GFW Report
https://gfw.report/publications/ndss25/zh/ 我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城最著名的网络攻击手段之一——DNS注入——的内部架构,以及审查者的操作行为。 为了理解Wallbleed的形成原因和影响,我们从2021年…
FOCI25BestPracticalPaper.jpeg
378.9 KB
我们发表在NDSS'25 的论文《Wallbleed(墙出血)》获得了 FOCI'25 最佳实践论文奖。🏆
这项工作是我们心血的结晶,论文发表的过程更是历经坎坷。我们在此由衷地感谢反审查社区对我们工作的认可与支持,也借此机会感谢所有陪伴我们一路走来的各位的支持。
论文中文版:https://gfw.report/publications/ndss25/zh/
这项工作是我们心血的结晶,论文发表的过程更是历经坎坷。我们在此由衷地感谢反审查社区对我们工作的认可与支持,也借此机会感谢所有陪伴我们一路走来的各位的支持。
论文中文版:https://gfw.report/publications/ndss25/zh/
👍32🎉7❤2🌭2
BREAKING: The Great Firewall of China Has Evolved its QUIC Censorship Capabilities
Our latest research, to be presented at USENIX Security '25, reveals that the Great Firewall of China (GFW) can now inspect encrypted QUIC Initial packets to perform real-time, SNI-based censorship and block specific domains. Our paper provides a deep analysis of the GFW's new censorship logic, reverse-engineers its heuristic parsing rules, and maps out its blocklist of targeted domains and services.
This new system introduces two critical vulnerabilities:
1️⃣ Degradation Attack: We propose a novel attack that can overwhelm the censorship apparatus by sending a moderate amount of carefully crafted traffic, temporarily reducing the GFW's effectiveness.
2️⃣ Availability Attack: We discovered that anyone can exploit the GFW and use it as a weapon to launch availability attacks, blocking UDP traffic between arbitrary hosts from China and the rest of the world.
Given the severity of the availability attack, we followed responsible disclosure protocols and notified CNCERT and Fang Binxing of the vulnerability. Their reaction (or lack thereof) is discussed in the paper.
To protect users, we have already collaborated with industry leaders including Mozilla (Firefox & Neqo), the quic-go project, and developers of all major QUIC-based circumvention tools to design and deploy effective countermeasures.
Read the full paper here:
https://gfw.report/publications/usenixsecurity25/en/
Our latest research, to be presented at USENIX Security '25, reveals that the Great Firewall of China (GFW) can now inspect encrypted QUIC Initial packets to perform real-time, SNI-based censorship and block specific domains. Our paper provides a deep analysis of the GFW's new censorship logic, reverse-engineers its heuristic parsing rules, and maps out its blocklist of targeted domains and services.
This new system introduces two critical vulnerabilities:
1️⃣ Degradation Attack: We propose a novel attack that can overwhelm the censorship apparatus by sending a moderate amount of carefully crafted traffic, temporarily reducing the GFW's effectiveness.
2️⃣ Availability Attack: We discovered that anyone can exploit the GFW and use it as a weapon to launch availability attacks, blocking UDP traffic between arbitrary hosts from China and the rest of the world.
Given the severity of the availability attack, we followed responsible disclosure protocols and notified CNCERT and Fang Binxing of the vulnerability. Their reaction (or lack thereof) is discussed in the paper.
To protect users, we have already collaborated with industry leaders including Mozilla (Firefox & Neqo), the quic-go project, and developers of all major QUIC-based circumvention tools to design and deploy effective countermeasures.
Read the full paper here:
https://gfw.report/publications/usenixsecurity25/en/
GFW Report
Exposing and Circumventing SNI-based QUIC Censorship of the Great Firewall of China
Since April 2024, the Great Firewall of China (GFW) has been censoring QUIC traffic to specific domains. Our findings show the GFW decrypts QUIC Initial packets at scale and employs a unique blocklist. Our research reveals this system is ineffective under…
😨5👍2❤1
中国防火长城 (GFW) 已具备QUIC SNI审查能力
我们在 USENIX Security '25 会议上发表的最新研究报告揭示,中国的防火长城 (GFW) 自2024年4月起,已经可以检测加密的QUIC初始数据包,以进行基于服务器名称指示 (SNI) 的实时审查和域名屏蔽。我们的论文深入分析了其审查逻辑、逆向工程了其启发式解析规则,并揭示了其封锁名单。
这个新系统引入了两个严重的漏洞:
1️⃣ 降级攻击 (Degradation Attack): 我们提出了一种新型攻击方式,通过发送适量的精心构造的数据包,即可压垮审查设备,从而暂时性地降低GFW的审查效率。
2️⃣ 可用性攻击 (Availability Attack): 我们发现,任何人都可以利用GFW作为武器发动可用性攻击,从而借GFW之手,阻断中国与世界其他地区之间任意主机间的UDP通讯。
鉴于可用性攻击的严重性,我们遵循了“负责任的漏洞披露”原则,向中国国家互联网应急中心 (CNCERT) 及方滨兴本人通报了此漏洞。我们在论文中讨论了他们对此的反应。
为了保护用户,我们已经与行业领导者合作,包括 Mozilla (Firefox & Neqo)、quic-go 项目以及所有主要的基于QUIC的翻墙工具的开发者,共同设计并部署了有效的缓解措施。
论文中文版:
https://gfw.report/publications/usenixsecurity25/zh/
我们在 USENIX Security '25 会议上发表的最新研究报告揭示,中国的防火长城 (GFW) 自2024年4月起,已经可以检测加密的QUIC初始数据包,以进行基于服务器名称指示 (SNI) 的实时审查和域名屏蔽。我们的论文深入分析了其审查逻辑、逆向工程了其启发式解析规则,并揭示了其封锁名单。
这个新系统引入了两个严重的漏洞:
1️⃣ 降级攻击 (Degradation Attack): 我们提出了一种新型攻击方式,通过发送适量的精心构造的数据包,即可压垮审查设备,从而暂时性地降低GFW的审查效率。
2️⃣ 可用性攻击 (Availability Attack): 我们发现,任何人都可以利用GFW作为武器发动可用性攻击,从而借GFW之手,阻断中国与世界其他地区之间任意主机间的UDP通讯。
鉴于可用性攻击的严重性,我们遵循了“负责任的漏洞披露”原则,向中国国家互联网应急中心 (CNCERT) 及方滨兴本人通报了此漏洞。我们在论文中讨论了他们对此的反应。
为了保护用户,我们已经与行业领导者合作,包括 Mozilla (Firefox & Neqo)、quic-go 项目以及所有主要的基于QUIC的翻墙工具的开发者,共同设计并部署了有效的缓解措施。
论文中文版:
https://gfw.report/publications/usenixsecurity25/zh/
👍52🌚11❤5🔥5😁2👎1🥴1