Toppling the Great Wall

 
 
By Lisa Vaas  |  Posted 2007-09-12 Email Print this article Print
 
 
 
 
 
 
 


of China"> For example, a Wikipedia article about a state in Western Germany, when translated into Chinese characters, uses some characters common also to the phrase "Falun Gong." Crandall could only speculate as to why other phrases appear to be blacklisted, however.

"A friend of mine from China said they dont just block stuff they consider harmful to the government," he said. "They block stuff considered … bad. That takes out most Web pages about World War II history."

China is not alone in blocking Internet traffic. Canada and England block child pornography; Germany blocks Nazi-related material.
China is alone in conducting keyword filtering at this sophisticated level, however, Crandall said. While Iran conducts a simpler form of keyword filtering using Web proxy filtering, Chinas technique allows its routers to probe deep into each individual page and avoids the blocking of entire sites. This is a more blunt approach, Crandall said. For example, the word "massacre" appears on Chinas blacklist, which means any page that contains the word is off-limits. But while Chinas keyword filtering techniques result in what is likely inadvertent blockage, from a censors point of view, its an elegant approach. The problem with blacklisting IP addresses, for example, is that someone can just mirror the content onto a different IP address, Barr said. While Web proxying can deal with that evasion, this approach has scalability problems. Proxies force censors to run every piece of content over their systems, not only sucking up resources but creating a single point of failure. "Its very expensive to build proper capacity," Barr said.
At any rate, proxies are in practice protocol-specific. They thus can be bypassed by users who agree to communicate on another port or to slightly modify the protocol. The GFC is not only a more elegant approach thats harder to evade, its also more interesting to researchers in the information it surrenders. Namely, Chinas firewall tells researchers what its up to in the form of its reset packets, and monitoring them can be done entirely from outside of the country. "You can do probing from entirely outside China because of the way keyword filtering works," Crandall said. "We realized from outside China that we could 1) find out how many hops into China and where the routers are doing the filtering. We can modulate packets a certain way and look at packets that come back and know how many hops there were before it got to the router that did the resets. Also we can test words on the blacklist by sending a keyword, and if the reset comes back, you know its blocked." The researchers plan to get better measurement of Internet topography to figure out where keyword filtering is being done, and to use other source points—besides UC-Davis—from which to measure to refine their findings. China may now be using more sophisticated techniques still, such as IP tunneling. A better Internet topography could help the researchers determine whether thats the case. At this point, using a single source is hampering the researchers as they try to figure out whos doing the blocking. What they do know is that Chinas largest ISP, ChinaNET, performed 83.3 percent of all filtering of their probes. They also know that 99.1 percent of all filtering occurred at the first hop past the Chinese border, that filtering occurred beyond the third hop for 11.8 percent of their probes, and that there were sometimes as many as 13 hops past the border before a filtering router was encountered. What they do know: Other countries that engage in censorship are looking to copy Chinas techniques. The researchers plan to present their work at the Association for Computing Machinery Computer and Communications Security Conference in Alexandria, Va., Oct. 29 - Nov. 2. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.


 
 
 
 
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel