You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CensorWatch paper measured DNS censorship, in part, by checking DNS responses from ISP resolvers against known-bad IP addresses. §4.3.1:
To rule out these false positives, we compiled the most common IP address received in response to the DNS queries. This heuristic helps to identify the IP addresses which censorious DNS servers give to users. This approach is similar to Singh, et al [22], and we mark all measurements that encountered that IP address as symptomatic of censorship. We were able to confirm 89% of the suspected blocks in this way.
I wrote the authors to ask about the list of bad IP addresses, and they pointed me to confirm_DNS_blocks.R in the censorwatch repository, which has this list:
What is the purpose of injecting real Indian IPs instead of reserved IP like 0.0.0.0 ?
It doesn't seem these IPs would return a block page, port 80 and 443 all closed.
@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.
@UjuiUjuMandan I cannot find the research paper right now, but i remember one that studied DNS poisoning done by the chinese GFW, and found that it also returns valid IPs (even foreign ones) while blocking. The authors speculated that it is done to make research of DNS poisoning harder, because in practice putting random IPs into the response achieves the same blocking effect. I can't remember if there was solid evidence of that being the underlying motivation though.
The CensorWatch paper measured DNS censorship, in part, by checking DNS responses from ISP resolvers against known-bad IP addresses. §4.3.1:
I wrote the authors to ask about the list of bad IP addresses, and they pointed me to confirm_DNS_blocks.R in the censorwatch repository, which has this list:
The text was updated successfully, but these errors were encountered: