Internet censorship in china: where does the filtering occur?
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Using clustering to detect Chinese censorware
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
A Taxonomy of Censors and Anti-Censors Part II: Anti-Censorship Technologies
International Journal of E-Politics
The velocity of censorship: high-fidelity detection of microblog post deletions
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
We present results from measurements of the filtering of HTTP HTML responses in China, which is based on string matching and TCP reset injection by backbone-level routers. This system, intended mainly for Internet censorship, is a national-scale filter based on intrusion detection system (IDS) technologies. Our results indicate that the Chinese censors discontinued this HTML response filtering for the majority of routes some time between August 2008 and January 2009 (other forms of censorship, including backbone-level GET request filtering, are still in place). In this paper, we give evidence to show that the distributed nature of this filtering system and the problems inherent to distributed filtering are likely among the reasons it was discontinued, in addition to potential traffic load problems. When the censor successfully detected a keyword in our measurements and attempted to reset the connection, their attempt to reset the connection was successful less than 51% of the time, due to late or out-of-sequence resets. In addition to shedding light on why HTML response filtering may have been discontinued by the censors, we document potential sources of uncertainty, which are due to routing and protocol dynamics, that could affect measurements of any form of censorship in any country. Between a single client IP address in China and several contiguous server IP addresses outside China, measurement results can be radically different. This is probably due to either traffic engineering or one node from a bank of IDS systems being chosen based on source IP address. Our data provides a unique opportunity to study a national-scale, distributed filtering system.