Academics Break the Great Firewall of China

Abstract

Researchers at the University of Cambridge have discovered a way to circumvent the firewall operated by the Chinese government and also to use it to launch denial-of-service attacks. Chinese authorities implemented the firewall to try to prevent computer users in the country from accessing any information deemed inflammatory by the government. According to Richard Clayton of the university's computer lab, the firewall allows packets in and out of the country, but, when a packet contains prohibited information, the firewall initiates a reset, which causes the connection between the sending and receiving computers to fail. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do," said Clayton, "the Web page is transferred just fine." At the same time, spoofed return addresses for Internet transmissions will cause the firewall to temporarily block traffic to and from those computers. Clayton noted that even with a single dial-up connection, a hacker could create a very disruptive attack. The researchers have reported their findings to the Chinese Computer Emergency Response Team.