Towards a Comprehensive Picture of the Great Firewall's DNS Censorship
ثبت نشده
چکیده
China’s Great Firewall passively inspects network traffic and disrupts unwanted communication by injecting forged DNS replies or TCP resets. We attempted to comprehensively examine the structure of the DNS injector, using queries from both within and outside China. Using these probes, we were able to localize the DNS monitors’ locations, extract the firewall’s DNS blacklist of approximately 15,000 keywords, and estimate the cluster structure and active response rate by utilizing an information leakage in the Great Firewall’s design.
منابع مشابه
The Great DNS Wall of China
Internet freedom advocacy sites [1] have studied and documented these censorship practices, enumerating the techniques employed by the censoring bodies. For example, censors block the IP addresses of controversial websites, inspect TCP packet exchanges for keywords and tamper with DNS records. These advocacy sites have already catalogued the types of sites that are censored and the means by whi...
متن کاملMonitoring Internet Censorship with UBICA
Censorship is becoming increasingly pervasive on the Internet, with the Open Net Initiative reporting nearly 50 countries practicing some form of censorship. Previous work has reported the existence of many forms of Internet censorship (e.g., DNS tampering, packet filtering, connection reset, content filtering), each of which may be composed to build a more comprehensive censorship system. Auto...
متن کاملDNS-sly: Avoiding Censorship through Network Complexity
We design DNS-sly, a counter-censorship system which enables a covert channel between a DNS client and server. To achieve covertness and deniability in the upstream direction, DNS-sly applies user personalization, adapting to individual behaviors. In the downstream direction, it utilizes CDN-related DNS responses to embed data, while retaining statistical covertness. We show DNS-sly achieves do...
متن کاملGlobal Measurement of DNS Manipulation
Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Unfortunately, the state of the art relies on techniques that, by and large, require user...
متن کاملDetecting DNS Censorship without an internal vantage point
One challenge in detecting online censorship is the need for vantage points within the censoring domains. We focus on the specific subproblem of DNS blacklisting, where servers in a particular administrative domain are instructed not to resolve requests for specific sites. We find that for this problem internal vantage points are not needed, since public DNS servers in a given domain can be dir...
متن کامل