2022-bhaskar-many
findings extracted from this paper
-
Chinese DNS censorship operates symmetrically — injecting forged responses for both inbound and outbound DNS packets regardless of whether any real service exists at the destination IP. This means any DNS response received for a probe sent to a closed-port IP inside China is unambiguously a censorship injection, not a legitimate resolver reply.
-
In a 75-domain, 492-destination experiment, domains that showed small-scale routing-induced censorship changes — where some (source IP, source port) combinations bypassed censorship while others did not — were exclusively domains first censored within the last 2 years, indicating inconsistent GFW censorship-node configuration during rollout.
-
Routing-induced censorship variation is persistent across time: packet retries do not resolve observed differences, and manual re-measurement days later yielded identical censorship outcomes for the same (source IP, source port, destination IP) tuples across 12 iterative experiment rounds, ruling out transient packet loss or short-term routing fluctuations.
-
The lowest 3 bits of the source IP nearly double the number of destinations experiencing censorship measurement changes, consistent with routers XOR-ing low-order bits of source and destination IPs for load-balancing decisions. Varying source IPs produced a mean of 89 routing nodes and 134 distinct paths, versus 55 nodes and 110 paths when varying only source ports.
-
Across 10,000 destination IPs in China, 37% showed some change in censorship behavior depending on source IP and source port, spanning 56% of measured ASes. The dominant form of variation (95% of cases) was all-or-nothing: a given (source IP, source port) pair either experienced no censorship or 'expected' censorship, with no intermediate states.