Global Measurement of DNS Manipulation

Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Unfortunately, the state of the art relies on techniques that, by and large, require users to directly participate in gathering these measurements, drastically limiting their coverage and inhibiting regular data collection. To facilitate large-scale measurements that can fill this gap in understanding, we develop Iris, a scalable, accurate, and ethical method to measure global manipulation of DNS resolutions. Iris reveals widespread DNS manipulation of many domain names; our findings both confirm anecdotal or limited results from previous work and reveal new patterns in DNS manipulation.

[1]  G. Lowe,et al.  The Great DNS Wall of China , 2007 .

[2]  Niels Provos,et al.  Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority , 2008, NDSS.

[3]  Jedidiah R. Crandall,et al.  Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[4]  Nick Feamster,et al.  Building a Dynamic Reputation System for DNS , 2010, USENIX Security Symposium.

[5]  Sotiris Ioannidis,et al.  CensMon: A Web Censorship Monitor , 2011, FOCI.

[6]  Vern Paxson,et al.  Redirecting DNS for Ads and Profit , 2011, FOCI.

[7]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[8]  Jacob Appelbaum,et al.  OONI: Open Observatory of Network Interference , 2012, FOCI.

[9]  Jun Li,et al.  Ghost Domain Names: Revoked Yet Still Resolvable , 2012, NDSS.

[10]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[11]  D. Dittrich,et al.  The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research , 2012 .

[12]  J. Alex Halderman,et al.  Internet Censorship in Iran: A First Look , 2013, FOCI.

[13]  Zubair Nabi The Anatomy of Web Censorship in Pakistan , 2013, FOCI.

[14]  Mark Allman,et al.  On measuring the client-side DNS infrastructure , 2013, Internet Measurement Conference.

[15]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[16]  Adam Senft,et al.  A method for identifying and confirming the use of URL filtering products for censorship , 2013, Internet Measurement Conference.

[17]  Christian Rossow,et al.  Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[18]  Philipp Winter,et al.  Global Network Interference Detection Over the RIPE Atlas Network , 2014, FOCI.

[19]  Nick Feamster,et al.  Automated Detection and Fingerprinting of Censorship Block Pages , 2014, Internet Measurement Conference.

[20]  Emiliano De Cristofaro,et al.  Censorship in the Wild: Analyzing Internet Filtering in Syria , 2014, Internet Measurement Conference.

[21]  Jeffrey Knockel,et al.  Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels , 2014, PAM.

[22]  Nick Feamster,et al.  Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests , 2015, Comput. Commun. Rev..

[23]  Nick Feamster,et al.  Monitoring Internet Censorship with UBICA , 2015, TMA.

[24]  Christian Rossow,et al.  Going Wild: Large-Scale Classification of Open DNS Resolvers , 2015, Internet Measurement Conference.

[25]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[26]  Philipp Winter,et al.  Analyzing the Great Firewall of China Over Space and Time , 2015, Proc. Priv. Enhancing Technol..

[27]  Nick Feamster,et al.  Detecting DNS Root Manipulation , 2016, PAM.

[28]  Will Scott,et al.  Exploring the Design Space of Longitudinal Censorship Measurement Platforms , 2016, ArXiv.

[29]  Joss Wright,et al.  Poisoning the Well: Exploring the Great Firewall's Poisoned DNS Responses , 2016, WPES@CCS.

[30]  Tadayoshi Kohno,et al.  Satellite: Joint Analysis of CDNs and Network-Level Interference , 2016, USENIX Annual Technical Conference.

[31]  Nick Feamster,et al.  Augur: Internet-Wide Detection of Connectivity Disruptions , 2017, 2017 IEEE Symposium on Security and Privacy (SP).