- Researchers have identified vulnerabilities in the large Chinese firewall
- The firewall tries to block the connections of the Quic
- Blocking attempts leave the statement exposed
The upgrades to the large Chinese firewall (GFW) did not go as expected, and the resulting “critical fault” reduces the efficiency of the firewall in the moderation of traffic loads, researchers revealed. China’s attempts to censor a specific type of internet traffic in the country have left the state in danger and vulnerable to attacks;
‘We [..] Prove that this censorship mechanism can be armed to block UDP traffic between arbitrary hosts in China and the rest of the world. We collaborate with various open source communities to integrate bypass strategies in Mozilla Firefox, the Quic-Go library and all the main bypass tools based on Quic.
The document was written by researchers from the group of activists Great Firewall Report, as well as the University of Stanford, the University of Massachusetts Amherst and the University of Colorado Boulder – and is entitled “ Exhibition and bypass of the censorship of Quic Snic based in Snit of China ”.
Internet censorship
Vulnerabilities arise from Chinese attempts to block fast UDP Internet connections (Quic) – a transport layer network protocol designed to replace the transmission control protocol (TCP) because of its integrated safety, flexibility and integrated performance problems.
Quic was invented by Google workers in 2012, and at least 10% of sites use the protocol – with many Google and Meta sites included. These two organizations are blocked by the GFW, so blocking the connections of anyone seems to be an extension of this, although the researchers note that all the traffic in Quic is not successfully blocked.
The mechanism used to block the connections of the Quic is vulnerable to attacks which could block all open or root DNS resolvers outside of China from access to the interior of the State, resulting in generalized DNS failures;
“Defense against this censorship attack is difficult due to stateless nature and the ease of usurpation of UDP packets,” said the newspaper. “Careful engineering will be necessary to allow censors to apply targeted blocks in the Quic, while simultaneously preventing availability attacks.”
Via; The register
