Defeating China's National Firewall

Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."

Publish and Perish

Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).

How to get drugs into USA

Why should American's be denied drugs just because their govenment makes such huge efforts to limit the drugs flowing into America? Here's how you can get those poor miserable people the drugs they want and need...

See the parallel?

Re:How to get drugs into USA

Sure do. Dear Rest Of The World: SEND MORE DRUGS.

Re:How to get drugs into USA

I see the parallel, but I don't see what you think it proves. There are a lot of people who think that censorship and prohibition are equally immoral.

You forgot something...

I think your post got cut off. Would you please repost?

You can pick up from "Here's how you can get those poor miserable people the drugs they want and need..."

Thanks!

Re:Drug Parallel

Most libertarians believe that (currently) illegal drugs should only be legal for adults. Minors don't have the full responsibility of adults to take care of themselves. There are also a lot of more moderate ones who believe that taxing them is okay, especially if it can help lower other taxes. Their main reason for supporting legalization of drugs is that it would lower black market crime, and end up saving lives, although ideology is obviously an important reason.

Re:Drug Parallel

Libertarianism isn't necissarily opposed to taxes and regulations. It is opposed to FORCED taxes and regulations. Taxes should be "optional" in the sense that if you "use" (buy/sell/trade) something that is taxed, you are volunteering to pay/levy that tax.

You do realize that this policy would justify every existing form of regulation and taxation? Income, after all, is nothing more than a straight trade, currency for labor. Even inheritance taxes would be justified, since inheritance is a gift from one person to another, and gifts are merely a subset of trades in which "goodwill" is traded for tangible property. What, then, would you consider a "forced" tax, since you have apparently chosen to define all taxes and regulations as "voluntary"?

More generally, any claim by a third party for a portion of the goods exchanged in any trade against the will of both the buyer and the seller must be considered theft from a libertarian point of view. That includes all taxes, which -- by definition -- differ from trades only in that they are coerced, i.e. non-voluntary. That has always been the libertarian position, despite the claims of the so-called Libertarian Party to the contrary. The LP has been sacrificing libertarian principles for political power for some time now; their present goals, while more liberal than the two major parties, are hardly "libertarian" in nature.

Re:Drug Parallel

More people die from the narco traffic violence than from the war in Iraq in the same time period. All of these deaths are caused by US policy but nobody cares about people dying who are not in our country. (One of) the reasons we invaded Iraq was to spread democracy. If we really wanted to spread democracy we could first start by legalizing and taxing drugs in the USA. This would nearly shut down many of the large violent drug cartels that keep dictators in power.

Re:How to get drugs into USA

See the parallel?

There is no parallel. The prohibitions on freedom of speech on and information about the different forms of government are uniquely self-perpetuating. Prohibitions on alcohol, drugs, and almost anything else are not like that and can be abolished by the popular will within a reasonably democratic society because discussing them remains legal, even if using is not.

Re:Publish and Perish

From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.

Re:Publish and Perish

Someone should tell them that they put their firewall in backwards.

Re:Publish and Perish

I have a feeling that instead they'll just roll up the death vans and execute those criminals. After all, if they are defeating the firewall, they clearly are up to something sneaky and are a threat to the existing order...

But how will they know? You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly. This seems like it will work.

Re:Publish and Perish

> You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly.

If you had to send multiple resets for the same port pair, they're ignoring you.

Re:Publish and Perish

Yes, we can mock the Great Firewall implementors for incompetence, but let's remember that the technical means are really only a reminder of the underlying law. Many laws don't have any built-in means of enforcement at all. My car has no speed governor to keep it under 65 mph, does that mean the government is just stupid? Or that I can't get busted for speeding? Almost all laws are easy to break; the real problem is getting away with it, especially if the government decides to target you for whatever reason.

Re:Publish and Perish

But can we use this with a machine coded matrix to get Jack Bauer out?

The sound you hear...

...is a billion Chinese walking into the great wall of China...all at once.

Dear Guys,

Thanks for doing the security analysis for us. We appreciate your hard work and excellent documentation.

Your Pal,

Wen

Duh ... just use Gopherspace

No one is monitoring that protocol

Detectable and Illegal

Wouldn't this be easily detectable and probably illegal (for someone in china)? It sounds like a good way to get in trouble.

