Great Firewall & Great cannon

The Great Firewall &The Great Cannon

1

Ivan Ortega@ivanortegaalba

Slides:http://es.slideshare.net/IvanOrtega14

1

The Great Firewall

2

China and their censure policy

Until now China has been using its system:

Great Firewalla part of

Golden Shield Project

3

Great Firewall

30.000 - 50.000 police agents involved.

800.000.000 $ invested

8 years

All this to censor the Internet as we know it

4

How do Great Firewall block sites?

5

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

6

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

7

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

3. The Great Firewall analyse the URL to find word forbidden

8

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

3. The Great Firewall analyse the URL to find word forbidden

4. The Great Firewall search text forbidden that is sowed as text plain

9

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

3. The Great Firewall analyse the URL to find word forbidden

4. The Great Firewall search text forbidden that is sowed as text plain

10

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

3. The Great Firewall analyse the URL to find word forbidden

4. The Great Firewall search text forbidden that is sowed as text plain

11

How do Great Firewall block sites?

1. The Great Firewall search in DNS servers if the domain is censored

2. If IP is obtained, Great Firewall search if this IP is saved as blocked

3. The Great Firewall analyse the URL to find word forbidden

4. The Great Firewall search text forbidden that is sowed as text plain

12

Forbidden sites

13

Forbidden sites

14

Alternatives

15

Alternatives

16

What is the Great Cannon?

17

A Great Firewall with a Great Cannon

18

A Great Firewall with a Great Cannon

19

A Great Firewall with a Great Cannon

20

A Great Firewall with a Great Cannon

21

1. China establish IP targets to be attacked.

Mirror & Forbidden sites:

22

2. China ear the traffic from outside of China Network to Baidu

23

3. China reroute a percent of this traffic and inject a malicious JS

24

4. This malicious JS will do request constantly to target server

25

Great Cannon discovered

Great cannon was discovered as result of DDoS on Github repositories when a lot page was allocated as mirror of forbidden sites.

https://www.fayerwayer.com/2015/04/asi-es-como-china-ataco-y-tumbo-github-con-su-gran-canon/ 26

Conclusion

China have a new weapon to censor by force

China goverment don’t recognize this attack and The Great Cannon but all investigation point to this, so all this is a augmented supposition

It’s effective? Now, Chinese people are seeing the same pages attacked

27

Conclusion, bibliography and more to investigate

Citizen Lab investigation: https://citizenlab.org/2015/04/chinas-great-cannon/

GreatFire.org: https://en.greatfire.org/blog/2015/mar/chinese-authorities-compromise-millions-cyberattacks

How the Grand Cannon was discovered: http://arstechnica.com/security/2015/04/ddos-attacks-that-crippled-github-linked-to-great-firewall-of-china/

28

Thank you!Questions?

Ivan Ortega@ivanortegaalba

Slides:http://es.slideshare.net/IvanOrtega14 29