ABSTRACT
One of the primary filtering methods that the Great Firewall of China (GFW) relies on is poisoning DNS responses for certain domains. When a DNS request is poisoned by the GFW, multiple DNS responses are received - both legitimate and poisoned responses. While most prior research into the GFW focuses on the poisoned responses, ours also considers the legitimate responses from the DNS servers themselves. We find that even when we ignored the immediate poisoned responses, the cache from the DNS servers themselves are also poisoned. We also find and discuss the IP addresses within the DNS responses we get; in particular 9 IP addresses that are returned as a result for many different poisoned domains. We present the argument that this type of attack may not be primarily targeted directly at users, but at the underlying DNS infrastructure within China.
- Farsight Security - DNS Database. https://www.dnsdb.info/. Accessed: 2015-08--28.Google Scholar
- Alexa - Actionable Analytics for the Web. http://www.alexa.com/, 2016.Google Scholar
- Anonymous. The collateral damage of internet censorship by DNS injection. ACM SIGCOMM CCR 42, 3 (2012). Google ScholarDigital Library
- Anonymous. Towards a Comprehensive Picture of the Great Firewall's DNS Censorship. In 4th USENIX Workshop on Free and Open Communications on the Internet (FOCI 14) (San Diego, CA, Aug. 2014), USENIX Association.Google Scholar
- Brown, M. A., Madory, D., Popescu, A., and Zmijewski, E. Dns tampering and root servers. Presentation, Renesys Corporation (2010).Google Scholar
- Clayton, R., Murdoch, S. J., and Watson, R. N. Ignoring the great firewall of China. In Privacy Enhancing Technologies (2006), Springer, pp. 20--35. Google ScholarDigital Library
- Crandall, J. R., Zinn, D., Byrd, M., Barr, E. T., and East, R. ConceptDoppler: a weather tracker for internet censorship. In ACM Conference on Computer and Communications Security (2007), pp. 352--365. Google ScholarDigital Library
- Ereche., M. V. Odd Behaviour on One Node in I root-server, 2010. https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005260.html.Google Scholar
- GFW Technology Review. http://gfwrev.blogspot.com/, 2010.Google Scholar
- Online Censorship In China -- GreatFire.org. https://en.greatfire.org/, 2016.Google Scholar
- King, G., Pan, J., and Roberts, M. E. How censorship in China allows government criticism but silences collective expression. American Political Science Review 107, 02 (2013), 326--343.Google ScholarCross Ref
- Lowe, G., Winters, P., and Marcus, M. L. The great DNS wall of China. MS, New York University. Accessed December 21 (2007).Google Scholar
- MaxMind: IP Geolocation and Online Fraud Prevention. https://www.maxmind.com/, 2016.Google Scholar
- Public DNS Server List. http://public-dns.info/, 2016.Google Scholar
- View DNS Info. http://http://viewdns.info/, 2016.Google Scholar
- Weimer, F. Passive dns replication. In FIRST conference on computer security incident (2005), p. 98.Google Scholar
- Wright, J. Regional variation in Chinese internet filtering. Information, Communication & Society 17, 1 (2014), 121--141.Google ScholarCross Ref
- Xu, X., Mao, Z. M., and Halderman, J. A. Internet censorship in China: Where does the filtering occur? In Passive and Active Measurement (2011), Springer, pp. 133--142. Google ScholarDigital Library
- Zmijewski, E. Accidentally importing censorship. Renesys Blog, March 30 (2010).Google Scholar
Index Terms
- Poisoning the Well: Exploring the Great Firewall's Poisoned DNS Responses
Recommendations
Circumventing security toolbars and phishing filters via rogue wireless access points
One of the solutions that has been widely used by naive users to protect against phishing attacks is security toolbars or phishing filters in web browsers. The present study proposes a new attack to bypass security toolbars and phishing filters via ...
Increased DNS forgery resistance through 0x20-bit encoding: security via leet queries
CCS '08: Proceedings of the 15th ACM conference on Computer and communications securityWe describe a novel, practical and simple technique to make DNS queries more resistant to poisoning attacks: mix the upper and lower case spelling of the domain name in the query. Fortuitously, almost all DNS authority servers preserve the mixed case ...
Collaborative Client-Side DNS Cache Poisoning Attack
IEEE INFOCOM 2019 - IEEE Conference on Computer CommunicationsDNS poisoning attacks inject malicious entries into the DNS resolution system, allowing an attacker to redirect clients to malicious servers. These attacks typically target a DNS resolver allowing attackers to poison a DNS entry for all machines that use ...
Comments