climbing over the great wall

What I read this week reminded me of a feature story I wrote as a senior student in university. It was about “climbing over GFW (the Great Fire Wall)”.

When doing the report, I asked one of my friends majoring Information Security for background knowledge of GFW and VPN. He explained the procedure of climbing over the “Wall” with an analogy of cross-border trade: GFW performs like a gatekeeper , while the search commands we send out are goods packages and the website from which we want to get information are destinations. The gatekeeper has a blacklist of destinations thus goods for these destinations are not allowed to be delivered out. Therefore, we need to first send the packages to a delivery transit point — VPN, where the goods will then be sent to the final destination. His explanation was vivid and I quickly grasped the point, although I was still confused on questions like “why do we need to pack up data” “how can the transit point know where the goods is sending to”. But as the feature story was focused on the influence of GFW to ordinary people in Shanghai and the DDL was approaching, I didn’t explore deeper on this issue.

Now that I have learned more on Internet design, I understand the topic better.

The picture provides a simplified view on how our messages get to their destination through the Internet. From the picture, we learn that every computer or device on a TCP/IP network has an IP address to receive or send out information. An IP address is a sequence of number and dots and is difficult for users to remember. But “DNS” is much more readable and easier to be recalled. Every time a user types in a DNS, the DNS server (usually provided by ISP) will translate it into an IP accordingly and send it back. This is one of the nodes that GFW works on. GFW can send a pseudo IP back to your computer earlier than DNS server does and finally lead the user to a wrong site. As DNS server can memorize what has been searched, it will remember the wrong address. Therefore, next time when another user searches the same DNS, the server will give back a wrong one.

Below is a typical data packet:

Short for Virtual Private Network, VPN can create a virtual point-to-point network for users to send and receive data and prevent disclosure of private information by working on the IP layer. It can repackage the data packet with a new header, changing receiver address with the VPN server’s address. When VPN server receives the packet, it wraps the package, finds the original header, rewrites the sender address with VPN server’s address and the receiver address with the original one, and send it out. Finally, it again repackages the response packet and send it back to the user. In this way, the user climbs over the GFW. The procedure is quite complex and I think this is why the wire speed slows down sharply whenever I’m using a VPN to visit some foreign websites.

There are also other ways to climb over the wall like changing the computer’s DNS server or hosts document and all of them work on the network layer of the OSI model.

It’s a shame that the government built up a wall at the boundary blocking out freedom. I know that the country has flaws and imperfections, but I also know that it would be better in the future.