1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • China tried to upgrade the Great Firewall but may have left it vu

    From TechnologyDaily@1337:1/100 to All on Mon Aug 4 17:00:07 2025
    China tried to upgrade the Great Firewall but may have left it vulnerable to attack

    Date:
    Mon, 04 Aug 2025 15:59:00 +0000

    Description:
    Flawed traffic censoring attempts have exposed the Firewall.

    FULL STORY ======================================================================Research ers have identified vulnerabilities in China's Great Firewall The firewall attempts to block QUIC connections Blocking attempts leave the state exposed

    Upgrades to Chinas Great Firewall (GFW) have not gone as planned, and the resulting critical flaw reduces the effectiveness of the firewall in moderating traffic loads, researchers have found. Attempts by China to censor a specific type of internet traffic in the country have left the state at
    risk and vulnerable to attack;

    We [..] demonstrate that this censorship mechanism can be weaponized to block UDP traffic between arbitrary hosts in China and the rest of the world. We collaborate with various open-source communities to integrate circumvention strategies into Mozilla Firefox, the quic-go library, and all major
    QUIC-based circumvention tools.

    The paper was written by researchers from activist group Great Firewall Report, as well as Stanford University, University of Massachusetts Amherst, and the University of Colorado Boulder - and is titled Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of China. Internet censorship

    The vulnerabilities stem from Chinas attempts to block Quick UDP Internet Connections (QUIC) - a transport layer network protocol that is designed to replace Transmission Control Protocol (TCP) because of its built in security, flexibility, and fewer performance issues.

    QUIC was invented by workers at Google back in 2012, and at least 10% of
    sites use the protocol - with many Google and Meta sites included. Both of these organizations are blocked by the GFW, so blocking QUIC connections
    seems to be an extension of this, although researchers note that not all QUIC traffic is blocked successfully.

    The mechanism used to block QUIC connections is vulnerable to attacks that could block all open or root DNS resolvers outside of China from access from within the state, resulting in widespread DNS failures;

    Defending against this attack while still censoring is difficult due to the stateless nature and ease of spoofing UDP packets, the paper explains.
    Careful engineering will be needed to allow censors to apply targeted blocks in QUIC, while simultaneously preventing availability attacks.

    Via; The Register You might also like Take a look at our picks for the best firewall software around Check out our choice for best endpoint protection software to keep you safe US government wants to ban Chinese technology in submarine cables



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/china-tried-to-upgrade-the-great-firewa ll-but-may-have-left-it-vulnerable-to-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)