When are they going to realise...

that most of the Chinese people don't know/care about the firewall?

Re:When are they going to realise...

If these stats [internetworldstats.com] are even semi-accurate, then internet penetration is less then 10% of the population. I guess that would mean a whopping 90% really could care less about the great firewall. Now, how many of the 10% (roughly 110 million people) care about the great firewall? Well this is somewhat more debatable, but you'd have to imagine some of them are supporters of the current system and would therefore not mind...

Re:When are they going to realise...

Exactly. When I was teaching a Chinese girl this time last year as part of my TESOL course I couldn't help but ask those questions. She said that most people she met in the uk had asked her about the firewall and censorship. She told me that most people she knew didn't really notice or care, even her father who teaches at a university. Make of that what you will. I'm not sure what to make of it.

National Firewall

Another way to defeat that firewall is to have everyone on both sides sending, say, ICMP/TCP/UDP pings through it.
Will it be able to deal with this enormous amount of traffic jamming into a "single point"?

Damn you Mongolians!

That's the last time you break down my shitty firewall!

Jeez, why is it everytime chinese build a wall, those damn mongolians gotta break it down?

They're not Mongolians...

They're Mongorians!

And before someone lambasts me for making fun of Engrish, I should clarify that I'm amused by all variations of the English language. A good number of my fellow Maltese citizens butcher English, for example, even though it's supposed to be a first language. Only in Malta can you fill your car up with pitlor (petrol), have your football team lose on a pineltri (penalty), and make windows out of enimielju (aluminium). By the way, those aren't Maltese words, those are what many Maltese people think the English words actually are. Oh, and they also think that Hoover, Jablo, Kenwood, and Geyser literally mean a vacuum cleaner, polystrene foam, a cake mixer, and a hot water heater, respectively.

Here's the South Park clip about Mongorians from YouTube [youtube.com].

Harry Potter??!

How the heck is it anything like shutting your eyes and walking onto Platform 9¾?

Maybe if the Chinese authorities found you on board this 'train', they could act like those terrible dementor things I guess.

Irresponsible

It is irresponsible for people to post ways of bypassing the security restrictions a sovereign nation has enacted upon its people. If the Chinese people don't like the way their government is restricting their access to information then they have a moral obligation to overthrow that government, either peacefully via voting in the next election, or by force using a militia formed from the people. By showing the Chinese people ways to exist comfortably within the restrictions imposed by an immoral government we're not helping them to reach a better place in life.. namely a free and democratic Republic of China.

Re:Irresponsible

It is irresponsible for people to post ways of bypassing the security restrictions a sovereign nation has enacted upon its people.

Why wait for the revolution before taking any other action? Your position is ridiculous.

-jcr

Re:Irresponsible

Back in the real world however, you can't overthrow the government whenever you don't agree with it, especially when they have lots of guns and tanks and all you have are disgruntled peasents. Sometimes civil disobediance is the best policy. Besides, you can't generate outrage against something like this until most of the people actually know about it, and even then many of them will believe the government line that they're only blocking "harmful materials" that you shouldn't be looking at anyway. Enough people start getting in trouble over bypassing the firewall and you might actually start educating the public about this.

Re:Irresponsible

Your post should be modded as Funny or Stupid (not Insightful) because 1) Chinese don't have elections with several parties, they are all from the Communist party and are approved office holders regardless of who wins, there is ONLY 1 party 2) Militia? WTF? The Chinese can't own firearms, and the last organized oppisition protest in Tiannimen (sp?) Square they squashed the opposition (with tanks) 3) It's NOT irresponsible for showing ways around Chinese Internet Security because the restrictions of the "immoral" Government don't ALLOW people access to information that they could USE to make China a better place. We are not showing them how to Exist comfortably within restrictions we are showing them how to get around the restrictions so they can share information and learn things that WILL allow them to have a free China one day. I'd rather we were called "irresponsible" and did something than be called moral and responsible but did nothing to advance the cause of Freedom.

Re:Irresponsible

No, people were pretty much crushed by tanks. You see, GP was basically repeating (and I assume satirizing) the party line. For instance, if you are in the United States and do a google image search for Tiananmen Square [google.com] you mostly find pictures of tanks. Do a China google images search for the same term [google.cn] and you get a much more patriotic view of things. Hmm... the ratio used to be a lot more unbalanced... I wonder if Google is intentionally letting the filtering slide, or if reporters have simply found ways around the google.cn filtering rules.

