Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses
One of the primary fltering methods that the Great Firewall of China (GFW) relies on is poisoning DNS responses for certain domains. When a DNS request is poisoned by the GFW, multiple DNS responses are received - both legitimate and poisoned responses. While most prior research into the GFW focuses...
| Main Authors: | , , |
|---|---|
| Format: | Conference item |
| Published: |
Association for Computing Machinery
2016
|
| _version_ | 1826266450442059776 |
|---|---|
| author | Farnan, O Darer, A Wright, J |
| author_facet | Farnan, O Darer, A Wright, J |
| author_sort | Farnan, O |
| collection | OXFORD |
| description | One of the primary fltering methods that the Great Firewall of China (GFW) relies on is poisoning DNS responses for certain domains. When a DNS request is poisoned by the GFW, multiple DNS responses are received - both legitimate and poisoned responses. While most prior research into the GFW focuses on the poisoned responses, ours also considers the legitimate responses from the DNS servers themselves. We fnd that even when we ignored the immediate poisoned responses, the cache from the DNS servers themselves are also poisoned.We also fnd and discuss the IP addresses within the DNS responses we get; in particular 9 IP addresses that are returned as a result for many diferent poisoned domains. We present the argument that this type of attack may not be primarily targeted directly at users, but at the underlying DNS infrastructure within China. |
| first_indexed | 2024-03-06T20:39:08Z |
| format | Conference item |
| id | oxford-uuid:33adc5ff-53d6-4f31-9596-c809de2417de |
| institution | University of Oxford |
| last_indexed | 2024-03-06T20:39:08Z |
| publishDate | 2016 |
| publisher | Association for Computing Machinery |
| record_format | dspace |
| spelling | oxford-uuid:33adc5ff-53d6-4f31-9596-c809de2417de2022-03-26T13:21:30ZPoisoning the Well – Exploring the Great Firewall’s Poisoned DNS ResponsesConference itemhttp://purl.org/coar/resource_type/c_5794uuid:33adc5ff-53d6-4f31-9596-c809de2417deSymplectic Elements at OxfordAssociation for Computing Machinery2016Farnan, ODarer, AWright, JOne of the primary fltering methods that the Great Firewall of China (GFW) relies on is poisoning DNS responses for certain domains. When a DNS request is poisoned by the GFW, multiple DNS responses are received - both legitimate and poisoned responses. While most prior research into the GFW focuses on the poisoned responses, ours also considers the legitimate responses from the DNS servers themselves. We fnd that even when we ignored the immediate poisoned responses, the cache from the DNS servers themselves are also poisoned.We also fnd and discuss the IP addresses within the DNS responses we get; in particular 9 IP addresses that are returned as a result for many diferent poisoned domains. We present the argument that this type of attack may not be primarily targeted directly at users, but at the underlying DNS infrastructure within China. |
| spellingShingle | Farnan, O Darer, A Wright, J Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title | Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title_full | Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title_fullStr | Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title_full_unstemmed | Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title_short | Poisoning the Well – Exploring the Great Firewall’s Poisoned DNS Responses |
| title_sort | poisoning the well exploring the great firewall s poisoned dns responses |
| work_keys_str_mv | AT farnano poisoningthewellexploringthegreatfirewallspoisoneddnsresponses AT darera poisoningthewellexploringthegreatfirewallspoisoneddnsresponses AT wrightj poisoningthewellexploringthegreatfirewallspoisoneddnsresponses |