I come from China which has the one of most powerfully of internet censorship system. I want to introduce the technology that Chinese government used in their GFW(Great Firewall) and How we, the normal internet user, break through it.
There are mainly two ways to block a website in China.
- DNS spoofing
- IP black holes.
DNS Spoofing is the most common way to block a website in China. When you visit a website, you use a Domain name to visit it. However, Computers don’t understand domain name and they only understand IP address. Thus, We need a service to convert domain name to IP address and It’s called DNS. In China, If you using a normal way(UDP, 53 port) to send DNS request to any DNS service, you will get a wrong IP address, when you want to visit a blocked website.
The way we overcomes it is using other way to send DNS request to foreign DNS server(like 220.127.116.11 and 18.104.22.168) like DNS over HTTPS, DNS over TLS or just using proxy to send DNS request.
- GFWList (A list records banned websites(not all of banned websites)
- SmartDNS(A DNS server supports DNS over HTTPS and DNS over TLS)
IP black holes.
When the website is a big and important website(like Google, Facebook, Twitter), the GFW will use IP black holes to block the whole range of those websites’ IP address. Simply to say, You just can not connect to this IP address anymore. The way we overcome it is also simple, just use proxy.
In the beginning, we just used normal http proxy. However, after GFW updated once by once, We changed proxy to VPN and now a bunch of special design proxy protocol. These protocols can make proxy traffic looks like normal website visit(like HTTPS). However, GFW now can analyze the total traffic of a IP address, So if you have extreme high traffic of one IP address(GFW also will ban you, temporary or forever.)But, it’s still a guess, we don’t know how GFW exactly works.