Open wkrp opened 1 month ago
What is the purpose of injecting real Indian IPs instead of reserved IP like 0.0.0.0 ? It doesn't seem these IPs would return a block page, port 80 and 443 all closed.
@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.
@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.
I think it's "Great Cannon" https://en.wikipedia.org/wiki/Great_Cannon in China
The CensorWatch paper measured DNS censorship, in part, by checking DNS responses from ISP resolvers against known-bad IP addresses. §4.3.1:
I wrote the authors to ask about the list of bad IP addresses, and they pointed me to confirm_DNS_blocks.R in the censorwatch repository, which has this list: