14 DAY TRIAL // The Great Firewall of China is the backbone online tool for the Chinese Government in their nucleus of censorship on the Internet. Using Cisco supplied routers, the firewall inspects web traffic for particular words on packet level events referencing political ideology, social believes, unacceptable groups and so on, labeling them as unauthorized and censoring the respective web pages.
But the keyword detection is actually done in subsidiary machines and not in the large routers of the network. The process involves letting the packet containing the unauthorized keyword pass through the main router, and have the subsidiary machines generate series of Transmission Control Protocol reset packets sent to either end of the connection. The commands focus on the end-points and translate as requests to close down the connection, therefore censoring the web page.
The Cambridge computer experts have however designed a way to circumvent the firewall rules by means of ignoring resets. "The machines in China allow data packets in and out, but send a burst of resets to shut connections if they spot particular keywords," explained Richard Clayton of the University of Cambridge computer laboratory. "If you drop all the reset packets at both ends of the connection, which is relatively trivial to do, the Web page is transferred just fine."
The intrusion detection system, using a stateless server to examine the data packets entering and exiting of the firewall, can be triggered to block access between source and destination addresses by forging source addresses with packets containing unauthorized keywords. When used on identified machines, an attacker could exploit this to execute Denial of Service attacks.