1. Forum
  2. MicroNet
  3. MIN DEBATE

  • China tried to upgrade th

    From Mike Powell@618:250/1 to All on Tue Aug 5 09:08:58 2025
    China tried to upgrade the Great Firewall but may have left it vulnerable to attack

    Date:
    Mon, 04 Aug 2025 15:59:00 +0000

    Description:
    Flawed traffic censoring attempts have exposed the Firewall.

    FULL STORY

    Upgrades to Chinas Great Firewall (GFW) have not gone as planned, and the resulting critical flaw reduces the effectiveness of the firewall in
    moderating traffic loads, researchers have found. Attempts by China to censor
    a specific type of internet traffic in the country have left the state at
    risk and vulnerable to attack;

    We [..] demonstrate that this censorship mechanism can be weaponized to block UDP traffic between arbitrary hosts in China and the rest of the world. We collaborate with various open-source communities to integrate circumvention strategies into Mozilla Firefox, the quic-go library, and all major
    QUIC-based circumvention tools.

    The paper was written by researchers from activist group Great Firewall Report, as well as Stanford University, University of Massachusetts Amherst, and the University of Colorado Boulder - and is titled Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of China.

    Internet censorship

    The vulnerabilities stem from Chinas attempts to block Quick UDP Internet Connections (QUIC) - a transport layer network protocol that is designed to replace Transmission Control Protocol (TCP) because of its built in security, flexibility, and fewer performance issues.

    QUIC was invented by workers at Google back in 2012, and at least 10% of
    sites use the protocol - with many Google and Meta sites included. Both of these organizations are blocked by the GFW, so blocking QUIC connections
    seems to be an extension of this, although researchers note that not all QUIC traffic is blocked successfully.

    The mechanism used to block QUIC connections is vulnerable to attacks that could block all open or root DNS resolvers outside of China from access from within the state, resulting in widespread DNS failures;

    Defending against this attack while still censoring is difficult due to the stateless nature and ease of spoofing UDP packets, the paper explains.
    Careful engineering will be needed to allow censors to apply targeted blocks
    in QUIC, while simultaneously preventing availability attacks.

    Via; The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/china-tried-to-upgrade-the-great-firewa ll-but-may-have-left-it-vulnerable-to-attack

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)