Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Defeating China's National Firewall 370

Posted by ScuttleMonkey from the obligitory-harry-potter-reference dept.
Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."
This discussion has been archived. No new comments can be posted.

Defeating China's National Firewall More

Defeating China's National Firewall

Comments Filter:

  • Publish and Perish (Score:5, Interesting)

    by Archangel Michael ( 180766 ) on Tuesday June 27, 2006 @04:44PM (#15615799) Journal
    Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

    On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).
    • Archangel Michael (180766) writes:
      > Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?
      >On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).

      Damn. Leave it to a supernatural being to figure out how to get the Goatse Guy through the psychic firewall.

    • How to get drugs into USA (Score:4, Insightful)

      by EmbeddedJanitor ( 597831 ) on Tuesday June 27, 2006 @04:56PM (#15615919)
      Why should American's be denied drugs just because their govenment makes such huge efforts to limit the drugs flowing into America? Here's how you can get those poor miserable people the drugs they want and need...

      See the parallel?

      • Re:How to get drugs into USA (Score:5, Funny)

        by bunions ( 970377 ) on Tuesday June 27, 2006 @04:59PM (#15615943)
        Sure do. Dear Rest Of The World: SEND MORE DRUGS.

      • Re:How to get drugs into USA (Score:4, Insightful)

        by JesseL ( 107722 ) on Tuesday June 27, 2006 @05:02PM (#15615957) Homepage Journal
        I see the parallel, but I don't see what you think it proves. There are a lot of people who think that censorship and prohibition are equally immoral.
      • Yes, both governments will dislike you. In both cases you don't break a law in your own jurisdiction. Should we respect the other countries legal order, anyway? That's a moral decision. Just like it is a moral decision whether we want to help oppressed people get access to free information. You have to weigh those factors and decide what's more important.
      • I think your post got cut off. Would you please repost?

        You can pick up from "Here's how you can get those poor miserable people the drugs they want and need..."

        Thanks!

      • Why yes, I do. It is why I am a Libertarian. It is a huge waste of time, effort and money to stop drugs. Instead the government should regulate the HELL out of them like they do Cigarettes and Alcohol, and tax them into oblivian. Prolly would get rid of the Income Tax with the revenue.

        AND it would clean up the Drug Cartel Violence found in Brazil, Argentina, Mexico .........

        • Re:Drug Parallel (Score:3, Insightful)

          by rhakka ( 224319 )
          I agree with you, but isn't regulating and taxing them anti-libertarian?

          I believe a libertarian would say if a parent doesn't want their kids doing drugs, it's up to them to stop it, not to the government to regulate it. Who is the government to say who should use what and how much?

          Again, I personally agree with you 100%, just wondering how you reconcile your viewpoint with libertarian philosophy. Since that is one reason I am no longer a libertarian, though I still consider myself a civil libertarian.

          • Re:Drug Parallel (Score:5, Interesting)

            by Millenniumman ( 924859 ) on Tuesday June 27, 2006 @06:30PM (#15616703)
            Most libertarians believe that (currently) illegal drugs should only be legal for adults. Minors don't have the full responsibility of adults to take care of themselves. There are also a lot of more moderate ones who believe that taxing them is okay, especially if it can help lower other taxes. Their main reason for supporting legalization of drugs is that it would lower black market crime, and end up saving lives, although ideology is obviously an important reason.
            • Just to play devil's advocate,

              Why NOT legalize drugs for children? Many school districts require parents to medicate their kids if labeled "attention deficit disorder." That's compulsory amphetamines for kids mandated by the state. Ritalin & Aderall = amphetamine derivities = speed. I could imagine that some of these little tweakers might want to smoke a joint or two to slow down. It's not like they have any say in the matter... yet it's the "children" that drug laws are supposed to protect.

              • Re:Drug Parallel (Score:3, Interesting)

                by Mr2001 ( 90979 )
                Indeed.. teenagers are some of the ideal consumers of drugs, actually. They don't have much money, but what they do have is all disposable income. They don't have any real responsibilities, so unlike a parent or a lifeguard, nothing bad will happen if they're unable to respond to some situation because they're high. Their bodies are healthy, so the side effects of drug use likely won't have the same impact as they would on an adult.

