Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Defeating China's National Firewall

Posted by ScuttleMonkey on Tue Jun 27, 2006 04:41 PM
from the obligitory-harry-potter-reference dept.
Censorship Technology
Bruce Schneier is reporting on his blog that a recent paper is discussing how to defeat China's national firewall. From the article: "However, because the original packets are passed through the firewall unscathed, if both of the endpoints were to completely ignore the firewall's reset packets, then the connection will proceed unhindered! We've done some real experiments on this -- and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Defeating China's National Firewall 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Publish and Perish (Score:5, Interesting)

    by Archangel Michael (180766) on Tuesday June 27 2006, @04:44PM (#15615799) Journal
    Okay, now that you let the cat out of the bag, how long before the Great Chinese Firewall gets this hole plugged?

    On the otherhand, the more they try to squeeze star systems, the more they will slip out of thier han (or something like that).

    • Re:Publish and Perish (Score:5, Informative)

      by JesseL (107722) on Tuesday June 27 2006, @04:58PM (#15615934) Homepage Journal
      From reading the article it's not just a hole, it's the primary basis of their "firewall". Their system is apparantly built the way it is because any other method would be too expensive and/or slow. TO prevent this workaround will require enourmous expenditures in reworking their network structure.

    • Re:Publish and Perish (Score:5, Funny)

      by x2A (858210) on Tuesday June 27 2006, @05:02PM (#15615964)
      But can we use this with a machine coded matrix to get Jack Bauer out?

      • Re:How to get drugs into USA (Score:5, Funny)

        by bunions (970377) on Tuesday June 27 2006, @04:59PM (#15615943)
        Sure do. Dear Rest Of The World: SEND MORE DRUGS.
      • I think your post got cut off. Would you please repost?

        You can pick up from "Here's how you can get those poor miserable people the drugs they want and need..."

        Thanks!

      • Re:How to get drugs into USA (Score:5, Insightful)

        by mi (197448) <mi+slashdot@aldan.algebra.com> on Tuesday June 27 2006, @07:59PM (#15617222) Homepage
        See the parallel?

        There is no parallel. The prohibitions on freedom of speech on and information about the different forms of government are uniquely self-perpetuating. Prohibitions on alcohol, drugs, and almost anything else are not like that and can be abolished by the popular will within a reasonably democratic society because discussing them remains legal, even if using is not.

        • Re:Drug Parallel (Score:5, Insightful)

          by packeteer (566398) <packeteer AT subdimension DOT com> on Tuesday June 27 2006, @06:19PM (#15616611)
          More people die from the narco traffic violence than from the war in Iraq in the same time period. All of these deaths are caused by US policy but nobody cares about people dying who are not in our country. (One of) the reasons we invaded Iraq was to spread democracy. If we really wanted to spread democracy we could first start by legalizing and taxing drugs in the USA. This would nearly shut down many of the large violent drug cartels that keep dictators in power.

          • Re:Drug Parallel (Score:5, Interesting)

            by Millenniumman (924859) on Tuesday June 27 2006, @06:30PM (#15616703)
            Most libertarians believe that (currently) illegal drugs should only be legal for adults. Minors don't have the full responsibility of adults to take care of themselves. There are also a lot of more moderate ones who believe that taxing them is okay, especially if it can help lower other taxes. Their main reason for supporting legalization of drugs is that it would lower black market crime, and end up saving lives, although ideology is obviously an important reason.

      • Re:Publish and Perish (Score:5, Insightful)

        by timeOday (582209) on Tuesday June 27 2006, @06:02PM (#15616487)
        Yes, we can mock the Great Firewall implementors for incompetence, but let's remember that the technical means are really only a reminder of the underlying law. Many laws don't have any built-in means of enforcement at all. My car has no speed governor to keep it under 65 mph, does that mean the government is just stupid? Or that I can't get busted for speeding? Almost all laws are easy to break; the real problem is getting away with it, especially if the government decides to target you for whatever reason.

        • Re:Publish and Perish (Score:5, Insightful)

          by Anonymous Coward on Tuesday June 27 2006, @05:22PM (#15616139)
          > You cannot tell if a remote host is responding to reset packets from your firewall, at least not directly.

          If you had to send multiple resets for the same port pair, they're ignoring you.
  • ...is a billion Chinese walking into the great wall of China...all at once.

  • Dear Guys, (Score:5, Funny)

    by bunions (970377) on Tuesday June 27 2006, @04:46PM (#15615813)
    Thanks for doing the security analysis for us. We appreciate your hard work and excellent documentation.

    Your Pal,

    Wen

  • Duh ... just use Gopherspace (Score:4, Interesting)

    by Average_Joe_Sixpack (534373) on Tuesday June 27 2006, @04:48PM (#15615831)
    No one is monitoring that protocol

  • Detectable and Illegal (Score:4, Interesting)

    by mrcaseyj (902945) on Tuesday June 27 2006, @04:51PM (#15615858)
    Wouldn't this be easily detectable and probably illegal (for someone in china)? It sounds like a good way to get in trouble.

  • When are they going to realise... (Score:5, Insightful)

    by Poromenos1 (830658) on Tuesday June 27 2006, @04:52PM (#15615870) Homepage
    that most of the Chinese people don't know/care about the firewall?

      • Re:When are they going to realise... (Score:5, Insightful)

        by thebdj (768618) on Tuesday June 27 2006, @05:04PM (#15615981) Journal
        If these stats [internetworldstats.com] are even semi-accurate, then internet penetration is less then 10% of the population. I guess that would mean a whopping 90% really could care less about the great firewall. Now, how many of the 10% (roughly 110 million people) care about the great firewall? Well this is somewhat more debatable, but you'd have to imagine some of them are supporters of the current system and would therefore not mind...

