0
Here is a great paper on
China's Great Cannon, which was used to DDoS GitHub. One question is how
scalable such a system can be, or how much resources it would take for China to intercept connections and replace content.
The first question is how much bandwidth China needs to monitor. According to the
this website, in early 2015 that's 1.9-terabits/second (1,899,792-mbps).
The second question is how much hardware China needs to buy in order to intercept network traffic, reassemble TCP streams, and insert responses. The answer is about one $1000 desktop computer. In other words, China can deploy the Great Cannon using $200,000 worth of hardware.
This answer is a little controversial. Most people think that a mere desktop computer could not handle 10-gbps of throughput, much less do anything complicated with it like reassembling TCP streams. However, they are wrong. Intel has put an enormous amount of functionality into their hardware to solve precisely this problem. Unfortunately, modern software like Linux or Windows is a decade behind hardware advances, and cannot take advantage of this.
The first step is to bypass the operating system. This sounds a bit odd, but it's not hard to do.
Continue reading