NiftyHost Forums (Archive)TechnologyElectronics v
[split] Chinese firewall

[split] Chinese firewall
10-27-2010, 12:25 PM, (This post was last modified: 10-27-2010, 12:29 PM by RichardGv.)
#6
RichardGv Offline
Supermod, to the rescue!
******
 		Posts: 169
Threads: 6
Joined: Jun 2010
Reputation: 10
RE: Web block confuse
(10-27-2010, 01:39 AM)Vanilla Wrote: But you paid for the VPN, right?

The West Chamber project is quite interesting, how exactly does work?

- A third thing is, that this is probably getting a bit off-topic, and perhaps should be split into another thread?

Huh, yeah, this is off-topic, but I have no permissions to split them to another thread (or I did not find the correct button?).
@Moderator/Admin Please split all replies since post #7 to a new thread. Thanks.

Yes, I payed for the VPN. $20 per year, it costs.

The mechanism of West Chamber is rather complicated and technical. I would try to explain it with my limited knowledge. Sorry if there's something wrong in my explanation.
The project is formed by 3 components: zhang, cui, and another component to look for corrupted DNS responses.
The zhang/cui component is primarily used to deal with TCP reset packets sent by Great Firewall. (zhang and cui are both names of chacters in Romance of the West Chamber, a novel from which the name of the project came.)
This is how Great Firewall detects and interrupts connections with TCP reset packets, firstly:
[Image: original_s2c.png]
[Image: original_c2s.png]
(Ignore the Chinese titles, please. Source of these graphs: https://twitter.com/gfwrev )
This is how "zhang" part works:
[Image: original_zhang.png]
  1. The client (Bob) sends a SYN segment to the server (Alice), Alice returns a SYN packet, as what normally would happen.
  2. West-chamber injects a RST packet on Bob's side with wrong sequence number (?), letting the firewall (Mallory) believe the connection from Bob to Alice is closed. (The firewall does not record the old TCP sequence numbers due to performance considerations, so it cannot detect whether a TCP packet is valid or not, while Bob and Alice can.)
  3. West-chamber (on Bob's side, of course) sends Alice a ACK segment with wrong acknowledgement number. According to TCP standard, Alice returns a RST segment. When Mallory discovers the RST segment, he thinks the connection is already closed, and stop monitoring the traffic between Bob and Alice, but in fact it's not closed.
  4. Bob then finishes the 3-way-handshake and continues to talk with Alice, without Mallory interrupting.
"cui" works in a similar way.
The DNS component detects fake DNS responses returned from the firewall with some sort of predefined fingerprints and discard them.
The explainations is mostly translated from a Chinese article: http://blog.youxu.info/2010/03/14/west-chamber/
Gentoo Linux User (w/ fvwm) / Loyal Firefox User / Owner of a Stupid Old Computer - My PGP Public Key

No man is an island, entire of itself; every man is a piece of the continent, a part of the main; if a clod be washed away by the sea, Europe is the less, as well as if a promontory were, as well as if a manor of thy friends or of thine own were; any man's death diminishes me, because I am involved in mankind; and therefore never send to know for whom the bell tolls; it tolls for thee.
-- Devotions Upon Emergent Occasions (1624), John Donn
Find
Reply


Messages In This Thread
[split] Chinese firewall - by Vanilla - 10-27-2010, 12:21 AM
RE: [split] Chinese firewall - by Vanilla - 10-27-2010, 04:38 PM
RE: [split] Chinese firewall - by karthikcric - 10-27-2010, 07:56 PM
RE: [split] Chinese firewall - by RichardGv - 10-27-2010, 08:26 PM
RE: [split] Chinese firewall - by HiddenKnowledge - 10-27-2010, 10:17 PM
RE: [split] Chinese firewall - by RichardGv - 10-27-2010, 11:25 PM
RE: Web block confuse - by RichardGv - 10-27-2010, 01:20 AM
RE: Web block confuse - by Vanilla - 10-27-2010, 01:26 AM
RE: Web block confuse - by RichardGv - 10-27-2010, 01:34 AM
RE: Web block confuse - by Vanilla - 10-27-2010, 01:39 AM
RE: Web block confuse - by RichardGv - 10-27-2010, 12:25 PM

Forum Jump:


Lite (Archive) Mode | RSS Syndication |