Security

China’s Firewall Breached

Researchers from the University of Cambridge computer laboratory have announced that they were able to successfully bypass the restrictions of China’s firewall, and found a DOS vector at the same time.

Richard Clayton , (UC computer lab) explained that when a keyword is found in a packet. the routers let the traffic through, but send resets to both sides of the connection. Ignoring those injected reset packets at both ends is trivial and renders the firewall completely ineffective.

On the other side of the coin, since the firewall uses stateless packet inspection to search for keywords, a forged packet containing one of these keywords, with a source and destination IP belonging to say, a Chinese goevernment website and a Chinese embassy somewhere, would effectively cut off all communication between those two endpoints for up to an hour. Unless, of course, they are also bypassing the firewall and (by doing so) the restrictions placed by the government they represent.