當GFW看到自客戶端傳送的第一個SYN包以啟動TCP三次握手時,其開始跟蹤該TCP連接的狀態。HTTP、SMTP、HTTPS等許多應用協定都基於TCP。GFW在該TCP控制塊(TCP control block)內進行上文所述之檢測[25][66],遇到預期關鍵字後,其會注入帶有一個RST選項的「一型」[已過時]和多個帶有RST/ACK選項的「二型」封包,這被認為是來自兩種同時部署的審查裝置。一型IPID為0,具有隨機的窗口尺寸(英語:TCP tuning#Window_size),沒有設置「不分片」選項;二型則有周期性增加的TTL值和窗口尺寸,並且設置了「不分片」[67][25]。
思科系統和一些其他西方通訊裝置供應商向中華人民共和國政府提供了具有流量監控和過濾功能的互聯網裝置,用來封堵網站和追蹤網上一些活躍的持不同政見者[115][116]。2006年2月,美國國會為此召開聽證會,向思科、微軟、雅虎、Google四家公司提出質詢[117]。美國中國資訊中心(China Information Center)的吳弘達指責,思科不斷主動地與中國中央及各省國家安全部門聯絡,向其提供最新技術,包括警車間的即時通訊和指揮系統、以及聲音辨識技術和指紋鑑別技術[117]。記者Sarah Lai Stirland在Wired News發表了一篇文章,並公佈了一份泄漏的思科機密幻燈片文件。該文件詳細描述了思科和中國政府在金盾工程上具有商業性質的合作[118]。她還在文章中指責,思科在市場行銷中將這些技術明確劃分為「鎮壓工具(A Tool of Repression)」。思科的辯護者聲稱,實際上,在中國大陸現行的內容過濾系統中,路由器只是作為底層執行裝置對人為指定的目的地址進行封鎖,這是任何一台商用路由器都必須提供的基本功能,思科並沒有向中國政府提供特別開發和客製化的互聯網裝置[119][32]。
Geremie R. Barme; Ye, Sang. The Great Firewall of China. Wired. 1997-06-01 [2015-12-29]. (原始內容存檔於2016-01-01). A computer engineer in his late 30s, Comrade X...is overseeing efforts to build a digital equivalent to China's Great Wall. Under construction since last year, what's officially known as the "firewall" is designed to keep Chinese cyberspace free of pollutants of all sorts
Kazuho, Oku,; Christopher, Wood,; Eric, Rescorla,; Nick, Sullivan,. Encrypted Server Name Indication for TLS 1.3. IETF. 2018-07-02 [2021-10-07]. (原始內容存檔於2018-08-13) (英語). Although TLS 1.3 [I-D.ietf-tls-tls13] encrypts most of the handshake, including the server certificate, there are several other channels that allow an on-path attacker to determine the domain name the client is trying to connect to, including:… Cleartext Server Name Indication (SNI) [RFC6066] in ClientHello messages.
Roya Ensafi; Philipp Winter; Abdullah Mueen; Jedidiah R. Crandall. Large-scale Spatiotemporal Characterization of Inconsistencies in the World's Largest Firewall. 2014-10-03. arXiv:1410.0735.
Kevin Bock; Gabriel Naval; Kyle Reese; Dave Levin. Even Censors Have a Backup: Examining China's Double HTTPS Censorship Middleboxe. Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet. Association for Computing Machinery: 1-7. 2021. ISBN 9781450386401. doi:10.1145/3473604.3474559.
Philipp Winter; Stefan Lindskog. How the Great Firewall of China is Blocking Tor. 2nd USENIX Workshop on Free and Open Communications on the Internet (FOCI 12). USENIX Association. 2012-08 [2024-01-14]. (原始內容存檔於2024-01-14).
Rescorla, Eric. The Transport Layer Security (TLS) Protocol Version 1.3. tools.ietf.org. 2018-08 [2021-10-08]. (原始內容存檔於2019-06-03) (英語). All handshake messages after the ServerHello are now encrypted. The newly introduced EncryptedExtensions message allows various extensions previously sent in the clear in the ServerHello to also enjoy confidentiality protection.
Anonymous; Arian Akhavan Niaki; Nguyen Phong Hoang; Phillipa Gill; Amir Houmansadr. Triplet Censors: Demystifying Great Firewall’s DNS Cnsorship Behavior. 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20). USENIX Association. 2020-08 [2024-01-11]. (原始內容存檔於2024-01-11).