            • Re:Drug Parallel (Score:3, Insightful)

              by rhakka ( 224319 )
              That's interesting. Why would parental supervision be suddenly inadequate for drug usage, but not for other things like policing television viewing, books, music, etc? As I'm pretty sure the libertarian view would frown on the nanny state's filtering of public media, yes?

        • Re:Drug Parallel (Score:5, Insightful)

          by packeteer ( 566398 ) <packeteer@sub d i m e n s i o n . com> on Tuesday June 27, 2006 @06:19PM (#15616611)
          More people die from the narco traffic violence than from the war in Iraq in the same time period. All of these deaths are caused by US policy but nobody cares about people dying who are not in our country. (One of) the reasons we invaded Iraq was to spread democracy. If we really wanted to spread democracy we could first start by legalizing and taxing drugs in the USA. This would nearly shut down many of the large violent drug cartels that keep dictators in power.
          • While this is quite true, it ignores the fact that many Americans are dying from our drug policy as well as foreigners. From quality and substitution issues with the drug itself, turf wars by gangs, police injured by people attempting to evade arrest, et cetera. Not to mention the fact that thousands are locked away for life... they might as well be dead too.
      • China even had a war with Britain over that kind of issue.... Both sides were wrong in that one, with governments trying to control people's lives and force or ban trade, rather like the US wars on politically-incorrect drugs. This time it's politically-incorrect speech that China's trying to ban.

      • Re:How to get drugs into USA (Score:5, Insightful)

        by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Tuesday June 27, 2006 @07:59PM (#15617222) Homepage Journal
        See the parallel?

        There is no parallel. The prohibitions on freedom of speech on and information about the different forms of government are uniquely self-perpetuating. Prohibitions on alcohol, drugs, and almost anything else are not like that and can be abolished by the popular will within a reasonably democratic society because discussing them remains legal, even if using is not.

    • Re:Publish and Perish (Score:5, Informative)

      by JesseL ( 107722 ) on Tuesday June 27, 2006 @04:58PM (#15615934) Homepage Journal
      From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.
    • Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

      Why plug it? I have a feeling that instead they'll just roll up the death vans [edmunds.com] and execute those criminals. After all, if they are defeating the firewall, they clearly are up to something sneaky and are a threat to the existing order...

      • Re:Publish and Perish (Score:4, Insightful)

        by wealthychef ( 584778 ) on Tuesday June 27, 2006 @05:13PM (#15616061)
        I have a feeling that instead they'll just roll up the death vans and execute those criminals. After all, if they are defeating the firewall, they clearly are up to something sneaky and are a threat to the existing order...

        But how will they know? You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly. This seems like it will work.

        • Re:Publish and Perish (Score:5, Insightful)

          by Anonymous Coward on Tuesday June 27, 2006 @05:22PM (#15616139)
          > You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly.

          If you had to send multiple resets for the same port pair, they're ignoring you.
          • Are you going to track every blocked connection for a whole country? and keep them in memory? Remember this is the content filtering part of their defences. I assume they have some address filtering as well. So it might not work for everything (eg /.).
      • Maybe, but it seems accessing sites the government doesn't want them to, is pretty widespread in China. Public internet cafes are very closely monitored, but access at home is not. It's pretty difficult for the government to crack down on "violations", their resources are limited.
      • I find it interesting that the link you provide is to a car enthusiast site. The title is "Death Van for China: Mobile Execution Chamber Makes for a Morbid Conversion Van." What? Are they advocating that people buy these things and trick them out, maybe put wall to wall shag carpeting, a waterbed, and some disco lights in them?

        "Hey baby, want to take a ride in my death van? Oh yeah, I'll give YOU a lethal injection!"

      • Re:Publish and Perish (Score:5, Insightful)

        by timeOday ( 582209 ) on Tuesday June 27, 2006 @06:02PM (#15616487)
        Yes, we can mock the Great Firewall implementors for incompetence, but let's remember that the technical means are really only a reminder of the underlying law. Many laws don't have any built-in means of enforcement at all. My car has no speed governor to keep it under 65 mph, does that mean the government is just stupid? Or that I can't get busted for speeding? Almost all laws are easy to break; the real problem is getting away with it, especially if the government decides to target you for whatever reason.

