1 / 22

GFW The Great Firewall of China

GFW The Great Firewall of China. Ruiwei Bu CSC 540. What?. Part of China’s “Golden Shield” Project A huge firewall that covers mainland China Focusing on Internet Security, Control and CENSORSHIP Name from The Great Firewall of China by Charles R. Smith, May 2012 Started in 1998

cooper
Download Presentation

GFW The Great Firewall of China

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GFWThe Great Firewall of China • Ruiwei Bu • CSC 540

  2. What? • Part of China’s “Golden Shield” Project • A huge firewall that covers mainland China • Focusing on Internet Security, Control and CENSORSHIP • Name from The Great Firewall of China by Charles R. Smith, May 2012 • Started in 1998 • Famous for the block of Twitter, Facebook, Google and so on

  3. Who? • The Chinese Government • Binxing Fang - Father of the GFW • Xiong Gang, Meng Jiao, Cao Zi-gang, Wang Yong, Guo Li, Fang Binxing, Research Progress and Prospects of Network Traffic Classification. Journal of Integration Technology, Vol 1, May, 2012. • Hardware: CISCO and others • Software: Companies and Top University research labs

  4. Where? • Major Devices: ISP backbone and International Gateway • Physical Location: Unclear, deployed allover China • Mongol.py

  5. Target • UGC (User Generated Content), such as Twitter, Facebook, ... • Information related to Chinese Government and Politics, such as Tibetan issue • Opinions that go against the government • Cults, such as Falun Gong • Nation Security • “Random” Websites, such as Github, SourceForge, Python’s Official Website

  6. An Interesting Fact • Top UGC websites maybe blocked, such as Twitter, Facebook and Youtube • There are clones in China for all blocked UGC sites. • Twitter - Sina Weibo, Fanfou, ... • Facebook - Renren, ... • Youtube - Tudou, Youku, ... • Seems no-one cares about not-so-famous ones, such as Path

  7. Typical Route

  8. Abilities • IP Blocking • DNS Injection and Pollution • URL Filtering • Content Filtering and Censorship • Network Traffic Analysis • Interfere Secure Connections • Record user activities • Network Security

  9. IP and URL Blocking • Most Simple Method

  10. DNS Injection and Pollution • /etc/hosts • Change DNS server, such as 8.8.8.8 or OpenDNS

  11. But... • Still can be polluted even use DNS outside of the GFW • DNS attacks returns RST packet before the DNS server returns the address • And the result is “Connection Reset” • Can harm the entire Internet • Anonymous: The collateral damage of internet censorship by DNS injection. CCR July 2012.

  12. URL/Content Filtering • Can be triggered by any potential keyword in a unknown blacklist. Especially when searching with Google. • Usually blocks you 10-30 minutes

  13. URL/Content Filtering • The name of the formal Chinese president is Hu Jintao (胡锦涛), but when you search carrot (胡萝卜) in Google in mainland China....

  14. Others • SSL Certificate Filtering and Faking • Github’s certificate was replaced by a self-signed certificate in Spring 2013 • Fake Tor Nodes and obfs bridge probe and block • https://blog.torproject.org/blog/tor-partially-blocked-china • ...

  15. Solutions? • Host Modification • Proxy • VPN

  16. Host Modification • /etc/hosts • %SystemRoot%/System32/drivers/etc/hosts • Most simple but not always work • Can block IP directly

  17. Proxy • Tunnel Proxy • Forward Proxy • Reverse Proxy • Open Proxy

  18. Online Proxies • Websites, so easy to use • Not safe and secure at all • Can be detected

  19. Proxy Softwares • Freegate, Wujie • Who’s the funder? • Tor project • Onion Network • .onion pseudo top-level domain • crimes - Silk Road and so on • GoAgent (Google App Engine as Proxy) • Maybe unsafe and unsecure

  20. Tunnel Proxies • Usually deployed on private servers, such as VPS and GAE • Private and Safe, under full control by yourself • Requires advanced networking skills • SSH (Secure Shell) Tunnel and Port Forwarding, 80, 443! • VPS servers or IP segments maybe blocked • Network Traffic Analysis

  21. VPN • PPTP (Point-to-Point Protocol) • L2TP (Layer Two Tunneling Protocol) • More secure • OpenVPN • Maybe the best on desktop?

  22. A Simple Proxy Server • Demo Time!

More Related