gfw.report Profile
gfw.report

@gfw_report

Followers
35K
Following
62
Media
31
Statuses
82

https://t.co/PPkiIIIscP

Joined December 2019
Don't wanna be here? Send us removal request.
@gfw_report
gfw.report
1 month
中国防火长城(GFW)今日发生史上最大规模的内部文档泄漏。超过500GB的源代码、工作日志与内部交流记录外泄,揭示了GFW的研发与运作细节。 泄漏源自GFW核心研发力量之一的积至公司(首席科学家方滨兴)及中科院信息工程研究所第二研究室的处理架构组 MESA
359
2K
8K
@gfw_report
gfw.report
1 month
The Great Firewall of China (GFW) today experienced the largest internal document leak in its history. More than 500GB of source code, work logs, and internal communications have been exposed, revealing details about the development and operation of the GFW. The leak originated
144
2K
8K
@gfw_report
gfw.report
2 months
我们观测到中国的防火长城 (GFW) 于北京时间2025年8月20日凌晨,对 TCP 443 端口进行无差别封锁。这对互联网造成短暂但大规模的影响。 我们发现注入封锁的设备指纹与已知 GFW 设备不同,这可能意味着 GFW 尝试启用新设备,或在旧有设备上使用(错误的)新配置。 中文报告: https://t.co/D3G7Gw7xXu
gfw.report
中国的防火长城(GFW)于2025年8月20日对 TCP 443 端口实施了大规模、无差别的封锁。本报告记录了我们对该事件的测量与分析。
29
186
1K
@gfw_report
gfw.report
2 months
The Great Firewall of China anomalously conducted a large-scale, unconditional block targeting TCP port 443 on August 20, 2025, causing massive disruption of the Internet. This report documents the measurements and analysis we conducted of that event: https://t.co/WMhbLL1QaC
gfw.report
The Great Firewall of China (GFW) conducted a large-scale, unconditional block targeting TCP port 443 on August 20, 2025. This report documents the measurements and analysis we conducted of that...
1
20
58
@gfw_report
gfw.report
3 months
推文 3/3 我们遵循“负责任的漏洞披露”原则,向CNCERT及方滨兴本人通报了可用性攻击漏洞(他们的反应详见论文)。 同时,我们已和 @Mozilla (Firefox & Neqo)、quic-go及所有主流的基于QUIC的翻墙工具合作,设计并部署了有效的缓解措施,以保护全球用户。✅
7
20
275
@gfw_report
gfw.report
3 months
推文 2/3 更严重的是,我们发现了该系统带来的两个全新攻击向量: 1���⃣ 降级攻击:我们首次提出,通过发送少量精心构造的流量即可压垮审查设备,暂时降低GFW的审查效率。 2️⃣ 可用性攻击:任何人都能将GFW“武器化”,借GFW之手屏蔽中国境内外任意主机间的UDP通讯!
5
27
236
@gfw_report
gfw.report
3 months
推文 1/3 中国防火长城 (GFW) 自2024年4月起进行了升级,现可通过检测加密的QUIC初始包,进行基于SNI的实时审查与域名屏蔽。 我们在USENIX Security '25的最新论文中,深入分析了其审查逻辑、启发式解析规则和黑名单,揭示了GFW的屏蔽方式与目标。 论文中文版: https://t.co/8ixIEXe1zR
30
188
1K
@gfw_report
gfw.report
3 months
🧵6/6 To protect users, we've already collaborated with industry leaders including @Mozilla (Firefox & Neqo), the quic-go project, and developers of all major QUIC-based circumvention tools to design and deploy effective countermeasures. ✅🤝
1
1
11
@gfw_report
gfw.report
3 months
🧵5/6 Given the severity of the availability attack, we followed responsible disclosure protocols and notified CNCERT and Fang Binxing of the vulnerability. Their reaction (or lack thereof) is discussed in the paper. 📜
1
2
16
@gfw_report
gfw.report
3 months
🧵4/6 This new system also introduces another critical vulnerability. We discovered that anyone can exploit the GFW and use it as a weapon to launch availability attacks, blocking UDP traffic between arbitrary hosts from China and the rest of the world!
1
0
4
@gfw_report
gfw.report
3 months
🧵3/6 We proposed a novel degradation attack against the GFW. By sending a moderate amount of carefully crafted traffic, it's possible to overwhelm the censorship apparatus, temporarily reducing its effectiveness. 🌊
1
0
2
@gfw_report
gfw.report
3 months
🧵2/6 In the paper, we analyze the GFW's new censorship logic, reverse-engineer its heuristic parsing rules, and map out its blocklist of targeted domains and services. We show not just what is blocked, but how. 🔬
1
0
2
@gfw_report
gfw.report
3 months
