Tuesday, July 04, 2006

Cambridge Breached the Great Firewall of China

Cambridge academics claim to have breached the "great firewall" of China.

That firewall has been installed by the Chinese government to prevent inbound/outgoing access to "inappropriate" Internet locations by chinese users. What it did was filter every connection to and from the country for "bad" keywords. Once such a keyword was detected, the firewall forged a reset packet back to the source so that the connection was killed.

Of course that's pretty stupid because the firewall's strength relied on keeping this mechanism secret. Once it went public, workarounds came up and it was a matter of time before someone applied them to beat China's censorship. What one could do is ignore any reset packets (probably coming from the Firewall) and continue sending data packets. That would work just fine! Quite simple. :)

What is more, the Cambridge folks can perform DDoS attacks simply by adding "banned" keywords to connection requests to legitimate sites. If the Firewall sees such SYN packets it will block in/out connections to/from the target for a couple of minutes up to a couple of hours. And what if that "target" is a government or corporate site? There you have your DDoS attack!

To sum up, China panicked and tried keeping out "bad" content. I am a plain man but even I don't think that's possible in today's world. When you have the Internet (International Network) and the whole world is one planetary village, when information spreads around the globe in seconds, does any reasonable man think he can censor, block or manipulate free speech? Go ahead and have a try. China failed. Neeeext!

No comments: