Examining How the Great Firewall Discovers Hidden Circumvention Servers

Recently, the operators of the national censorship infrastructure of China began to employ "active probing" to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor. We draw upon multiple forms of measurements, some spanning years, to illuminate the nature of this probing. We identify the different types of probing, develop fingerprinting techniques to infer the physical structure of the system, localize the sensors that trigger probing---showing that they differ from the "Great Firewall" infrastructure---and assess probing's efficacy in blocking different versions of Tor. We conclude with a discussion of the implications for designing circumvention servers that resist such probing mechanisms.

[1]  Robert N. M. Watson,et al.  Ignoring the Great Firewall of China , 2006, Privacy Enhancing Technologies.

[2]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[3]  Nicholas Hopper,et al.  On the risks of serving whenever you surf: vulnerabilities in Tor's blocking resistance design , 2009, WPES '09.

[4]  Jedidiah R. Crandall,et al.  Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[5]  Nikita Borisov,et al.  Cirripede: circumvention infrastructure using router redirection with plausible deniability , 2011, CCS '11.

[6]  Ian Goldberg,et al.  Telex: Anticensorship in the Network Infrastructure , 2011, USENIX Security Symposium.

[7]  Ian Goldberg,et al.  BridgeSPA: improving Tor bridges with single packet authorization , 2011, WPES.

[8]  W. Timothy Strayer,et al.  Decoy Routing: Toward Unblockable Internet Communication , 2011, FOCI.

[9]  Neo,et al.  The collateral damage of internet censorship by DNS injection , 2012, Comput. Commun. Rev..

[10]  Ming Yang,et al.  Extensive analysis and large-scale empirical evaluation of tor bridge discovery , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[12]  Philipp Winter,et al.  ScrambleSuit: a polymorphic network protocol to circumvent censorship , 2013, WPES.

[13]  Vern Paxson,et al.  Towards Illuminating a Censorship Monitor's Model to Facilitate Evasion , 2013, FOCI.

[14]  Towards a Comprehensive Picture of the Great Firewall's DNS Censorship , 2014, FOCI.

[15]  Van Jacobson,et al.  TCP Extensions for High Performance , 1992, RFC.

[16]  Yasushi Shinjo,et al.  VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls , 2014, NSDI.

[17]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[18]  Vern Paxson,et al.  An Analysis of China's "Great Cannon" , 2015 .

[19]  Philipp Winter,et al.  Analyzing the Great Firewall of China Over Space and Time , 2015, Proc. Priv. Enhancing Technol..