我们发表在USENIX Security’23 的论文《中国的防火长城是如何检测和封锁完全加密流量的》获得了 PETS 2025 Caspar Bowden 隐私增强技术杰出研究奖亚军。我们由衷的感谢多年来我们的合作者以及中国网民们对我们的无私帮助与支持。我们会再接再厉的。
论文链接:https://gfw.report/publications/usenixsecurity23/zh/
论文链接:https://gfw.report/publications/usenixsecurity23/zh/
GFW Report
中国的防火长城是如何检测和封锁完全加密流量的
2021年11月初,中国的防火长城(GFW)部署了一种新的审查技术,这种技术可以实时地被动检测并阻断全加密流量。GFW这一新添的审查能力影响到一大批流行的翻墙协议,包括但不限于Shadowsocks、VMess和Obfs4。在这篇论文中,我们测量并描述了GFW用于审查完全加密流量的新系统。
🎉21👏2❤1
GFW Report
https://gfw.report/publications/ndss25/en/ We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes…
FOCI25BestPracticalPaper.jpeg
378.9 KB
Our NDSS'25 "Wallbleed" paper has received the FOCI'25 Best Practical Paper Award. 🏆
This work was a true labor of love, and we are deeply grateful for the recognition from the Internet freedom community and support from everyone on this long journey.
https://gfw.report/publications/ndss25/en/
This work was a true labor of love, and we are deeply grateful for the recognition from the Internet freedom community and support from everyone on this long journey.
https://gfw.report/publications/ndss25/en/
👏5❤1
GFW Report
https://gfw.report/publications/ndss25/zh/ 我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城最著名的网络攻击手段之一——DNS注入——的内部架构,以及审查者的操作行为。 为了理解Wallbleed的形成原因和影响,我们从2021年…
FOCI25BestPracticalPaper.jpeg
378.9 KB
我们发表在NDSS'25 的论文《Wallbleed(墙出血)》获得了 FOCI'25 最佳实践论文奖。🏆
这项工作是我们心血的结晶,论文发表的过程更是历经坎坷。我们在此由衷地感谢反审查社区对我们工作的认可与支持,也借此机会感谢所有陪伴我们一路走来的各位的支持。
论文中文版:https://gfw.report/publications/ndss25/zh/
这项工作是我们心血的结晶,论文发表的过程更是历经坎坷。我们在此由衷地感谢反审查社区对我们工作的认可与支持,也借此机会感谢所有陪伴我们一路走来的各位的支持。
论文中文版:https://gfw.report/publications/ndss25/zh/
👍32🎉7❤2🌭2
BREAKING: The Great Firewall of China Has Evolved its QUIC Censorship Capabilities
Our latest research, to be presented at USENIX Security '25, reveals that the Great Firewall of China (GFW) can now inspect encrypted QUIC Initial packets to perform real-time, SNI-based censorship and block specific domains. Our paper provides a deep analysis of the GFW's new censorship logic, reverse-engineers its heuristic parsing rules, and maps out its blocklist of targeted domains and services.
This new system introduces two critical vulnerabilities:
1️⃣ Degradation Attack: We propose a novel attack that can overwhelm the censorship apparatus by sending a moderate amount of carefully crafted traffic, temporarily reducing the GFW's effectiveness.
2️⃣ Availability Attack: We discovered that anyone can exploit the GFW and use it as a weapon to launch availability attacks, blocking UDP traffic between arbitrary hosts from China and the rest of the world.
Given the severity of the availability attack, we followed responsible disclosure protocols and notified CNCERT and Fang Binxing of the vulnerability. Their reaction (or lack thereof) is discussed in the paper.
To protect users, we have already collaborated with industry leaders including Mozilla (Firefox & Neqo), the quic-go project, and developers of all major QUIC-based circumvention tools to design and deploy effective countermeasures.
Read the full paper here:
https://gfw.report/publications/usenixsecurity25/en/
Our latest research, to be presented at USENIX Security '25, reveals that the Great Firewall of China (GFW) can now inspect encrypted QUIC Initial packets to perform real-time, SNI-based censorship and block specific domains. Our paper provides a deep analysis of the GFW's new censorship logic, reverse-engineers its heuristic parsing rules, and maps out its blocklist of targeted domains and services.
