Computer experts at the University of Cambridge have announced that they have breached the protective structure of China’s national firewall and discovered a method to use this firewall to conduct Denial of Service (DoS) attacks.
According to the experts, the firewall utilizes Cisco routers with the primary task of blocking certain keywords, mainly related to sex and subversive thoughts.
The research team from the University of Cambridge tested this firewall by transmitting data packets containing “sensitive” keywords. They discovered that it is entirely possible to bypass the intrusion detection mechanism of the firewall if the mandatory Transmission Control Protocol (TCP) reset packet inserted by the router is ignored. Normally, this reset mechanism forces endpoints to terminate connections when violations are detected.
“The current control system in China allows data packets to enter and exit but sends back resets to close connections if certain keywords are detected,” explained Richard Clayton, head of the computer research department at Cambridge University. “If you ignore all these reset packets at the connection endpoints, the blocked website can still be accessed normally.”
According to Clayton, this means that the Chinese firewall could be exploited to initiate DoS attacks against specific addresses within the country, including government websites.
If an attacker identifies the computers used by Chinese government offices, they could block access to Windows Update or prevent Chinese embassies abroad from accessing domestic websites.
Clayton estimates that a single attacker could use a dial-up connection to create very effective DoS attack effects. The findings of the research team have been reported to the Chinese government’s Computer Emergency Response Team (CERT) to seek remedial measures.