  • Damn you Mongolians! (Score:5, Funny)

    by x2A (858210) on Tuesday June 27 2006, @04:53PM (#15615882)
    That's the last time you break down my shitty firewall!

    Jeez, why is it everytime chinese build a wall, those damn mongolians gotta break it down?

  • I don't kmow about China (Score:4, Informative)

    by also-rr (980579) on Tuesday June 27 2006, @04:54PM (#15615893) Homepage
    But even in the west I feel more comfortable using [revis.co.uk] Tor [eff.org], a (well, close enough) anonymizing proxy.

    I used to use JAP [tu-dresden.de] (a similar project but the client was Java based and less transparent) but Tor is considerably faster. Throughput up to 60K/sec on a 512k/sec DSL line (as fast as it ever goes with no proxy) means that it's practical to use for all traffic and makes the needle much harder to find in the haystack.

  • This should take a while to plug (Score:5, Interesting)

    by the_crowbar (149535) on Tuesday June 27 2006, @05:00PM (#15615946)
    Because the filtering is not done on the routers, but rather on external machines this should take some time to plug. Off the top of my head I can't imagine how the Chinese government would change their filtering to defeat this trick. On a Linux box you could just set an iptables rule:
    bash-3.0# iptables -s 0/0 -d 0/0 -p tcp --tcp-flags RST -j DROP
    should take care of the reset packets at the local end. The remote end would need to drop them as well, but that would be easy to setup. Maybe we could setup some proxies for those in mainland China that would drop the resets so they could surf anywhere. Might be hard to restrict to those coming from mainland China.

    Just a thought.

    the_crowbar

  • Bad example! (Score:5, Funny)

    by Tribbin (565963) on Tuesday June 27 2006, @05:01PM (#15615952) Homepage
    ... and it works just fine!! Think of it as the Harry Potter approach to the Great Firewall -- just shut your eyes and walk onto Platform 9¾.


    Or you just type in:

    idspispopd = Walk through wall in noclip style

    • It's not THEIRS (Score:5, Insightful)

      by mrcaseyj (902945) on Tuesday June 27 2006, @05:03PM (#15615968)
      >No matter how "horrible" Chinese internet policy is by US standards, it's their damned network segment. Let them work it out for themselves.

      The chinese internet doesn't belong to the chinese government, it belongs to the chinese people. When they have a real democracy then "they" (the people) can decide how to run it. Until then we shouldn't respect how "they" (the government) want to run the internet any more than we would if some bank robbers were holding hostages and "they" (the robbers) wanted to decide how to run the bank.

      • Re:the chinese government is illegitimate (Score:5, Interesting)

        by 808140 (808140) on Tuesday June 27 2006, @09:38PM (#15617639)
        Illegitimate? Whatever, dude. The Chinese are, with the exception of Americans, the most patriotic people I've ever come into contact with -- nationalist fervor is so ingrained here it's absolutely frightening. They're not interested in revolt and on the whole are happy with the status quo. They love their country and go on and on about it. Really. If there were a vote tomorrow there is no doubt in my mind that the CCP would win.

        During the Chinese civil war, the Communist party was overwhelmingly supported by the people.

        Your assertion that non-democratic societies are illegitimate suggests that most societies in history have been illegitimate. I'm not sure that's a particularly useful definition of legitimacy.

    • Re:Irresponsible (Score:5, Interesting)

      by jandrese (485) <kensama@vt.edu> on Tuesday June 27 2006, @05:08PM (#15616017) Homepage Journal
      Back in the real world however, you can't overthrow the government whenever you don't agree with it, especially when they have lots of guns and tanks and all you have are disgruntled peasents. Sometimes civil disobediance is the best policy. Besides, you can't generate outrage against something like this until most of the people actually know about it, and even then many of them will believe the government line that they're only blocking "harmful materials" that you shouldn't be looking at anyway. Enough people start getting in trouble over bypassing the firewall and you might actually start educating the public about this.

    • Re:Irresponsible (Score:5, Insightful)

      by twiddlingbits (707452) on Tuesday June 27 2006, @05:11PM (#15616042)
      Your post should be modded as Funny or Stupid (not Insightful) because 1) Chinese don't have elections with several parties, they are all from the Communist party and are approved office holders regardless of who wins, there is ONLY 1 party 2) Militia? WTF? The Chinese can't own firearms, and the last organized oppisition protest in Tiannimen (sp?) Square they squashed the opposition (with tanks) 3) It's NOT irresponsible for showing ways around Chinese Internet Security because the restrictions of the "immoral" Government don't ALLOW people access to information that they could USE to make China a better place. We are not showing them how to Exist comfortably within restrictions we are showing them how to get around the restrictions so they can share information and learn things that WILL allow them to have a free China one day. I'd rather we were called "irresponsible" and did something than be called moral and responsible but did nothing to advance the cause of Freedom.

    • Huh? Why can't they have help? (Score:5, Insightful)

      by sirwired (27582) on Tuesday June 27 2006, @05:18PM (#15616107)
      Do you recall that little American Revolution way back in the mid 1770's? You know, the one the then-English colonies were LOSING? The U.S. would have been in quite a pickle without the French providing financial and military aid. Sure, it was in their own self-interest, but that makes their aid no less valuable.

      Just because a Revolution receives assisstance from the outside makes it no more or less legitimate.

      SirWired

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.