This new system introduces two critical vulnerabilities:
1️⃣ Degradation Attack: We propose a novel attack that can overwhelm the censorship apparatus by sending a moderate amount of carefully crafted traffic, temporarily reducing the GFW's effectiveness.
2️⃣ Availability Attack: We discovered that anyone can exploit the GFW and use it as a weapon to launch availability attacks, blocking UDP traffic between arbitrary hosts from China and the rest of the world.
Given the severity of the availability attack, we followed responsible disclosure protocols and notified CNCERT and Fang Binxing of the vulnerability. Their reaction (or lack thereof) is discussed in the paper.
To protect users, we have already collaborated with industry leaders including Mozilla (Firefox & Neqo), the quic-go project, and developers of all major QUIC-based circumvention tools to design and deploy effective countermeasures.
Read the full paper here:
https://gfw.report/publications/usenixsecurity25/en/
GFW Report
Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of China
Since April 2024, the Great Firewall of China (GFW) has been censoring QUIC traffic to specific domains. Our findings show the GFW decrypts QUIC Initial packets at scale and employs a unique blocklist. Our research reveals this system is ineffective under…
😨5👍2❤1
中国防火长城 (GFW) 已具备QUIC SNI审查能力
我们在 USENIX Security '25 会议上发表的最新研究报告揭示,中国的防火长城 (GFW) 自2024年4月起,已经可以检测加密的QUIC初始数据包,以进行基于服务器名称指示 (SNI) 的实时审查和域名屏蔽。我们的论文深入分析了其审查逻辑、逆向工程了其启发式解析规则,并揭示了其封锁名单。
这个新系统引入了两个严重的漏洞:
1️⃣ 降级攻击 (Degradation Attack): 我们提出了一种新型攻击方式,通过发送适量的精心构造的数据包,即可压垮审查设备,从而暂时性地降低GFW的审查效率。
2️⃣ 可用性攻击 (Availability Attack): 我们发现,任何人都可以利用GFW作为武器发动可用性攻击,从而借GFW之手,阻断中国与世界其他地区之间任意主机间的UDP通讯。
鉴于可用性攻击的严重性,我们遵循了“负责任的漏洞披露”原则,向中国国家互联网应急中心 (CNCERT) 及方滨兴本人通报了此漏洞。我们在论文中讨论了他们对此的反应。
为了保护用户,我们已经与行业领导者合作,包括 Mozilla (Firefox & Neqo)、quic-go 项目以及所有主要的基于QUIC的翻墙工具的开发者,共同设计并部署了有效的缓解措施。
论文中文版:
https://gfw.report/publications/usenixsecurity25/zh/
我们在 USENIX Security '25 会议上发表的最新研究报告揭示,中国的防火长城 (GFW) 自2024年4月起,已经可以检测加密的QUIC初始数据包,以进行基于服务器名称指示 (SNI) 的实时审查和域名屏蔽。我们的论文深入分析了其审查逻辑、逆向工程了其启发式解析规则,并揭示了其封锁名单。
这个新系统引入了两个严重的漏洞:
1️⃣ 降级攻击 (Degradation Attack): 我们提出了一种新型攻击方式,通过发送适量的精心构造的数据包,即可压垮审查设备,从而暂时性地降低GFW的审查效率。
2️⃣ 可用性攻击 (Availability Attack): 我们发现,任何人都可以利用GFW作为武器发动可用性攻击,从而借GFW之手,阻断中国与世界其他地区之间任意主机间的UDP通讯。
鉴于可用性攻击的严重性,我们遵循了“负责任的漏洞披露”原则,向中国国家互联网应急中心 (CNCERT) 及方滨兴本人通报了此漏洞。我们在论文中讨论了他们对此的反应。
为了保护用户,我们已经与行业领导者合作,包括 Mozilla (Firefox & Neqo)、quic-go 项目以及所有主要的基于QUIC的翻墙工具的开发者,共同设计并部署了有效的缓解措施。
论文中文版:
https://gfw.report/publications/usenixsecurity25/zh/
👍52🌚11❤5🔥5😁2👎1🥴1