VPN Articles and News

How Does The Great Firewall Of China Work?

Friday, December 12th, 2014

The Great Firewall of China refers to the Golden Shield Project that the Chinese government has deployed to monitor online activities of its citizens and censor online content. Although China has the largest number of online users in the world, a lot of mainstream sites like YouTube, Facebook, Twitter, Blogger and Gmail are not available over there. The Chinese government have censored these (as well as thousands of others) websites mostly for political and social reasons. The Great Firewall is one of the most sophisticated censorship project ever deployed since it uses a number of techniques to inspect, monitor and block content. Here is how it works:

1) Mirroring

Mirroring refers to monitoring data packets at entry/exit gateways that separate the Chinese web from the rest of the internet. As you might be aware, internet traffic flows from one location to another through fiber optic cables but there are only a limited number of gateways available for a particular country. By deploying sophisticated data sniffing tools on the three gateways that carry online traffic from China, the authorities are able to monitor requests and censor content effectively.

2) IP Filtering

IP filtering blocks access to IP addresses of specific websites and domains. The filtering not only affects HTTP traffic but also FTP and POP based requests. A lot of times users are able to circumvent ban on a particular website by using the site’s IP address instead of its domain name but by using IP based filtering, the Chinese authorities have ensured that there is no way to access blocked sites.

3) DNS Filtering

DNS Filtering or Poisoning occurs when a web request returns incorrect IP address or fails to resolve the DNS address of the requested website. This is a very effective censorship technique since it returns an invalid response every time you try to connect to a blocked website.

4) URL And Keyword Filtering

Even if a website is not blocked in China, the Great Firewall could prevent users from accessing specific pages from that website. The firewall looks for specific keywords in URLs and may block access to a page if its URL or content contains blocked terms.

5) Deep Packet Inspection

The Chinese authorities not only rely on DNS, IP and keyword based filtering, they also analyze data packets for objectionable content. This technique is known as Deep Packet Inspection and it helps to censor content by looking at the raw data requests.

6) Connection Reset

If a connection is blocked by packet filters then future requests between the two computers would also be blocked automatically for as long as half an hour. The firewall sends a reset packet which tells both the parties that the connection has been reset by the computer at the other end.

As you can see from the above paragraphs, China has deployed numerous methods to monitor and censor online content. In late 2012, Chinese authorities also started to block VPN connections although many SSL based VPNs continue to work from there. If you wish to bypass censorship in China, you would need to use a VPN service that cannot be detected or blocked by the Great Firewall of China.

December 12, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 8 =