- Researchers have identified vulnerabilities in China’s Great Firewall
- The firewall tries to block quic connections
- Blocking attempts leave the exposed state
The updates to the Great Firewall (GFW) of China have not gone as planned, and the “critical defect” resulting reduces the effectiveness of the firewall in the moderation of traffic charges, according to researchers. China’s attempts to censor a specific type of Internet traffic in the country have left the State at risk and vulnerable to attack;
‘Us [..] Show that this censorship mechanism can be armed to block UDP traffic between arbitrary hosts in China and the rest of the world. We collaborate with several open source communities to integrate eludance strategies in Mozilla Firefox, the Quic-G Library and all the main choice tools based on the quic ‘.
The document was written by researchers from the Great Firewall Report activist group, as well as Stanford University, the University of Massachusetts Amherst and the University of Colorado Boulder, and it is titled “Expose and avoid the censorship of Quic based in SNI of the Great Chinese Firewall.”
Internet censorship
Vulnerabilities come from China’s attempts to block the UDP rapid internet connections (quic): a transport layer network protocol designed to replace the transmission control protocol (TCP) due to its safety, flexibility and less performance problems.
Quic was invented by Google workers in 2012, and at least 10% of the sites use the protocol, with many Google and Meta sites. Both organizations are blocked by the GFW, so the blocking of the Quic connections seems to be an extension of this, although the researchers point out that not all quic traffic is successfully blocked.
The mechanism used to block Quic connections is vulnerable to attacks that could block all open DNS or root resolutions outside China from access from within the state, resulting in generalized DNS failures;
“Defending against this attack while censoring is difficult due to nature without a state and the ease of falsification of UDP packages,” explains the newspaper. “Careful engineering will be needed to allow censors to apply the specific blocks in the quic, while avoiding attacks of availability simultaneously.”
Through; The registration