BREAKING: The Great Firewall of China has evolved. It can now inspect encrypted QUIC Initial packets to perform real-time, SNI-based censorship and block specific domains. 🧱 Our new USENIX Security '25 paper has the full story: https://t.co/8ixIEXe1zR (Thread 🧵1/6)
2
20
78
@gfw_report
gfw.report
3 months
我们发表在NDSS'25 的论文《Wallbleed(墙出血)》获得了 FOCI'25 最佳实践论文奖。🏆 这项工作是我们心血的结晶,论文发表的过程更是历经坎坷。我们在此由衷地感谢反审查社区对我们工作的认可与支持,也借此机会感谢所有陪伴我们一路走来的各位的支持。 论文中文版: https://t.co/Tn6eETQcuG
Tweet card summary image
gfw.report
我们发现了一个名为Wallbleed(墙出血)的缓冲区过度读取漏洞,该漏洞存在于中国防火长城(GFW)的DNS注入子系统中。Wallbleed导致某些影响全国范围的审查设备在处理特制的DNS请求时会泄露至多125字节的内存数据。这一漏洞为我们提供了一个难得的机会,以深入了解防火长城DNS注入的内部架构,以及审查者的操作行为
@gfw_report
gfw.report
8 months
我们在中国防火长城(GFW)DNS审查系统中发现了名为Wallbleed的漏洞。该漏洞允许任何人从世界任意地点读取GFW的内存。自2021年10月起的两年中,我们逆向工程了其DNS注入逻辑、评估了信息泄露的影响,并追踪了审查者的修补过程。Wallbleed让审查设备成为隐私噩梦。论文中文版: https://t.co/Tn6eETQcuG
2
17
142
@gfw_report
gfw.report
3 months
Our NDSS'25 "Wallbleed" paper has received the FOCI'25 Best Practical Paper Award. 🏆 This work was a true labor of love, and we are deeply grateful for the recognition from the Internet freedom community and support from everyone on this long journey. https://t.co/asnRX3Vv4m
@gfw_report
gfw.report
8 months
🚨We discovered Wallbleed, a vulnerability in the Great Firewall of China, allowing anyone leaks its memory. Since 2021, we reverse-engineered its logic, evaluated impact, and monitored patches. Wallbleed reveals censorship devices’ global privacy risks: https://t.co/asnRX3UXeO
0
2
16
@gfw_report
gfw.report
3 months
我们发表于 @USENIXSecurity’23 的论文《中国的防火长城是如何检测和封锁完全加密流量的》获得了 @PET_Symposium 2025 Caspar Bowden 隐私增强技术杰出研究奖亚军。我们由衷的感谢多年来我们的合作者以及中国网民们对我们的无私帮助与支持。我们会再接再厉的。 论文链接: https://t.co/s1NzZHMVs4
@gfw_report
gfw.report
2 years
我们联手研究人员和反审查社区的开发者,在 #USENIXSecurity23 会议上发表了新的论文。文章揭示并且成功绕过了中国防火长城GFW自2021年11月启用的新审查武器。该系统能够实时动态地封锁全加密流量,影响到诸如Shadowsocks,VMess,以及Obfs4等一大批主流翻墙软件。论文中文版: https://t.co/s1NzZHMVs4
4
28
205
@gfw_report
gfw.report
3 months
Our USENIX Security’23 paper, “How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic,” won the 2025 Caspar Bowden Award for Outstanding Research Runner-up at PETS'25! Thanks to @PET_Symposium and all our amazing co-authors. Our paper: https://t.co/IXp4fA9gpF
@gfw_report
gfw.report
2 years
Our joint work at #USENIXSecurity23 exposed & bypassed the Great Firewall of China's latest censorship weapon that can block fully encrypted traffic in real-time. This impacts popular tools with millions of users like #Shadowsocks, #VMess, and #Obfs4. https://t.co/IXp4fA9gpF
0
2
16
@gfw_report
gfw.report
5 months
@Timfurry233 还有其他许多志愿者的热心帮助下,“河南省防火墙”现在有了自己的维基百科条目!该条目目前只有中文版,如果您也想做贡献,我们非常欢迎您帮忙创建该条目的英文版。 https://t.co/rLM4Dy4DZv
@gfw_report
gfw.report
5 months
🚨 我们与多所大学合作发表在 S&P’25 的研究揭示了一个令人担忧的趋势:中国正在出现地区性网络审查。 在国家级防火长城(GFW)之内,河南省部署了自己的网络防火墙。尽管技术上不如GFW健壮,但其封��行为更加激进和不稳定——其封锁的网站数量一度是GFW的10倍。 👉中文版论文: https://t.co/JQkN2SeeHf
3
6
56
@gfw_report
gfw.report
5 months
Henan Firewall now has an official Wikipedia page! Huge thanks to @Timfurry233 and many other dedicated volunteers! It's currently only in Chinese, so if you'd like to contribute, we'd love your help creating an English edition. https://t.co/rLM4Dy4DZv
@gfw_report
gfw.report
5 months
🚨 Our S&P’25 paper reveals rising regional censorship in China. In addition to the national Great Firewall, Henan province runs its own firewall. Though less sophisticated, it’s more volatile and aggressive—once blocking 10× more domains than the GFW. 👉 https://t.co/i0soDRjud4
1
2
18