Few hours later, the Beijing Olympic Games will begin. For the topic, this post is not to talk about package delivery by UPS or FedEx for Olympics. I’m always focusing on network packets, this time, with Beijing Olympic.
As led by communist party, China is famous by the clampdown. The monitoring and controlling for the communications moved from phone line to Internet for quite a few years. An unknown wise create a term “Great Firewall” to describe the technology and behaviors of China government to control and monitor the people speech and media publishing over Internet.
What is the Great Firewall (GFW)? The description on Wikipedia is not exactly. On the Wikipedia, The GFW is mixed up with Golden Shield Project in China which is a public internet security project announced led by Public Security Agency. Actually the GFW is managed by another independent department directly reports to central government which covers Internet Virus/Worm detection and censorship of the text, pictures and video on internet.
What GFW does? In simple, if you travel to China and try to browse some international Web sites with sensitive content, the GFW will actively block your traffic. What is sensitive? It can be vary, anti-government reports, rumors of political leaders, sex taps and etc. What really interesting is, the Google becomes the most victim beside the Chinese people. Many sensitive keywords searching from China will immediately cause Google to be blocked for few minutes. That is one of the major reasons for Google failed, or let’s say not so successful, in China when competing with local searching providers.
How GFW implemented? From a trusted source, the GFW already scales up to more than 100,000 computers. Those computers work in parallel to analyze the Internet traffic leaving China. The censorship analysis focus on Web, Email and now moving to Video monitoring as many people reported YouTube (Google again) become unavailable in many locations in China. The mechanism behinds the blocking actually is sending manipulated TCP RST to victim IP to interrupt the connection. The mechanism is working just as IDS, so the GFW technically should be called Great IDS/GIDS. In a recent technical analysis for GFW, it is believed, more techniques are adopted by GFW includes DNS fraud and/or manually updating ACLs(access control lists) in Internet border routers.
The architecture of the GFW is reported consist of many Cisco/Juniper special designed monitoring equipments to forward traffics and Server computers running AMD/Intel CPUs to parse the packet payload inside of the traffic. Yes, quite a few US vendors involved into this infrastructure. States always provide weapons to help tyrants and then claim to protect the rights of the victims after years.
The Beijing Olympic Games changes a lot on the censorship policy on GFW. The China government was reported commit to unblock most traffic during the Olympic Games. During the Olympics Games, maybe it is another Internet surfing game for Chinese people to know the world changes during this time window. This change are mainly triggered by numerous complains by international travelers to China recently for Olympics, besides donate to quake-afflicted people and adoption of the Chinese orphans, maybe complains will help the Chinese people to get a better life too.