Lesson 10 (Internet Surveillance & Censorship)

Question 1

What is DNS Censorship?

Answer 1

• DNS censorship is a large scale network traffic filtering strategy opted by a network to enforce control and censorship over Internet infrastructure to suppress material which they deem as objectionable.
• Ex: Great Firewall of China (GFW)
• > The GFW works on injecting fake DNS record responses so that access to a domain name is blocked.

Question 2

How does DNS injection work?

Answer 2

The steps involved in DNS injections are:

1) DNS probe is sent to the open DNS resolvers
2) The probe is checked against the blacklist of domains and keywords
3) For domain level blocking, a fake DNS A record response is sent back. There are two levels of blocking domains: 1) directly blocking the domain 2) blocking based on keywords present in the domain

Question 3

What are five DNS censorship techniques?

Answer 3

Technique 1: Packet Dropping
-All network traffic going to a set of specific IP addresses are discarded.

Technique 2: DNS Poisoning
-When a DNS receives a query for resolving hostname to IP Address - There is no answer returned or an incorrect answer is sent to redirect or mislead the user request.

Technique 3: Proxy-based Content Inspection
-Allows for all network traffic to pass through a proxy where the traffic is examined for content, and the proxy rejects requests that server objectionable content.

Technique 4: Blocking with Resets
-Sends a TCP reset (RST) to block individual connections that contain requests with objectionable content.

Technique 5: Immediate Reset of Connections
-Censorship systems like GFW have blocking rules in addition to inspecting content, to suspend traffic coming from a source immediately, for a short period of time.

Question 4

Why is DNS Manipulation Difficult to Measure?

Answer 4

1) Diverse Measurements
2) Need for Scale: Rely on volunteers today which doesn’t scale.
3) Identifying the intent to restrict content access
4) Ethics and Minimizing Risks

Question 5

What is an example of a Censorship Detection System?

Answer 5

Augur is a new system created to perform longitudinal global measurements using TCP/IP side channels.
-> Focuses on identifying IP-based disruptions vs DNS-based manipulations

Question 6

What is an example of a system that identifies DNS Manipulation?

Answer 6

-We will explore a method to identify DNS manipulation via machine learning with a system called Iris.

The two main steps associated with this process:

1) Scanning the Internet’s IPv4 space for open DNS resolvers
2) Identifying Infrastructure DNS Resolvers

Question 7

What is the highest level of Internet censorship?

Answer 7

• Completely block access to the Internet.
• Software can be used for:
  1) Routing Disruption
  2) Packt Filtering

Question 8

How does Augur detect connectivity disruptions?

Answer 8

• Augur uses a measurement machine to detect filtering between hosts, a reflector and a site.
• A reflector is a host which maintains a global IP ID.
• A site is a host that may be potentially blocked.
• To identify if filtering exists, a 3rd machine called the measurement machine is used.