[liberationtech] Images of Blocking in Different Countries?
Philipp Winter
identity.function at gmail.com
Wed Aug 15 13:44:23 PDT 2012
On Thu, Aug 16, 2012 at 03:04:04AM +0800, Eric S Johnson wrote:
> Yes—they stopped doin packet inspection in about 2008, near as I can tell.
>
>
> From: Steve Weis [mailto:steveweis at gmail.com]
> Sent: Thursday, 16 August 2012 00:56
> To: Eric S Johnson
> Cc: Stanford tech list
> Subject: Re: [liberationtech] Images of Blocking in Different Countries?
>
>
>
> This paper "Ignoring the Great Firewall of China" is a few years old, but at
> the time China was inspecting TCP packets for verboten keywords:
>
> http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf
>
> The blocking was easy to circumvent. The researchers were able to just ignore
> TCP reset packets and the connections proceeded unhindered. They also were able
> to conduct a denial of service attack against IP addresses in China by spoofing
> packets with forbidden content, which would trigger spurious connection resets.
>
>
>
> This was 6 years ago, so I'm sure the game has changed somewhat.
Eric, that's interesting, could you elaborate on that?
According to my own experience, deep packet inspection in China is still used
for several different purposes. A study from 2011 [1] was looking at where the
filtering occurs. They used the keyword "falun" within HTTP GET requests in
order to trigger filtering. Besides HTTP, deep packet inspection seems to be
used for DNS [2], as you pointed out, and also to block the Tor network.
After all, I believe that the main results of "Ignoring the Great Firewall of
China" are, aside from a couple of details of course, still valid.
Philipp
[1] http://www.eecs.umich.edu/~zmao/Papers/china-censorship-pam11.pdf
[2] http://conferences.sigcomm.org/sigcomm/2012/paper/ccr-paper266.pdf
More information about the liberationtech
mailing list