GFW FAQ

Abstract

The Great FireWall (GFW) is the most sophisticated, widely-felt Internet censorship system in the world. The inner working of the GFW remains elusive, even while many researchers the world over (including Chinese Internet professionals) try to unveil how it works, what has been blocked, and how to bypass it.

This FAQ tries to answer some common questions by analyzing information collected from the Internet and through the FAQ author's own experiments. The GFW is fighting an arms race with censorship circumvention tools, so the environment and means to cirumvent the blocking are in contact flux. The answer to some questions could change, and new FAQ will be added in response to these environment changes and to reader feedback.

We need your contributions to this FAQ! Please submit your questions to: hikinggfw@hikinggfw.org.

What is the GFW (Great Firewall of China)?

GFW is the most important component of Chinese Internet censorship system, and it is thought to be the most sophisticated Internet censorship system in the world. The censors of the GFW are deployed at the international gateways of all Chinese domestic Internet Service Providers(ISPs), where they inspect the information flowing in and out of China. The GFW uses a variety of technologies to block or interfere with the Internet communications between Chinese users and the outside, such as IP address blocking, Domain Name System(DNS) injection, and TCP connection reset.

Who built the GFW?

The GFW was built by the National Computer network Emergency Response technical Team Coordination Center of China (CNCERT or CNCERT/CC), also known as the National Computer Security Management Center in China, administered by the Ministry of Industry and Information Technology (MIIT) of PRC.[1]

Professor Binxing Fang, the previous director of CNCERT/CC, known as the father of the GFW, is the chief designer of the GFW and is current the president of Beijing University of Posts and Telecommunications. Although many of China’s top universities and research institutes have contributed to the building of the GFW, most of GFW’s contributors and technologies, especially during its inception, came from Harbin Institute of Technology (HIT) and the Institute of Computing Technology of Chinese Academy of Sciences (ICT).

Who manages the GFW?

The GFW has always been operated by CNCERT/CC, controlled by MIIT, and is supported by many top universities, research institutes, and IT companies.

What is the Golden Shield Project (GSP)?

The Golden Shield Project is a nation-wide communication infrastructure and computer application systems, used by policemen all over China[2]. It was built and operated by the Ministry of Public Security (MPS) of China.

What is the relationship between the GFW and the GSP?

Part of GSP is related to censoring domestic networks and websites, however, there is no evidence to show that the GFW is directly linked to GSP. They are two different plans, built and operated by to two different departments: GSP by MPS and GFW by MIIT.

Where is GFW?

Most of the censors or filtering devices are located near the international gateways of Chinese ISPs (Such as ChinaNet, UniCom and CERNET), and some filtering is done at the border of provincial networks[3][4].

What technologies does the GFW use to censor Internet?

The GFW works like a nationwide Network Intrusion Detection and Protection System(NIDS/NIPS). Over more than a decade of development, a variety of technologies have been developed to censor the Internet. As of early 2013, these are the specific technologies the GFW employs:

a) IP address blocking

According to a paper by the designers of GFW[5], all the international gateways(routers) of all Chinese ISPs are configured with a blacklist of IP addresses. When users access these blacklisted addresses, the packets will be routed to a black hole server. The server could drop these packets, or analyze the traffic for statistical purposes.

b) DNS Injection

DNS is used to translate the name of a website into the corresponding IP address. The GFW maintains a blacklist of domain names and inspects any DNS queries from (and to) China. When it detects a query asking for a blacklisted domain name, it injects one or more forged DNS responses, spoofing the target address of the target DNS server. The host who launches the query will accept the forged answer (it arrives much earlier than the legitimate one), which includes either an invalid IP address, no address or an address controlled by GFW. For more details, see "The Great DNS Wall of China"[6].

c) TCP Reset

TCP is the network protocol most network applications use, such as Web (HTTP) and Email(SMTP). TCP Reset is one of the mechanisms to terminate a TCP connection. The GFW maintains a connection state for any TCP connections by inspecting the packets going through its censors (near international gateways of Chinese ISPs). When GFW sees a blacklisted keyword in the information flow, it injects a series of packets (with TCP reset flags) to both the client and server of this connection. For more detailed information, see "Ignoring the Great Firewall of China"[7].

d) Others

During the arms race with censorship circumvention tools, the GFW has developed more advanced technologies to block encrypted communications. Most free circumvention tools (such as FreeGate, Ultrasurf and Psiphon) rely on proxies outside China and encrypted tunnels. The researchers of the GFW constantly analyze the code or protocols of these tools and often able to block the tool's associated proxies or servers. In response, these tools have to replace proxies constantly in order to compete.

Tor, although designed as an anonymous communication tool, was once used by some Chinese netizens. Unlike other encrypted proxies, the set of nodes in Tor network is dynamically changed. However, the centralized directory server by which users get the list of proxy nodes is the fatal flaw in Tor's system. After the GFW blocked the IP address of the Tor directory in 2008, Tor lost most of its users in China.

The GFW also developed technologies to swiftly identify the use of encrypted protocols, such as TLS/SSL, SSH and VPN. Therefore, Gmail, Tor and OpenVPN are frequently interrupted by the GFW. Many Chinese users reported their connection issues with Gmail after making the switch to the HTTPS/TLS connections. The GFW can find the hidden servers (such as Tor bridges) by fingerprinting the encrypted protocols, and blocking them dynamically[8]. Following November 2012, when the communist Party of China convened their 18th congress, many Chinese users reported that their OpenVPN and SSH servers were blocked.

If you have more questions about the GFW, please contact us by email: hikinggfw@gmail.com, or follow us on Google plus

References

[1] History of GFW, Available: http://fangbinxing.appspot.com/

[2] "Golden Shield Project" china.com.cn. http://www.china.com.cn/chinese/zhuanti/283732.htm

[3] J. R. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East, “Conceptdoppler: A weather tracker for internet censorship,” 14th ACM Conference on Computer and Communications Security, pp. 1–4, 2007.

[4] X. Xu, Z. Mao, and J. Halderman, “Internet censorship in china: where does the filtering occur?,” Passive and Active Measurement, pp. 133–142, 2011.

[5] G. Liu, X. Yun, B. FANG, and M. Hu, “A control method for large-scale network based on routing diffusion,” Journal of China Institute of, p. 10, 2003.

[6] G. Lowe, P. Winters, and M. L. Marcus, “The Great DNS Wall of China,” pp. 1–7, Dec. 2007.

[7] R. Clayton, S. Murdoch, and R. Watson, “Ignoring the great firewall of china,” presented at the Privacy Enhancing Technologies, 2006, pp. 20–35.

[8] P. Winter and S. Lindskog, “How the Great Firewall of China is Blocking Tor,” Free and Open Communications on the Internet, Bellevue, WA, USA, 2012.

Abstract

What is the GFW(Great Firewall of China)?

Who build GFW?

Who is operating the GFW?

What is the Golden Shield Project(GSP)?

Where is the GFW?

What technologies are used by the GFW to censor Internet?

    IP Blocking

    DNS Injection

    TCP RESET

    Others

References