We all know that the chinese network intercepts DNS requests and returns fake answers <http://cs.nyu.edu/~pcw216/work/nds/final.pdf> <http://research.dyn.com/2010/03/fouling-the-global-nest/> <https://lists.dns-oarc.net/pipermail/dns-operations/2010-March/005340.html> <http://arstechnica.com/tech-policy/2010/03/china-censorship-leaks-outside-great-firewall-via-root-server/>. Until recently, the addresses returned were non existing or even non routable (class E addresses...) so there was little harm outside of China even if, in a few cases, censorship leaked outside.
Now, it seems there is a change since many sites report being hit by HTTP traffic coming from China and carrying Host: for censored sites like www.facebook.com, turning every chinese citizen who wants to see Facebook (sometimes indirectly, e.g. through a Like button) into an involuntary accomplice of the dDoS attack. Seen from the victim: http://furbo.org/2015/01/22/fear-china/ https://benjamin.sonntag.fr/DDOS-on-La-Quadrature-du-Net-analysis http://blog.sucuri.net/2015/01/ddos-from-china-facebook-wordpress-and-twitter-users-receiving-sucuri-error-pages.html Seen from China: https://en.greatfire.org/blog/2015/jan/gfw-upgrade-fail-visitors-blocked-sites-redirected-porn PassiveDNS.cn (search by rdata) confirms that the IP address of the small Web site appeared in the right-hand side of facebook.com, youtube.com, and many others. A lot of HTTP traffic, 99 % coming from China, was the result, with URL paths clearly intended for Facebook. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
