Something weird happened with the Great Firewall of China (GFW), which the Chinese government uses to control internet access within the country, on August 20.
A site dedicated to monitoring China's internet censorship systems called GFW Report claimed the Great Firewall "exhibited anomalous behavior by unconditionally injecting forged TCP RST+ACK packets to disrupt all connections on TCP port 443" for approximately 74 minutes before resuming its normal processes. (Or "normal," I guess.)
A quick aside: TCP port 443 is typically used for HTTPS — the more Secure version of the Hypertext Transfer Protocol that makes it more difficult for someone to spy on or tamper with the connection between devices — but the port and protocol aren't inextricably linked. Systems can be configured to manage HTTPS via different ports.
The behavior reported by GFW Report differs from China's previous efforts to censor encrypted communications in that it specifically targeted port 443, with the report saying "the unconditional RST+ACK injections was on TCP port 443, but not on other common ports like 22, 80, 8443." (Often used for SSH, HTTP, and as an alternative for HTTPS, respectively.)
Contrast that with this from GFW Report in August 2020 detailing the GFW's efforts to block "one of the foundational features of TLS 1.3 and HTTPS." In that case, the Chinese government was specifically targeting the TLS 1.3 and HTTPS protocols across every port (1-65535) rather than limiting its disruptions to a single port.
That alone isn't necessarily unusual. "The [GFW] is not a single entity but a complex system composed of various network devices that perform censorship," GFW Report said, and it doesn't rely on a single method of disrupting traffic. Bypassing the GFW isn't a problem that only needs to be solved once; it's an ongoing concern.
The bigger mystery is whether or not the behavior seen on August 20 was intended.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
"The responsible device does not match the fingerprints of any known GFW devices," GFW Report said, "suggesting that the incident was caused by either a new GFW device or a known device operating in a novel or misconfigured state." But the group's investigation into this blip was hindered by its short duration.
Studying the GFW is vital because of its humanitarian impact, of course, but it's also fairly unique in that the Chinese government is effectively trying to have its cake and eat it too. Blocking connections to the rest of the world would be economically devastating, so China can't pull a North Korea by cutting off access to the broader internet. But it doesn't want to provide unfettered access to information, either.
In a sense it would be easier to copy other authoritarian regimes in simply cutting off internet access—at least temporarily—in times of crisis. (See: Turkey, Kazakhstan, Sudan, Egypt, etc.) Instead the GFW is a weird compromise between open internet access and no internet access.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
3 hours ago
3
English (US) ·