Academics break the Great Firewall of China

Found on ZDNet Asia on Monday, 03 July 2006

Computer experts from the University of Cambridge claim not only to have breached the Great Firewall of China, but have found a way to use the firewall to launch denial-of-service attacks against specific Internet Protocol addresses in the country.

The Cambridge research group tested the firewall by firing data packets containing the word "Falun" at it, a reference to the Falun Gong religious group, which is banned in China.

"The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."

The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a "sensitive" keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time.

Even though this technique would block communication between only two particular points on the Internet, the researchers calculated that a lone attacker using a single dial-up connection could still generate a "reasonably effective" denial-of-service attack.

If some group would release a tool similar to Lycos' "Make Love Not Spam" project, a few thousands of users could effectively disconnect China from the rest of the world.

Browse all articles« Previous « » Next »