    • Re:Publish and Perish (Score:5, Funny)

      by x2A ( 858210 ) on Tuesday June 27, 2006 @05:02PM (#15615964)
      But can we use this with a machine coded matrix to get Jack Bauer out?

    • It doesn't really matter: no one in China can read Slashdot, so they'll never know.
      • prove it! I have travelled to and from china multiple times in the last few years (I live in the UK but my parents live in China). I have been able to access /. everytime.

        Some people have ridiculously high opinion of /., it is not the BBC or even Wikipedia for that matter.
    • "On the otherhand, the more they try to squeeze star systems, the more they will slip" ...

      And here I was thinking you were talking about Kleen star [wikipedia.org] systems.
      I knew there was a joke hiding in those packets someplace.
    • Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

      Depends on whether they can reconfigure the existing equpment to do it or if they have tobuy a bunch more stuff.

      If they've implemented it as a packet sniffer that drops in a forged reset, rather than something inline, they're probably going to need a redesign and to buy a BUNCH of smarter boxes - at least for either the boundary between them and the rest of the net, or the edge between their inte
  • ...is a billion Chinese walking into the great wall of China...all at once.

  • Dear Guys, (Score:5, Funny)

    by bunions ( 970377 ) on Tuesday June 27, 2006 @04:46PM (#15615813)
    Thanks for doing the security analysis for us. We appreciate your hard work and excellent documentation.

    Your Pal,

    Wen

  • Duh ... just use Gopherspace (Score:4, Interesting)

    by Average_Joe_Sixpack ( 534373 ) on Tuesday June 27, 2006 @04:48PM (#15615831)
    No one is monitoring that protocol

  • Detectable and Illegal (Score:4, Interesting)

    by mrcaseyj ( 902945 ) on Tuesday June 27, 2006 @04:51PM (#15615858)
    Wouldn't this be easily detectable and probably illegal (for someone in china)? It sounds like a good way to get in trouble.
    • I am neither a lawyer nor a Chinese resident, so I am not sure, but I don't think that it is illegal. If someone in China wants to connect to a server in the USA, and that server happened to be told to ignore reset packets from China, then that can't be illegal. If a Chinese citizen's computer just happened to be configured to ignore reset packets, then I doubt that it will be illegal. Having said that, actually looking at forbidden content is probably illegal.
      • i am neither a lawyer nor a Chinese resident, so I am not sure, but I don't think that it is illegal. If someone in China wants to connect to a server in the USA, and that server happened to be told to ignore reset packets from China, then that can't be illegal. If a Chinese citizen's computer just happened to be configured to ignore reset packets, then I doubt that it will be illegal. Having said that, actually looking at forbidden content is probably illegal.

        The problem hinges on the fact that the is no (

  • When are they going to realise... (Score:5, Insightful)

    by Poromenos1 ( 830658 ) on Tuesday June 27, 2006 @04:52PM (#15615870) Homepage
    that most of the Chinese people don't know/care about the firewall?

    • Re:When are they going to realise... (Score:4, Informative)

      by surgicaltubing ( 935958 ) on Tuesday June 27, 2006 @05:46PM (#15616352)
      Exactly. When I was teaching a Chinese girl this time last year as part of my TESOL course I couldn't help but ask those questions. She said that most people she met in the uk had asked her about the firewall and censorship. She told me that most people she knew didn't really notice or care, even her father who teaches at a university. Make of that what you will. I'm not sure what to make of it.
  • Another way to defeat that firewall is to have everyone on both sides sending, say, ICMP/TCP/UDP pings through it.
    Will it be able to deal with this enormous amount of traffic jamming into a "single point"?

  • Damn you Mongolians! (Score:5, Funny)

    by x2A ( 858210 ) on Tuesday June 27, 2006 @04:53PM (#15615882)
    That's the last time you break down my shitty firewall!

    Jeez, why is it everytime chinese build a wall, those damn mongolians gotta break it down?

    • They're not Mongolians... (Score:4, Informative)

      by merdaccia ( 695940 ) on Tuesday June 27, 2006 @05:37PM (#15616278)

      They're Mongorians!

