Manage updates with the Download App
July 3, 2006 9:06 AM PDT
Academics break the Great Firewall of China
- Related Stories
-
Keeping an eye on MySpace
June 29, 2006 -
Youth centers grapple with MySpace
June 23, 2006 -
School filters vs. home proxies
May 3, 2006 -
Google in China: The big disconnect
April 21, 2006 -
China's Hu meets Gates as U.S. trip begins
April 18, 2006
The firewall, which uses routers supplied by Cisco Systems, works in part by inspecting Web traffic for certain keywords that the Chinese government wishes to censor, including political ideologies and groups it finds unacceptable.
The Cambridge research group tested the firewall by firing data packets containing the word "Falun" at it, a reference to the Falun Gong religious group, which is banned in China.
The researchers found that it was possible to circumvent the Chinese intrusion detection systems by ignoring the forged transmission control protocol resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.
"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."
Clayton added that this means the Chinese firewall can be used to launch denial-of-service attacks against specific IP addresses within China, including those of the Chinese government itself.
The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a "sensitive" keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time.
If an attacker had identified the machines used by regional government offices, they could block access to Windows Update, or prevent Chinese embassies abroad from accessing specific Chinese Web content.
"Due to the design of the firewall, a single packet addressed from a high party official could block their Web access," said Clayton.
Even though this technique would block communication between only two particular points on the Internet, the researchers calculated that a lone attacker using a single dial-up connection could still generate a "reasonably effective" denial-of-service attack. If an attacker generated 100 triggering packets per second, and each packet caused 20 minutes of disruption, 120,000 pairs of endpoints could be prevented from communicating at any one time.
Clayton, speaking at the Sixth Workshop on Privacy Enhancing Technologies in Cambridge last week, said that the researchers had reported their findings to the Chinese Computer Emergency Response Team.
Tom Espiner of ZDNet UK reported from London.
See more CNET content tagged:
packet, China, denial of service, computer expert, Cambridge
37 comments
Join the conversation! Add your comment
difficult, the problem is that we are talking about morality here...
That being said, if they can crack into the firewall, which was one of
the toughest in the world to crack in the first place, then we have a
chance of taking it down and letting all information free on the net
if we do it correctly...
The problem with security "holes" in Internet security is that, eventually, they all get discovered, exploited and, eventually, closed. Whether it is the person running the security or someone on the outside.
For the sake of argument, even if disclosing this "hole" puts the Chinese on notice, it does not, necessarily mean they will close it, that they can close it - unless they hire someone from
Cambridge - or that they feel that it is necessary to close it. AFter all, this could just be "disinformation" from the west...
Given the level of sophistication of average Internet users around the world, even with this hole, their system is still pretty secure. Most Internet users aren't interested enough to expend enough energy and effort to get around this level of security. It is only a "hole" if you can manage to exploit it...
difficult, the problem is that we are talking about morality here...
That being said, if they can crack into the firewall, which was one of
the toughest in the world to crack in the first place, then we have a
chance of taking it down and letting all information free on the net
if we do it correctly...
The problem with security "holes" in Internet security is that, eventually, they all get discovered, exploited and, eventually, closed. Whether it is the person running the security or someone on the outside.
For the sake of argument, even if disclosing this "hole" puts the Chinese on notice, it does not, necessarily mean they will close it, that they can close it - unless they hire someone from
Cambridge - or that they feel that it is necessary to close it. AFter all, this could just be "disinformation" from the west...
Given the level of sophistication of average Internet users around the world, even with this hole, their system is still pretty secure. Most Internet users aren't interested enough to expend enough energy and effort to get around this level of security. It is only a "hole" if you can manage to exploit it...
Ooops. Redundancy here. Thieves and Commies are two faces of the same coin. With thieves being the more honorable face.
Ooops. Redundancy here. Thieves and Commies are two faces of the same coin. With thieves being the more honorable face.
By the way, if anyone sent you a script, there is a very good chance they just sent you a virus instead for being a wannabe script kiddie.
By the way, if anyone sent you a script, there is a very good chance they just sent you a virus instead for being a wannabe script kiddie.
Now stay in your bedroom and continue to be master of the universe / know it all.
If you attack your friend's computer, you get your friend coming after you or saying "wow, nice hack, how'd you do that?"
If you attack an irc channel full of suppremists or similar anti-social collection (while fun and self folfilling) you have the risk of some very real and far reaching organizations coming to your front door.
If you attack a local school or organization, you have the local police probably with the FBI in towe nocking at your door.
If you attack across state lines it's federal and you most assuredly have the FBI knocking on your door possibly with the local police in towe.
If you attack a government facility, you most assuredly have the FBI along with government techies (likely military trained security/counter-security IT folks) showingup at your door.
If you attack across government borders, it's an act of war requireing a whole lot of scrambling and political apologies. If your lucky, it's the FBI coming to your door but it could just as easily be some nameless "tourist" with no identifying markings or documents who doesn't knock at the front door.
