Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
China Censorship The Internet

China Upgrades Great Firewall To Defeat Censor-Beating TLS Tools (theregister.com) 20

Great Firewall Report (GFW), an organization that monitors and reports on China's censorship efforts, has this week posted a pair of assessments indicating a crackdown on TLS encryption-based tools used to evade the Firewall. The Register reports: The group's latest post opens with the observation that starting on October 3, "more than 100 users reported that at least one of their TLS-based censorship circumvention servers had been blocked. The TLS-based circumvention protocols that are reportedly blocked include trojan, Xray, V2Ray TLS+Websocket, VLESS, and gRPC." Trojan is a tool that promises it can leap over the Great Firewall using TLS encryption. Xray, V2ray and VLESS are VPN-like internet tunneling and privacy tools. It's unclear what the reference to gRPC describes -- but it is probably a reference to using the gRPC Remote Procedure Call (RPC) framework to authenticate client connections to VPN servers.

GFW's analysis of this incident is that "blocking is done by blocking the specific port that the circumvention services listen on. When the user changes the blocked port to a non-blocked port and keep using the circumvention tools, the entire IP addresses may get blocked." Interestingly, domain names used with these tools are not added to the Great Firewall's DNS or SNI blacklists, and blocking seems to be automatic and dynamic. "Based on the information collected above, we suspect, without empirical measurement yet, that the blocking is possibly related to the TLS fingerprints of those circumvention tools," the organization asserts. An alternative circumvention tool, naiveproxy, appears not to be impacted by these changes.
"It's not hard to guess why China might have chosen this moment to upgrade the Great Firewall: the 20th National Congress of the Chinese Communist Party kicks off next week," notes the Register. "The event is a five-yearly set piece at which Xi Jinping is set to be granted an unprecedented third five-year term as president of China."
This discussion has been archived. No new comments can be posted.

China Upgrades Great Firewall To Defeat Censor-Beating TLS Tools

Comments Filter:
  • I am glad I live under a red white and blue flag. God knows what I had to do pre-conception to arrange that.

    • Re:Communism sucks (Score:5, Informative)

      by fahrbot-bot ( 874524 ) on Thursday October 06, 2022 @08:23PM (#62945459)

      I am glad I live under a red white and blue flag. God knows what I had to do pre-conception to arrange that.

      You might want to be more specific. There are about 43 countries with red, white and blue flags [worldpopul...review.com], including Russia, Cuba and North Korea, and pretty sure you wouldn't count yourself lucky to be in some of them...

      • Yes, but OP specified the order of the colours as well. And we all know how arrogant those Netherlanders are.

      • Well it can't be Cuba or North Korea, because I said Communism sucks. And it can't be Russia because the probability of me being Putin is very low and I said I am glad to live there.

    • by Bert64 ( 520050 )

      You're in russia? Or perhaps the occupied parts of ukraine?

    • by PPH ( 736903 )

      Red, white and blue are the colors of freedom. Until you see those lights in your rear view mirror.

  • by Anonymous Coward

    Starlink is the only solution. Until the Chinese and Putinists decide it's an act of war, and we know Elon Musk, the faux-humanist is afraid of WW3, so he may take it down. I mean, he expects Ukraine to surrender and bend over to the Moskals so that we can avert nuclear war. How about taking down Starlink to avert nuclear war?

  • by Anonymous Coward

    Xi Jinping is set to be granted an unprecedented third five-year term as president

    DT: "If you want to really drive them crazy, you say 'twelve more years!'"

  • Hold up (Score:3, Funny)

    by NagrothAgain ( 4130865 ) on Thursday October 06, 2022 @08:27PM (#62945465)

    Interestingly, domain names used with these tools are not added to the Great Firewall's DNS or SNI blacklists

    First, they're not "black" lists any more, that's racist. Second, they might not be on the blocklist, but you're definitely being put on a list by trying to resolve them.

    • Getting the news about fomenting democracy in china isn't the violation; just attempting to get said news is the punishable offense.
  • by kyoko21 ( 198413 ) on Friday October 07, 2022 @12:14AM (#62945789)

    I mean, do I have to say it? If we can get machines to generate images, surely we can dump a lot of logs at a neural network and let it train on how the various VPN network traffic/flow look like. It doesn't have to domain names because ultimately it all goes back to IP addresses. If it thinks the traffic flow looks like something nefarious, then it can just execute some command which can easily be scripted with parameters of IP or blocks of IPs via subnet masks and include ports or port ranges. Slap in a time element then it's just iptables with some extra meat around it.

    • by AmiMoJo ( 196126 )

      The "machine learning" they use is very simple. The basic issue is that the traffic looks like a normal HTTPS connection to a cloud server on a shared IP address, so to avoid blocking large numbers of websites they allow initial connections and short bursts of traffic. If the firewall notices very long connections it starts to drop those packets on the assumption that they are probably some kind of circumvention tool.

      It also depends where in China you are. In the south around Shenzhen the restrictions are w

  • "It's not hard to guess why China might have chosen this moment to upgrade the Great Firewall

    It is for some nerds.

    Some nerds here are incapable of extrapolating. They are incapable of understanding that people do things for surreptitious reasons.

    If they don't outright say why they're doing something, it is impossible for them to look at the context and other background information and history to figure out the motives behind people's actions.

    • No kidding - they'll demand written proof that the firewall upgrade had to be ready for the CCP meeting, despite the abuse of the Shanghai Faction.

      Same fools who believe nothing can be real without several double-blind placebo-controlled trials, even when those are impossible.

      It's left-brain poisoning.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...