Appendix:

This part is added based feedback I got during the conference. (First composed: July 13, 2004. Last updated: July 14, 2004.)

What has been done (by DynaWeb):

We use dynamic IP (add new IPs when old ones are blocked), packet level DNS resolution, TCP packet fragmentation, tunneling over http. It works fine so far.

What needs to be done?

We hope to disable this firewall. That will open door to more interesting things we have in mind.
Or it will be great if you can prove the vendor live in United States.

Any examples one can try to probe the firewall?

www.cctv.com.cn (China Central TV ) is China's main propaganda machine. You can use this IP as a sample IP from China. "GET /minghui.org" TCP package with ACK on will trigger the RST package. nslookup dweb.com www.cctv.com.cn . No garantee though. They may reconfigure their firewall after this is posted. (try nslookup www.epochtimes.com www.cctv.com.cn as a back up. Tip: Since this IDS thing match with wild card, pre-pend lots of subdomain to use up thier CPU as 0123.0123.[0123}X10.epochtimes.com. Hint: If your subdomain is long enough, the IDS will stop response with fake answer to this package.) But I am sure they will block minghui.org with IP blocking as long as the firewall is there, since minghui.org is devoted to Falun Gong informations. Please share with me if you see anything intresting.

Is there any related information?

Very few as far as I know. Here is a list I have:

A report about national DNS spoofing in China on Sept. 28th, DIT Inc. http://www.dit-inc.us/hj-09-02.html

Empirical Analysis of Internet Filtering in China, Jonathan Zittrain* and Benjamin Edelman**, http://cyber.law.harvard.edu/filtering/china/

You've Got Dissent! Chinese Dissident Use of the Internet and Beijing's Counter-Strategies, Michael S. Chase, James C. Mulvenon , http://www.rand.org/publications/MR/MR1543/

Various presentation DIT made:

http://www.dit-inc.us/press.htm

Other groups that has interests in China's Internet censorship:

Citizen Lab: http://ice.citizenlab.org/

Peacefire: http://www.peacefire.org/

What is your PGP key

bill at dit-inc.us

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

mQGiBEDxeLcRBADUEz7zSrPSTPMXziGbvXMbXhZyM34sdaK6jfaq3Tn7huuaSYzN
BnChw8/yKCO2tlpEIwcV+OvERGaZAcOlYxzn0ColUQoaA5+Tdzcg/NMqQKTdvelU
a1qhaqB9qs9mIUn9442p7ngmE15KIt2rstbLTKO2f7PLTAeiMdoGfBw4uQCg/3YU
B1ncrbf8C7vINODi44+qv+kD/i3uabhpEILnVeuSZfEKdg63N4MyNELr7uMIGlYe
3H9Wn4FE7BeRNb+/4oswL+nrdEvtBFMUwKnllnHdamULBIWA6zMhbpla8za4ZoLz
XD59D/qHiKk3byYLFNNnuIhzvnwGlIsvvW7dZ5ObXI2Ji7+Kzkl5Db8RR8kdL/Px
lnNIA/9CWeQsDUWDc/q2DzynpM04w++nCqM0wyOAQ8nwu7bb6loYR50LTrkvhZ+y
l1kKopMuHyAgMc91eq2W+80OCDCmKyrujhFIFOOHhJeXxgmdjSW/Dsd7nXj4E7kf
TJ5oJMuv5M0PKq4Fopkmo11BTn6M/rdVMCk4cB7KLoPJyLVRj7QaQmlsbCBYaWEg
PGJpbGxAZGl0LWluYy51cz6JAFgEEBECABgFAkDxeLcICwMJCAcCAQoCGQEFGwMA
AAAACgkQ803GEvQstWxcngCcDy6f1S400t9j8RSDrqtUSx57DGQAoKv2czIFqMu8
qjP5eVVcCqc68s1duQINBEDxeLcQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu
uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89
PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa
8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/4wt++t
PWMthQ6mwfEKoxUwfQvkTSwyzPmutMxj3L/yEmE0MrU6ygLg09Em0TEpJ4OLOp4V
i0bDXq7LFHk8so43sWjj6NmDoTlZ3HQruHWoavxEHOfOQTOyKTjmGoCZXSsjhRDS
BMmvui2Q/mZQSv5wDtuiCVOcWxE9cRZ+vZckdVJWlR5VPXnxpY5YaCrldOeiyiTX
h8MkeaKk7zeWGY4imfnTyrQTGqirE2A8lwpn7oVaIu/pqLHBGZdAJEKt1m63En3T
Z5XY4gxl3QHeQC44p6Hj/MMsv8nuzICaJA6HIU21JRZFD6Ct1CEfvGcWkYn1l87a
K/ZWp7A5CCrQR+I9iQBMBBgRAgAMBQJA8Xi4BRsMAAAAAAoJEPNNxhL0LLVskooA
nj6zeKnXeaWvMBmDNwTUyyDo9QPlAJ9cJtsHdmlhUa253goFCxC5zfvISg==
=oY1q
-----END PGP PUBLIC KEY BLOCK-----