Anonymous. The Collateral Damage of Internet Censorship by DNS Injection. SIGCOMM Comput. Commun. Rev. (Association for Computing Machinery). 2012-06-26, 43 (3): 21–27. ISSN 0146-4833. doi:10.1145/2317307.2317311.
Steven Mufson; Jia Lynn Yang. China accuses hackers of Internet disruption; experts suspect error by government censors. 華盛頓郵報. 2014-01-22. (原始內容存檔於2016-04-01). 「The rule was supposed to be, 『Block everything going to this IP address,』」 said Nicholas Weaver, a researcher at the International Computer Science Institute, which is affiliated with the University of California at Berkeley. 「Instead, they screwed up and probably wrote the rule as 『Block everything by referring to this IP address.』」
Mingshi Wu; Jackson Sippe; Danesh Sivakumar; Jack Burg; Peter Anderson; Xiaokang Wang; Kevin Bock; Amir Houmansadr; Dave Levin; Eric Wustrow. 中国的防火长城是如何检测和封锁完全加密流量的. USENIX Security Symposium 2023. 2023-04-28 [2023-04-28]. (原始內容存檔於2023-04-28).
Anderson, Daniel. Splinternet Behind the Great Firewall of China: Once China Opened Its Door to the World, It Could Not Close It Again.. Queue (Association for Computing Machinery). 2012-11, 10 (11): 40–49. ISSN 1542-7730. doi:10.1145/2390756.2405036. According to a paper published by its designers, GFW relies on null routing (see figure 1) to block IP packets by blacklisting destination addresses. By peering with the gateway routers of all Chinese ISPs, GFW injects routing information into BGP (Border Gateway Protocol) and hijacks all traffic to blocked websites—such as twitter.com.
Cao Siqi. Foreign VPN service unavailable in China. Global Times. 2015-01-23 [2021-10-07]. (原始內容存檔於2022-06-22). Astrill claimed in a Wednesday notice that since this year, VPN protocols used on iOS devices, including IPSec, L2TP/IPSec and PPTP, are not accessible in China in almost real-time.
Tim Wilde. Knock Knock Knockin' on Bridges' Doors. Team Cymru, Inc. Tor Blog. 2012-01-07 [2012-01-10]. (原始內容存檔於2012-01-13). First, "garbage binary" probes, containing nothing more than arbitrary (but sometimes repeated in later probes) binary data, were experienced by the non-China side of any connection that originated from China to TCP port 443 (HTTPS) in which an SSL negotiation was performed. This probe was performed in near-real-time after the connection was established, … The second type of probe, on the other hand, is aimed quite directly at Tor. When a Tor client within China connected to a US-based bridge relay, we consistently found that at the next round 15 minute interval (HH:00, HH:15, HH:30, HH:45), the bridge relay would receive a probe from hosts within China that not only established a TCP connection, but performed an SSL negotiation, an SSL renegotiation, and then spoke the Tor protocol sufficiently to build a one-hop circuit and send a BEGIN_DIR cell.
Theories abound for overseas web access troubles. Global Times. 2011-05-18 [2011-05-19]. (原始內容存檔於2011-05-21). Fang Binxing, president of Beijing University of Posts and Telecommunications, attributed the interruptions to Internet service providers' economic concerns. "Service providers have to pay the bill of the international Internet flow for their users. So there is incentive for the companies to discourage users to visit foreign websites," he said. … An anonymous official with the Ministry of Industry and Information Technology declined to explain why foreign websites were frequently inaccessible a telephone interview with the Global Times, and instead urged users to "check their own technology problems and with the websites' servers on the first place."
Microsoft Says Outlook Hacked in China. 華爾街日報. 2015-01-21 [2021-10-09]. (原始內容存檔於2021-10-09) (英語). Outlook users in China accessing their email through an email client saw a pop-up message saying 「Cannot Verify Server Identity」 and asking if they wanted to continue anyway
JR, Crandall; Zinn D; Byrd M; Barr E; East R. ConceptDoppler: A Weather Tracker for Internet Censorship(PDF). Proceedings of the 14th ACM Conference on Computer and Communications Security. Association for Computing Machinery: 352–365. 2007-10-28 [2007-09-13]. ISBN 9781595937032. doi:10.1145/1315245.1315290. (原始內容存檔(PDF)於2007-10-26) (英語). Inspired by initial work on the Great Firewall of China (GFC)’s keyword filtering mechanism, we sought a better understanding of its implementation and found it to be not a firewall at all, but rather a panopticon where the presence of censorship, even if easy to evade, promotes self-censorship.