Huh? Why can't they have help?

Do you recall that little American Revolution way back in the mid 1770's? You know, the one the then-English colonies were LOSING? The U.S. would have been in quite a pickle without the French providing financial and military aid. Sure, it was in their own self-interest, but that makes their aid no less valuable.

Just because a Revolution receives assisstance from the outside makes it no more or less legitimate.

SirWired

Why is revolution the only answer?

Why do you think that the only legitimate way to deal with a bad government is to overthrow it, by election or force? What's wrong with getting a bad government to change its ways?

Do you think that any time a government is doing something bad, that the government should be overthrown (or voted out)? What if a government is doing some really wrong things, but it's also doing some good things? Suppose you think that a President has done one thing that's very wrong, but that aside from that one thing, he's done a fantastic job. Are you morally obliged to vote that President out? Imagine it's 1948. You think Truman did a terrible thing when he used nuclear weapons in Japan, but you approve of everything else he's done, and you don't like Dewey. Are you morally required to vote for Dewey anyway?

Do you think that armed rebellion is the only way for a non-democratic government to become democratic? If so, why do you think this? There are examples in recent history of non-democratic governments becoming democratic without a shot being fired (e.g., most of Eastern Europe). Or think about the way the U.K. changed from a non-democratic monarchy to a parliamentary democracy with a figurehead monarch.

Have you thought about what would be involved in overthrowing China's government by force? For some period of time, China would be without any government at all. Think how wonderful it would be for a country with a population of over a billion and a large supply of nuclear weapons to find itself suddenly without a government.

One way to get a government to stop trying to regulate something is to make its efforts to regulate it spectacularly ineffective. This happened in the United States with Prohibition. Why can't it happen in China?

DOS?

If I'm correct, and I think I am:

This has the potential to triple the traffic through their firewall as resets are sent for every packet. So consequently, not only is it an illegal act of hacking (even by US standards) but the potential does exist for a resulting DOS attack that could take the firewall down completely.

Kids have to much time on their hands. No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

It's not THEIRS

>No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

The chinese internet doesn't belong to the chinese government, it belongs to the chinese people. When they have a real democracy then "they" (the people) can decide how to run it. Until then we shouldn't respect how "they" (the government) want to run the internet any more than we would if some bank robbers were holding hostages and "they" (the robbers) wanted to decide how to run the bank.

Re:the chinese government is illegitimate

Illegitimate? Whatever, dude. The Chinese are, with the exception of Americans, the most patriotic people I've ever come into contact with -- nationalist fervor is so ingrained here it's absolutely frightening. They're not interested in revolt and on the whole are happy with the status quo. They love their country and go on and on about it. Really. If there were a vote tomorrow there is no doubt in my mind that the CCP would win.

During the Chinese civil war, the Communist party was overwhelmingly supported by the people.

Your assertion that non-democratic societies are illegitimate suggests that most societies in history have been illegitimate. I'm not sure that's a particularly useful definition of legitimacy.

I don't kmow about China

But even in the west I feel more comfortable using [revis.co.uk] Tor [eff.org], a (well, close enough) anonymizing proxy.

I used to use JAP [tu-dresden.de] (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.

It's a dying shame that /. is censored in China...

Or they might actually be able to enjoy their newfound freedom for the three days until it's plugged and they are subsequently arrested.

for those who didn't read harry potter

Could we just think of this as the "Indiana Jones and the Last Crusade" approach?

This should take a while to plug

Because the filtering is not done on the routers, but rather on external machines this should take some time to plug. Off the top of my head I can't imagine how the Chinese government would change their filtering to defeat this trick. On a Linux box you could just set an iptables rule:

bash-3.0# iptables -s 0/0 -d 0/0 -p tcp --tcp-flags RST -j DROP

should take care of the reset packets at the local end. The remote end would need to drop them as well, but that would be easy to setup. Maybe we could setup some proxies for those in mainland China that would drop the resets so they could surf anywhere. Might be hard to restrict to those coming from mainland China.

Just a thought.

the_crowbar