If one attacks there friend or neibour's computers they may get an upset friend or someone knocking on there door going "wow, that was cool. How'd you do that?"
If one attacks local businesses they get local police at there door possibly with FBI along for hte ride.
If one attacks across state borders they definately get FBI at the door possibly with local police along for the ride.
If one attacks across country borders they risk being interpreted as an act of war on behalf of there country and would be lucky if it was only the FBI at there door but more likely, secret service is going to become interested which means military trained government security/counter-security IT folks.
Now similarily, attacking an IRC chat channel devoted to iddle babble is going to upset the IRC ops depending on the user discomfort caused. Attacking a channel devoted to oneo f the various suppremist groups be it the K's or other, while self satisfying, risks having someone unfriendly and unaffiliated with law inforcement nocking at your door.
To me, four computers screaming my current location at another country across political borders in what would be a first attack in any future war between IT enabled nations is less apealing when I consider the Act of War and Secret Service/FBI/local police interest (best case) or "tourist" without identifying marks or documents "visiting" me during the night.
I know your a good little scripter and nobody is ever going to catch you but just imagine that these governments have the resources to follow the server logs back to your house. We're beyond the marry days of modem connections and IRC script wars. I'm good, but I'm not going to joust with government sactioned proffessionals.
Now stay in your bedroom and continue to be master of the universe / know it all.
If you attack your friend's computer, you get your friend coming after you or saying "wow, nice hack, how'd you do that?"
If you attack an irc channel full of suppremists or similar anti-social collection (while fun and self folfilling) you have the risk of some very real and far reaching organizations coming to your front door.
If you attack a local school or organization, you have the local police probably with the FBI in towe nocking at your door.
If you attack across state lines it's federal and you most assuredly have the FBI knocking on your door possibly with the local police in towe.
If you attack a government facility, you most assuredly have the FBI along with government techies (likely military trained security/counter-security IT folks) showingup at your door.
If you attack across government borders, it's an act of war requireing a whole lot of scrambling and political apologies. If your lucky, it's the FBI coming to your door but it could just as easily be some nameless "tourist" with no identifying markings or documents who doesn't knock at the front door.
If one attacks there friend or neibour's computers they may get an upset friend or someone knocking on there door going "wow, that was cool. How'd you do that?"
If one attacks local businesses they get local police at there door possibly with FBI along for hte ride.
If one attacks across state borders they definately get FBI at the door possibly with local police along for the ride.
If one attacks across country borders they risk being interpreted as an act of war on behalf of there country and would be lucky if it was only the FBI at there door but more likely, secret service is going to become interested which means military trained government security/counter-security IT folks.
Now similarily, attacking an IRC chat channel devoted to iddle babble is going to upset the IRC ops depending on the user discomfort caused. Attacking a channel devoted to oneo f the various suppremist groups be it the K's or other, while self satisfying, risks having someone unfriendly and unaffiliated with law inforcement nocking at your door.
To me, four computers screaming my current location at another country across political borders in what would be a first attack in any future war between IT enabled nations is less apealing when I consider the Act of War and Secret Service/FBI/local police interest (best case) or "tourist" without identifying marks or documents "visiting" me during the night.
I know your a good little scripter and nobody is ever going to catch you but just imagine that these governments have the resources to follow the server logs back to your house. We're beyond the marry days of modem connections and IRC script wars. I'm good, but I'm not going to joust with government sactioned proffessionals.
Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Did you try to use it? If you have not proved that your DoS theory works, don't claim it to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Did you try to use it? If you have not proved that your DoS theory works, don't claim it to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Did you try to use it? If you have not proved that your DoS theory works, don't claim to the world like that.
To name one of the methods that I know and use to break through the firewall of China: use SSL Proxy tunnel.
This is no freaking news... heh!
Freedur server is full of stolen files, just as example - https://freedur.net/images/placeholder/stackfile_logo.jpg
You can read the law suit against Freedur/Chris Mathews here http://www.skydur.com/law-suit-against-chris-mathews.php.
If I were you I would stay away from Freedur, ShoeMask and Open Terrace LTD.
Simon
http://freedur.net/public_record/Freedur_law_suit.pdf
*Currently we are only able to pursue Paul Hay and Stackfile Corp via the court, as Grujic lives in Serbia and Mizdrak lives in Australia.
Currently, the perpetrators operate under the following identities: Stackfile, Skydur, and Astrill. All of these entities either do not exist as a real company or are suspended. Stackfile Corp is suspended by the State of California. A search for "Stackfile" at http://kepler.sos.ca.gov will reveal its current status.
The Skydur individuals are attempting to confuse the public by accusing Freedur and its owners of doing what they actually did to us. Their continuing campaign of defamation, lies and distortion will be resolved in court. Their malicious and fraudulent misrepresentations of facts speak for themselves. Please support us by seeking the truth of the matter.