The great firewall of China mysteriously separates with the world for an hour

For about an hour on Wednesday, China seemed to become dark – or at least internet access across the country. According to an analysis published by The Great Firewall Report, a group that monitors censorship efforts on the Internet in China, something happened at the short hours of Wednesday morning which made it possible to block almost all traffic to the TCP 443 port, the standard port for https traffic.

Between the hours of 12:34 and 1:48 in Beijing, someone was observed “unconditionally injecting TCP RST + ACK packets to disrupt all connections to the TCP 443 port”, according to the firewall report. “This incident caused a massive disruption of internet links between China and the rest of the world.” Consequently, Chinese citizens could not access most of the sites organized outside of China, and the services operating in China but communicate with external servers were cut during the breakdown.

In the past, the large Chinese firewall has blocked HTTPS communication, which uses encryption to securely transfer information between the user of a user and the web server to access, generally as a means of preventing this traffic from being directed to more secure protocols that would limit the amount of information that can be collected. But according to the GFW report, this body was strange because it exclusively affected port 443. As a rule, according to the report, other common ports like 22, 80 and 8443 would also be blocked, as in 2020 when the large firewall blocked the HTTPS protocols through each port, from 1 to 65535.

So why the most limited restriction which is not really limited because it struck the most common port? It’s hard to say. As the GFW report pointed out, the large firewall does not work with a singular central censur. Instead, a number of entities have the possibility of blocking access. What adds even more intrigue in this situation, however, is the fact that the device identified as blocking traffic “does not correspond to the fingerprints of known GFW devices”, according to the analysis, “suggesting that the incident was caused by a new GFW device or a known device operating in a new or poorly configured state.”

Although China occasionally limits internet access during events that the government prefers not to manage, it does not seem that such an occurrence occurs at the time of this failure. So maybe one of the censors wanted to test the ability in case they need to deploy it in the future. Or maybe someone simply put their tequila bottle on the deletion key.