      And before someone lambasts me for making fun of Engrish, I should clarify that I'm amused by all variations of the English language. A good number of my fellow Maltese citizens butcher English, for example, even though it's supposed to be a first language. Only in Malta can you fill your car up with pitlor (petrol), have your football team lose on a pineltri (penalty), and make windows out of enimielju (aluminium). By the way, those aren't Maltese words, those are what many Maltese people think the English words actually are. Oh, and they also think that Hoover, Jablo, Kenwood, and Geyser literally mean a vacuum cleaner, polystrene foam, a cake mixer, and a hot water heater, respectively.

      Here's the South Park clip about Mongorians from YouTube [youtube.com].

      • And no, I have no idea why anybody would want a hot water heater. :)
      • Goddamn it, the Chinese do not confuse r and l, the Japanese (and to a lesser extent the Koreans) do. Mandarin is in fact one of the few widely spoken languages out there that actually has a retroflex r (the r in English, which is exceptionally hard for most people to pronounce, even Europeans.)

        I think Engrish is funny, but it's the Japanese that speak it, not the Chinese. Of course, to most white westerners there's no difference whatsoever between the two cultures.

        Maybe you think being racist and ignora

  • Harry Potter??! (Score:2, Insightful)

    by celardore ( 844933 )
    How the heck is it anything like shutting your eyes and walking onto Platform 9¾?

    Maybe if the Chinese authorities found you on board this 'train', they could act like those terrible dementor things I guess.
    • Maybe if the Chinese authorities found you on board this 'train', they could act like those terrible dementor things I guess.


      By sucking all the happiness out of you? Maybe. More likely they'll just send you to 'Azkaban'.

  • Irresponsible (Score:3, Insightful)

    by Professor_UNIX ( 867045 ) on Tuesday June 27, 2006 @04:53PM (#15615886)
    It is irresponsible for people to post ways of bypassing the security restrictions a sovereign nation has enacted upon its people. If the Chinese people don't like the way their government is restricting their access to information then they have a moral obligation to overthrow that government, either peacefully via voting in the next election, or by force using a militia formed from the people. By showing the Chinese people ways to exist comfortably within the restrictions imposed by an immoral government we're not helping them to reach a better place in life.. namely a free and democratic Republic of China.

    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Tuesday June 27, 2006 @05:04PM (#15615978)
      Comment removed based on user account deletion
    • Maybe, but these revolutionaries will need information and the ability to coordinate and communicate across vast distances to be victorious in their campaign, be it political, social, military or all three. Finding a way to bypass government restriction on speech and (virtual) association isn't necessarily antithetical to freedom.

    • Re:Irresponsible (Score:5, Interesting)

      by jandrese ( 485 ) <kensama@vt.edu> on Tuesday June 27, 2006 @05:08PM (#15616017) Homepage Journal
      Back in the real world however, you can't overthrow the government whenever you don't agree with it, especially when they have lots of guns and tanks and all you have are disgruntled peasents. Sometimes civil disobediance is the best policy. Besides, you can't generate outrage against something like this until most of the people actually know about it, and even then many of them will believe the government line that they're only blocking "harmful materials" that you shouldn't be looking at anyway. Enough people start getting in trouble over bypassing the firewall and you might actually start educating the public about this.

    • Re:Irresponsible (Score:5, Insightful)

      by twiddlingbits ( 707452 ) on Tuesday June 27, 2006 @05:11PM (#15616042)
      Your post should be modded as Funny or Stupid (not Insightful) because 1) Chinese don't have elections with several parties, they are all from the Communist party and are approved office holders regardless of who wins, there is ONLY 1 party 2) Militia? WTF? The Chinese can't own firearms, and the last organized oppisition protest in Tiannimen (sp?) Square they squashed the opposition (with tanks) 3) It's NOT irresponsible for showing ways around Chinese Internet Security because the restrictions of the "immoral" Government don't ALLOW people access to information that they could USE to make China a better place. We are not showing them how to Exist comfortably within restrictions we are showing them how to get around the restrictions so they can share information and learn things that WILL allow them to have a free China one day. I'd rather we were called "irresponsible" and did something than be called moral and responsible but did nothing to advance the cause of Freedom.

