Total Pageviews

Saturday, 25 April 2020

What technologies does the GFW use to censor Internet?

Where is GFW?

Most of the censors or filtering devices are located near the international gateways of Chinese ISPs (Such as ChinaNet, UniCom and CERNET), and some filtering is done at the border of provincial networks[3][4].
The GFW works like a nationwide Network Intrusion Detection and Protection System(NIDS/NIPS). Over more than a decade of development, a variety of technologies have been developed to censor the Internet. As of early 2013, these are the specific technologies the GFW employs:

a) IP address blocking

According to a paper by the designers of GFW[5], all the international gateways(routers) of all Chinese ISPs are configured with a blacklist of IP addresses. When users access these blacklisted addresses, the packets will be routed to a black hole server. The server could drop these packets, or analyze the traffic for statistical purposes.

b) DNS Injection

DNS is used to translate the name of a website into the corresponding IP address. The GFW maintains a blacklist of domain names and inspects any DNS queries from (and to) China. When it detects a query asking for a blacklisted domain name, it injects one or more forged DNS responses, spoofing the target address of the target DNS server. The host who launches the query will accept the forged answer (it arrives much earlier than the legitimate one), which includes either an invalid IP address, no address or an address controlled by GFW. For more details, see "The Great DNS Wall of China"[6].

c) TCP Reset

TCP is the network protocol most network applications use, such as Web (HTTP) and Email(SMTP). TCP Reset is one of the mechanisms to terminate a TCP connection. The GFW maintains a connection state for any TCP connections by inspecting the packets going through its censors (near international gateways of Chinese ISPs). When GFW sees a blacklisted keyword in the information flow, it injects a series of packets (with TCP reset flags) to both the client and server of this connection. For more detailed information, see "Ignoring the Great Firewall of China"[7].

d) Others

During the arms race with censorship circumvention tools, the GFW has developed more advanced technologies to block encrypted communications. Most free circumvention tools (such as FreeGate, Ultrasurf and Psiphon) rely on proxies outside China and encrypted tunnels. The researchers of the GFW constantly analyze the code or protocols of these tools and often able to block the tool's associated proxies or servers. In response, these tools have to replace proxies constantly in order to compete.
Tor, although designed as an anonymous communication tool, was once used by some Chinese netizens. Unlike other encrypted proxies, the set of nodes in Tor network is dynamically changed. However, the centralized directory server by which users get the list of proxy nodes is the fatal flaw in Tor's system. After the GFW blocked the IP address of the Tor directory in 2008, Tor lost most of its users in China.
The GFW also developed technologies to swiftly identify the use of encrypted protocols, such as TLS/SSL, SSH and VPN. Therefore, Gmail, Tor and OpenVPN are frequently interrupted by the GFW. Many Chinese users reported their connection issues with Gmail after making the switch to the HTTPS/TLS connections. The GFW can find the hidden servers (such as Tor bridges) by fingerprinting the encrypted protocols, and blocking them dynamically[8]. Following November 2012, when the communist Party of China convened their 18th congress, many Chinese users reported that their OpenVPN and SSH servers were blocked.
If you have more questions about the GFW, please contact us by email: hikinggfw@gmail.com, or follow us on Google plus

References

[1] History of GFW, Available: http://fangbinxing.appspot.com/
[2] "Golden Shield Project" china.com.cn. http://www.china.com.cn/chinese/zhuanti/283732.htm
[3] J. R. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East, “Conceptdoppler: A weather tracker for internet censorship,” 14th ACM Conference on Computer and Communications Security, pp. 1–4, 2007.
[4] X. Xu, Z. Mao, and J. Halderman, “Internet censorship in china: where does the filtering occur?,” Passive and Active Measurement, pp. 133–142, 2011.
[5] G. Liu, X. Yun, B. FANG, and M. Hu, “A control method for large-scale network based on routing diffusion,” Journal of China Institute of, p. 10, 2003.
[6] G. Lowe, P. Winters, and M. L. Marcus, “The Great DNS Wall of China,” pp. 1–7, Dec. 2007.
[7] R. Clayton, S. Murdoch, and R. Watson, “Ignoring the great firewall of china,” presented at the Privacy Enhancing Technologies, 2006, pp. 20–35.
[8] P. Winter and S. Lindskog, “How the Great Firewall of China is Blocking Tor,” Free and Open Communications on the Internet, Bellevue, WA, USA, 2012.

No comments:

Post a Comment