More Web Proxy on the site http://driver.im/

Article

Global measurement of DNS manipulation

Authors:

Vern PaxsonAuthors Info & Claims

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

Pages 307 - 323

Published: 16 August 2017 Publication History

Abstract

Despite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Understanding the scope, scale, and evolution of Internet censorship requires global measurements, performed at regular intervals. Unfortunately, the state of the art relies on techniques that, by and large, require users to directly participate in gathering these measurements, drastically limiting their coverage and inhibiting regular data collection. To facilitate large-scale measurements that can fill this gap in understanding, we develop Iris, a scalable, accurate, and ethical method to measure global manipulation of DNS resolutions. Iris reveals widespread DNS manipulation of many domain names; our findings both confirm anecdotal or limited results from previous work and reveal new patterns in DNS manipulation.

References

[1]

G. Aceto, A. Botta, A. Pescapè, N. Feamster, M. F. Awan, T. Ahmad, and S. Qaisar. Monitoring Internet Censorship with UBICA. In International Workshop on Traffic Monitoring and Analysis (TMA), 2015.

[2]

Alexa Top Sites. http://www.alexa.com/topsites.

[3]

C. Anderson, P. Winter, and Roya. Global Network Interference Detection Over the RIPE Atlas Network. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2014.

[4]

Anonymous. The Collateral Damage of Internet Censorship by DNS Injection. SIGCOMM Computer Communication Review, 42(3):21-27, June 2012.

[5]

Anonymous. Towards a Comprehensive Picture of the Great Firewall's DNS Censorship. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2014.

[6]

M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster. Building a Dynamic Reputation System for DNS. In USENIX Security Symposium, 2010.

[7]

S. Aryan, H. Aryan, and J. A. Halderman. Internet Censorship in Iran: A First Look. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2013.

[8]

M. Bailey and C. Labovitz. Censorship and Cooption of the Internet Infrastructure. Technical Report CSE-TR-572-11, University of Michigan, Ann Arbor, MI, USA, July 2011.

[9]

BBC. BBC's Website is being Blocked across China. http://www.bbc.com/news/world-asia-china-29628356, October 2014.

[10]

The Belmont Report - Ethical Principles and Guidelines for the Protection of Human Subjects of Research. http://ohsr.od.nih.gov/guidelines/belmont.html.

[11]

S. Bortzmeyer. Hijacking through routing in turkey. https://ripe68.ripe.net/presentations/158-bortzmeyer-google-dns-turkey.pdf.

[12]

A. Chaabane, T. Chen, M. Cunche, E. D. Cristofaro, A. Friedman, and M. A. Kaafar. Censorship in the Wild: Analyzing Internet Filtering in Syria. In ACM Internet Measurement Conference (IMC), 2014.

[13]

Cisco OpenDNS. https://www.opendns.com/.

[14]

Citizen Lab. Block Test List. https://github.com/citizenlab/test-lists.

[15]

Citizen Lab. https://citizenlab.org.

[16]

C. Contavalli, W. van der Gaast, D. C. Lawrence, and W. Kumari. Client Subnet in DNS Queries. RFC 7871.

[17]

M. Cotton, L. Vegoda, R. Bonica, and B. Haberman. Special-Purpose IP Address Registries. RFC 6890.

[18]

D. Dagon, N. Provos, C. P. Lee, and W. Lee. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority. In Network & Distributed System Security Symposium (NDSS), 2008.

[19]

J. Dalek, B. Haselton, H. Noman, A. Senft, M. Crete-Nishihata, P. Gill, and R. J. Deibert. A Method for Identifying and Confirming the Use of URL Filtering Products for Censorship. In ACM Internet Measurement Conference (IMC), 2013.

[20]

D. Dittrich and E. Kenneally. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. Technical report, U.S. Department of Homeland Security, Aug 2012.

[21]

Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman. A Search Engine Backed by Internet-Wide Scanning. In ACM Conference on Computer and Communications Security (CCS), 2015.

[22]

Z. Durumeric, E. Wustrow, and J. A. Halderman. ZMap: Fast Internet-Wide Scanning and its Security Applications. In USENIX Security Symposium, 2013.

[23]

R. Ensafi, J. Knockel, G. Alexander, and J. R. Crandall. Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels. In Passive and Active Measurements Conference (PAM), 2014.