    • Huh? Why can't they have help? (Score:5, Insightful)

      by sirwired ( 27582 ) on Tuesday June 27, 2006 @05:18PM (#15616107)
      Do you recall that little American Revolution way back in the mid 1770's? You know, the one the then-English colonies were LOSING? The U.S. would have been in quite a pickle without the French providing financial and military aid. Sure, it was in their own self-interest, but that makes their aid no less valuable.

      Just because a Revolution receives assisstance from the outside makes it no more or less legitimate.

      SirWired
    • By showing the Chinese people ways to exist comfortably within the restrictions imposed by an immoral government we're not helping them to reach a better place in life.. namely a free and democratic Republic of China.

      Think how much easier the revolution will be to organize and execute with open access to the Internet.

      Freedom of information isn't an abstract end-in-itself. It is a practical tool used by free people everywhere, especially those living under dictatorships, to gain power over their own lives.
    • yeah, man, totally. Letting people work stuff out on their own has worked out pretty well in bastions of freedom such as Burma, Cambodia and North Korea. If those people really wanted to stop starving to death, they'd have done something about it, the lazy bums.
    • Arguably irresponsible, yes, but it's certainly valid subject matter for Slashdot. (Before you reply: Bypassing the firewall could get you imprisoned or worse over there. Google for cases of arrested bloggers.)

      On Slashdot, they/we cover myriad cases relating to bypassing MS WPA authenitication, illicit p2p file-sharing, and numerous other things that are illegal in certain sovereign western states, where the citizens have considerably greater control over their government. It's news for nerds, and, unlik
    • In other news, it's irresponsible to tell your neighbours wife about ways to get help and counceling. If she doesn't like being physicaly and emotionaly abused, then she has a moral obligation to overthrow him. It's clearly wrong to attempt to help her in any way whatsoever.

    • Why is revolution the only answer? (Score:4, Insightful)

      by akratic ( 770961 ) on Tuesday June 27, 2006 @05:39PM (#15616296)

      Why do you think that the only legitimate way to deal with a bad government is to overthrow it, by election or force? What's wrong with getting a bad government to change its ways?

      Do you think that any time a government is doing something bad, that the government should be overthrown (or voted out)? What if a government is doing some really wrong things, but it's also doing some good things? Suppose you think that a President has done one thing that's very wrong, but that aside from that one thing, he's done a fantastic job. Are you morally obliged to vote that President out? Imagine it's 1948. You think Truman did a terrible thing when he used nuclear weapons in Japan, but you approve of everything else he's done, and you don't like Dewey. Are you morally required to vote for Dewey anyway?

      Do you think that armed rebellion is the only way for a non-democratic government to become democratic? If so, why do you think this? There are examples in recent history of non-democratic governments becoming democratic without a shot being fired (e.g., most of Eastern Europe). Or think about the way the U.K. changed from a non-democratic monarchy to a parliamentary democracy with a figurehead monarch.

      Have you thought about what would be involved in overthrowing China's government by force? For some period of time, China would be without any government at all. Think how wonderful it would be for a country with a population of over a billion and a large supply of nuclear weapons to find itself suddenly without a government.

      One way to get a government to stop trying to regulate something is to make its efforts to regulate it spectacularly ineffective. This happened in the United States with Prohibition. Why can't it happen in China?

    • Your position is patently offensive to basic decency. If people are raised in ignorance of their oppression and live with it day in and day out, how do they know of a better option? Most visiting chinese I have talked with adamently deny that their government censors /anything/. Consider also the arms ownership ratio between the people and the government (Note the lack of the word "their" before government). This is akin to seeing a child beaten in the streets by their parents and walking away because it's

  • DOS? (Score:3, Insightful)

    by beheaderaswp ( 549877 ) * on Tuesday June 27, 2006 @04:54PM (#15615887)
    If I'm correct, and I think I am:

    This has the potential to triple the traffic through their firewall as resets are sent for every packet. So consequently, not only is it an illegal act of hacking (even by US standards) but the potential does exist for a resulting DOS attack that could take the firewall down completely.

