Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some IP addresses used for DNS censorship in India #361

Open
wkrp opened this issue May 6, 2024 · 3 comments
Open

Some IP addresses used for DNS censorship in India #361

wkrp opened this issue May 6, 2024 · 3 comments
Labels
India

Comments

@wkrp
Copy link
Member

wkrp commented May 6, 2024

The CensorWatch paper measured DNS censorship, in part, by checking DNS responses from ISP resolvers against known-bad IP addresses. §4.3.1:

To rule out these false positives, we compiled the most common IP address received in response to the DNS queries. This heuristic helps to identify the IP addresses which censorious DNS servers give to users. This approach is similar to Singh, et al [22], and we mark all measurements that encountered that IP address as symptomatic of censorship. We were able to confirm 89% of the suspected blocks in this way.

I wrote the authors to ask about the list of bad IP addresses, and they pointed me to confirm_DNS_blocks.R in the censorwatch repository, which has this list:

203.109.71.154
123.176.40.68
106.51.113.17
123.176.40.69
49.207.46.38
123.176.40.67
49.207.46.62
202.83.21.15
49.205.75.6
202.83.24.75
202.83.21.14
218.248.112.60
@wkrp wkrp added the India label May 6, 2024
@UjuiUjuMandan
Copy link

UjuiUjuMandan commented May 6, 2024
edited

What is the purpose of injecting real Indian IPs instead of reserved IP like 0.0.0.0 ?
It doesn't seem these IPs would return a block page, port 80 and 443 all closed.

@mmmray
Copy link

mmmray commented May 6, 2024

@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.

@0x391F
Copy link

0x391F commented May 7, 2024

@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.

I think it's "Great Cannon" https://en.wikipedia.org/wiki/Great_Cannon in China

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
India
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wkrp @0x391F @UjuiUjuMandan @mmmray