How the Great Firewall discovers hidden circumvention servers [32c3]

Publicado el 27 dic. 2015

How the Great Firewall discovers hidden circumvention servers

Several years ago, the Great Firewall of China was silently upgraded to find and block circumvention servers that employ encryption to defeat deep packet inspection. The system is now used to block protocols such as Tor, SoftEther, and SSH. In this talk, we will give an overview of how this system works, and how it can be circumvented.

The GFW’s reactive probing system scans egress network traffic for circumvention protocol signatures, and then launches short-lived probes to verify if the suspected server is, in fact, speaking the circumvention protocol. If that is the case, the GFW adds the IP address and port of the server to a country-wide blacklist, preventing people in China from connecting to it. We recently finished a multi-month research project in which we looked at the system from different angles to answer several open questions. In particular, we will talk about:

➤Speaker: Philipp Winter
➤EventID: 7196
➤Event: 32th Chaos Communication Congress [32c3] of the Chaos Computer Club [CCC]
➤Location: Congress Centrum Hamburg (CCH); Am Dammtor; Marseiller Straße; 20355 Hamburg; Germany
➤Language: english
➤Begin: Sun, 12/27/2015 17:15:00 +01:00
➤License: CC-by

Help us caption & translate this video!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s