    Kids have to much time on their hands. No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

    • It's not THEIRS (Score:5, Insightful)

      by mrcaseyj ( 902945 ) on Tuesday June 27, 2006 @05:03PM (#15615968)
      >No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

      The chinese internet doesn't belong to the chinese government, it belongs to the chinese people. When they have a real democracy then "they" (the people) can decide how to run it. Until then we shouldn't respect how "they" (the government) want to run the internet any more than we would if some bank robbers were holding hostages and "they" (the robbers) wanted to decide how to run the bank.

  • I don't kmow about China (Score:4, Informative)

    by also-rr ( 980579 ) on Tuesday June 27, 2006 @04:54PM (#15615893) Homepage
    But even in the west I feel more comfortable using [revis.co.uk] Tor [eff.org], a (well, close enough) anonymizing proxy.

    I used to use JAP [tu-dresden.de] (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.

  • for those who didn't read harry potter (Score:4, Funny)

    by Lord Ender ( 156273 ) on Tuesday June 27, 2006 @04:56PM (#15615921) Homepage
    Could we just think of this as the "Indiana Jones and the Last Crusade" approach?

  • This should take a while to plug (Score:5, Interesting)

    by the_crowbar ( 149535 ) on Tuesday June 27, 2006 @05:00PM (#15615946)
    Because the filtering is not done on the routers, but rather on external machines this should take some time to plug. Off the top of my head I can't imagine how the Chinese government would change their filtering to defeat this trick. On a Linux box you could just set an iptables rule:
    bash-3.0# iptables -s 0/0 -d 0/0 -p tcp --tcp-flags RST -j DROP
    should take care of the reset packets at the local end. The remote end would need to drop them as well, but that would be easy to setup. Maybe we could setup some proxies for those in mainland China that would drop the resets so they could surf anywhere. Might be hard to restrict to those coming from mainland China.

    Just a thought.

    the_crowbar
    • Sending the reset packets is like a 'fire and forget'... if the reset packets are ignored, then you actually have to completely close off the connection, which means stateful connection tracking on every single tcp connection going through that gets blocked. I don't know how often a connection gets blocked by this firewall, but I can see number of connections that need to be remembered mounting up pretty quickly... and then every packets that flows through needing to be compared to make sure it's not part o

  • Bad example! (Score:5, Funny)

    by Tribbin ( 565963 ) on Tuesday June 27, 2006 @05:01PM (#15615952) Homepage
    ... and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾.


    Or you just type in:

    idspispopd = Walk through wall in noclip style
  • Creeping legal legislation against porn sites.

    Gambling too. Using phone lines to bet shouldn't be illegal. Encroaches on civil liberties.
  • Gimmicks like these wont last long. How many chinese would actually search for information against their government? Even if they do, they will always have the fear of being caught. Until every Ying Yang realizes the need to overthrow the system, nothing is going to happen.
  • Third party off-to-the-side resets are actually hard to do against a modern OS. Remember that big TCP reset against Cisco routers that could tear down BGP sessions... The fix was to be more restrictive on accepting reset packets. To do a third-party reset you have to be able to send the reset in real-time or each endpoint will have advanced their sequence window (actually the ack window is what matters). The reset will be properly ignored as invalid because each endpoint has moved on which would be impo

  • Great walls not so great in China (Score:3, Interesting)

    by balls199 ( 648142 ) on Tuesday June 27, 2006 @05:53PM (#15616415) Homepage

    This sort of reminds me of the way the Mongols defeated the Great Wall of China.

    Did they tear the wall down? No.

    Did they march around one end of the wall? No.

    They simply bribed a guard to open the gates.

    Maybe China shouldn't be so fixated on walls.

  • Cisco will be upset! (Score:3, Insightful)

    by Helpadingoatemybaby ( 629248 ) on Tuesday June 27, 2006 @07:05PM (#15616920)
    Somewhere, a Cisco employee in the US will have to now form a team to make sure that the Chinese government can repress unhindered.

    Then he'll go home to his wife and kids, proud that he's done a good job. If you're here, raise your hand.

    Kind of funny, eh, that repression has been outsourced to us now. (Yes, Cisco helped set up the great firewall, sold the equipment, and worked extensively to prevent free access by Chinese citizens.)

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close