Ignoring the Great Firewall of China

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


The so-called “Great Firewall of China” operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST flag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the firewall unscathed, if the endpoints completely ignore the firewall’s resets, then the connection will proceed unhindered. Once one connection has been blocked, the firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.


Transmission Control Protocol Intrusion Detection System Port Number Child Pornography Domain Name System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellovin, S.: Defending Against Sequence Number Attacks. RFC1948, IETF (May 1996)Google Scholar
  2. 2.
    Carter, E.: Secure Intrusion Detection Systems. Cisco Press (2001)Google Scholar
  3. 3.
    Clayton, R.: Failures in a Hybrid Content Blocking System. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Clayton, R.: Anonymity and Traceability in Cyberspace. Tech Report UCAM-CL-TR-653, Computer Laboratory, University of Cambridge (2005)Google Scholar
  5. 5.
    Dornseif, M.: Government mandated blocking of foreign Web content. In: von Knop, J., Haverkamp, W., Jessen, E. (eds.) Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf 2003. Lecture Notes in Informatics, pp. 617–648 (2003)Google Scholar
  6. 6.
    Edelman, B.: Web Sites Sharing IP Addresses: Prevalence and Significance. Berkman Center for Internet and Society (February 2003),
  7. 7.
    King Abdulaziz City for Science and Technology: Local content filtering Procedure. Internet Services Unit, KACST (2004),
  8. 8.
    The OpenNet Initiative: Probing Chinese search engine filtering. Bulletin 005 (August 2004),
  9. 9.
    The OpenNet Initiative: Internet Filtering in China in 2004–2005: A Country Study (June 2004),
  10. 10.
    The OpenNet Initiative: Internet Filtering in Burma in 2005: A Country Study (October 2004),
  11. 11.
    Postel, J. (ed.): Transmission Control Protocol: DARPA Internet Program Protocol Specification. RFC 793, IETF (1981)Google Scholar
  12. 12.
    Norge, T.: Telenor and KRIPOS introduce Internet child pornography filter. Telenor Press Release (September 21, 2004),
  13. 13.
    US District Court for the Eastern District of Pennsylvania: CDT, ACLU, Plantagenet Inc. v Pappert, 337 F.Supp.2d 606 (September 10, 2004)Google Scholar
  14. 14.
    Villeneuve, N.: Censorship Is In the Router (June 3, 2005),
  15. 15.
    Watson, P.: Slipping in the Window: TCP Reset Attacks. CanSecWest/core04 (2004)Google Scholar
  16. 16.
    Watson, R.: 20060607-tcp-ttl.diff (June 2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Computer Laboratory, William Gates BuildingUniversity of CambridgeCambridgeUnited Kingdom

Personalised recommendations