[24]

R. Ensafi, P. Winter, A. Mueen, and J. R. Crandall. Analyzing the Great Firewall of China Over Space and Time. Privacy Enhancing Technologies Symposium (PETS), 1(1), 2015.

[25]

O. Farnan, A. Darer, and J. Wright. Poisoning the Well - Exploring the Great Firewall's Poisoned DNS Responses. In ACM Workshop on Privacy in the Electronic Society (WPES), 2016.

[26]

A. Filastò and J. Appelbaum. OONI: Open Observatory of Network Interference. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2012.

[27]

The Go Programming Language. https://golang.org/.

[28]

Google Public DNS. https://developers.google.com/speed/public-dns/.

[29]

F. House. Freedom on the Net. 2016.

[30]

ICLab. ICLab: a Censorship Measurement Platform. https://iclab.org/.

[31]

J. Jiang, J. Liang, K. Li, J. Li, H. Duan, and J. Wu. Ghost Domain Name: Revoked yet Still Resolvable. In Network & Distributed System Security Symposium (NDSS), 2012.

[32]

B. Jones, N. Feamster, V. Paxson, N. Weaver, and M. Allman. Detecting DNS Root Manipulation. In Passive and Active Measurement (PAM), 2016.

[33]

B. Jones, T.-W. Lee, N. Feamster, and P. Gill. Automated Detection and Fingerprinting of Censorship Block Pages. In ACM Internet Measurement Conference (IMC), 2014.

[34]

M. Kührer, T. Hupperich, J. Bushart, C. Rossow, and T. Holz. Going Wild: Large-Scale Classification of Open DNS Resolvers. In ACM Internet Measurement Conference (IMC), 2015.

[35]

M. Kührer, T. Hupperich, C. Rossow, and T. Holz. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks. In USENIX Security Symposium, 2014.

[36]

G. Lowe, P. Winters, and M. L. Marcus. The Great DNS Wall of China. Technical report, New York University, 2007.

[37]

MaxMind. https://www.maxmind.com/.

[38]

Z. Nabi. The Anatomy of Web Censorship in Pakistan. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2013.

[39]

OpenNet Initiative. https://opennet.net/.

[40]

Open Resolver Project. http://openresolverproject.org/.

[41]

J. C. Park and J. R. Crandall. Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China. In IEEE International Conference on Distributed Computing Systems (ICDCS), 2010.

[42]

P. Pearce, R. Ensafi, F. Li, N. Feamster, and V. Paxson. Augur: Internet-Wide Detection of Connectivity Disruptions. In IEEE Symposium on Security and Privacy (S&P), 2017.

[43]

A. Razaghpanah, A. Li, A. Filastò, R. Nithyanand, V. Ververis,W. Scott, and P. Gill. Exploring the Design Space of Longitudinal Censorship Measurement Platforms. Technical Report 1606.01979, ArXiv CoRR, 2016.

[44]

M. Salganik. Bit by Bit: Social Research for the Digital Age, 2016. http://www.bitbybitbook.com/.

[45]

Sam Burnett and Nick Feamster. Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests. In ACM SIGCOMM, 2015.

[46]

K. Schomp, T. Callahan, M. Rabinovich, and M. Allman. On Measuring the Client-Side DNS Infrastructure. In ACM Internet Measurement Conference (IMC), 2013.

[47]

W. Scott, T. Anderson, T. Kohno, and A. Krishnamurthy. Satellite: Joint Analysis of CDNs and Network-Level Interference. In USENIX Annual Technical Conference (ATC), 2016.

[48]

A. Sfakianakis, E. Athanasopoulos, and S. Ioannidis. CensMon: A Web Censorship Monitor. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011.

[49]

The Tor Project. OONI: Open observatory of network interference. https://ooni.torproject.org/.

[50]

The Tor Project. https://www.torproject.org/.

[51]

G. Tuysuz and I. Watson. Turkey Blocks YouTube Days after Twitter Crackdown. http://www.cnn.com/2014/03/27/world/europe/turkey-youtube-blocked/, Mar. 2014.

[52]

N. Weaver, C. Kreibich, and V. Paxson. Redirecting DNS for Ads and Profit. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2011.

[53]

P. Winter. The Philippines are blocking Tor? Tor Trac ticket, June 2012. https://bugs.torproject.org/6258.

[54]

P. Winter and S. Lindskog. How the Great Firewall of China is Blocking Tor. In USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2012.

