quality and ethics) hijacked the Freedur servers and fraudulently posted lies posing as Freedur staff on our own website. The hacking incident took place back in August 2009 and caused severe damages and grief to our company and customers. The whole, and definitive true story can be found within OUR lawsuit against them:

http://freedur.net/public_record/Freedur_law_suit.pdf
*Currently we are only able to pursue Paul Hay and Stackfile Corp via the court, as Grujic lives in Serbia and Mizdrak lives in Australia.

Currently, the perpetrators operate under the following identities: Stackfile, Skydur, and Astrill. All of these entities either do not exist as a real company or are suspended. Stackfile Corp is suspended by the State of California. A search for "Stackfile" at http://kepler.sos.ca.gov will reveal its current status.

The Skydur individuals are attempting to confuse the public by accusing Freedur and its owners of doing what they actually did to us. Their continuing campaign of defamation, lies and distortion will be resolved in court. Their malicious and fraudulent misrepresentations of facts speak for themselves. Please support us by seeking the truth of the matter.
Posted by chrismathews (2 comments )
Reply Link Flag
I don't know if this is a good idea, it will only lead to china cracking down harder and removing even more ways that are open now to evade the great firewall
Posted by robertrowshan (29 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.