Examining How the Great Firewall Discovers Hidden Circumvention Servers

TitleExamining How the Great Firewall Discovers Hidden Circumvention Servers
Publication TypeConference Paper
Year of Publication2015
AuthorsEnsafi, R., Fifield D., Winter P., Feamster N., Weaver N., & Paxson V.
Published inProceedings of ACM Internet Measurement Conference
Date Published10/2015
KeywordsActive Probing, Censorship Circumvention, Deep Packet Inspection, Great Firewall of China, Tor

Recently, the operators of the national censorship infrastructure of China began to employ “active probing” to detect and block the use of privacy tools. This probing works by passively monitoring the network for suspicious traffic, then actively probing the corresponding servers, and blocking any that are determined to run circumvention servers such as Tor.

We draw upon multiple forms of measurements, some spanning years, to illuminate the nature of this probing. We identify the different types of probing, develop fingerprinting techniques to infer the physical structure of the system, localize the sensors that trigger probing—showing that they differ from the “Great Firewall” infrastructure—and assess probing’s efficacy in blocking different versions of Tor. We conclude with a discussion of the implications for designing circumvention servers that resist such probing mechanisms.

ICSI Research Group

Networking and Security


IRTF Applied Networking Reserach Prize