[55]

X. Xu, Z. M. Mao, and J. A. Halderman. Internet Censorship in China: Where Does the Filtering Occur? In Passive and Active Measurement Conference (PAM), 2011.

Cited By

Lee JMohaisen DKang M(2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
https://dl.acm.org/doi/10.1145/3696385
Bischof ZPitcher KCarisimo EMeng ABezerra Nunes RPadmanabhan RRoberts MSnoeren ADainotti ASchulzrinne HKohler EMaltz DMisra V(2023)Destination Unreachable: Characterizing Internet Outages and ShutdownsProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604883(608-621)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604883
Izhikevich LAkiwate GBerger BDrakontaidis SAscheman APearce PAdrian DDurumeric ZBarakat CPelsser CBenson TChoffnes D(2022)ZDNSProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561434(33-43)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561434
Show More Cited By

Global measurement of DNS manipulation
1. Networks
  1. Network services

Recommendations

Comparing DNS resolvers in the wild
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

The Domain Name System (DNS) is a fundamental building block of the Internet. Today, the performance of more and more applications depend not only on the responsiveness of DNS, but also the exact answer returned by the queried DNS resolver, e.g., for ...
Securing DNS: Extending DNS Servers with a DNSSEC Validator

DNS Security Extensions (DNSSEC) is a proposed standard for securely authenticating information in the Domain Name System. DNSSEC validators check the digital signatures on DNS data. However, designing a validator worth the operational costs is a ...
DNS Security: Defending the Domain Name System

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

August 2017

1479 pages

ISBN:9781931971409

Editors:
Engin Kirda
Northeastern University
,
Thomas Ristenpart
Cornell Tech

Sponsors

Google Inc.
IBMR: IBM Research
NSF
Facebook: Facebook
CISCO

Publisher

USENIX Association

United States

Publication History

Published: 16 August 2017

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lee JMohaisen DKang M(2024)Measuring DNS-over-HTTPS Downgrades: Prevalence, Techniques, and Bypass StrategiesProceedings of the ACM on Networking10.1145/36963852:CoNEXT4(1-22)Online publication date: 25-Nov-2024
https://dl.acm.org/doi/10.1145/3696385
Bischof ZPitcher KCarisimo EMeng ABezerra Nunes RPadmanabhan RRoberts MSnoeren ADainotti ASchulzrinne HKohler EMaltz DMisra V(2023)Destination Unreachable: Characterizing Internet Outages and ShutdownsProceedings of the ACM SIGCOMM 2023 Conference10.1145/3603269.3604883(608-621)Online publication date: 10-Sep-2023
https://dl.acm.org/doi/10.1145/3603269.3604883
Izhikevich LAkiwate GBerger BDrakontaidis SAscheman APearce PAdrian DDurumeric ZBarakat CPelsser CBenson TChoffnes D(2022)ZDNSProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561434(33-43)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561434
Sundara Raman RShenoy PKohls KEnsafi RLigatti JOu XKatz JVigna G(2020)Censored Planet: An Internet-wide, Longitudinal Censorship ObservatoryProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417883(49-66)Online publication date: 30-Oct-2020
https://dl.acm.org/doi/10.1145/3372297.3417883
VanderSloot BMcDonald AScott WHalderman JEnsafi REnck WFelt A(2018)QuackProceedings of the 27th USENIX Conference on Security Symposium10.5555/3277203.3277218(187-202)Online publication date: 15-Aug-2018
https://dl.acm.org/doi/10.5555/3277203.3277218
Scheitle QHohlfeld OGamba JJelten JZimmermann TStrowes SVallina-Rodriguez N(2018)A Long Way to the TopProceedings of the Internet Measurement Conference 201810.1145/3278532.3278574(478-493)Online publication date: 31-Oct-2018
https://dl.acm.org/doi/10.1145/3278532.3278574
Yadav TSinha AGosain DSharma PChakravarty S(2018)Where The Light Gets InProceedings of the Internet Measurement Conference 201810.1145/3278532.3278555(252-264)Online publication date: 31-Oct-2018
https://dl.acm.org/doi/10.1145/3278532.3278555
Nisar AKashaf AQazi IUzmi ZGorinsky STapolcai J(2018)Incentivizing censorship measurements via circumventionProceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication10.1145/3230543.3230568(533-546)Online publication date: 7-Aug-2018
https://dl.acm.org/doi/10.1145/3230543.3230568

View Options

View options

Media

Figures

Other

Tables

View Table of Contents