Monday

Censorship by DNS - More Internet Censorship tricks

It's not the most technically advanced route to internet censorship but it is surprisingly well used by many ISPs and countries. DNS censorship is actually very easy to do, in fact it's so simple you can do it on your own PC, as I'll demonstrate in this article.

But first a little background, DNS stands for the domain name system, which I'm sure many of you already know. What does it do? Well very basically DNS is responsible for matching the friendly URL such as www.bbc.co.uk to an IP address of a computer. DNS servers are at the very foundation of how the internet works translating IP addresses into names and vice versa.

It's actually a very elegant and relatively simple solution to a potentially difficult problem. Without DNS we'd all be typing in IP addresses instead of the names of web sites. Unfortunately it's also open to exploitation from hackers using techniques such as DNS poisoning to your Government instructing ISPs to censor your internet connection by meddling with DNS tables.

I particularly dislike censorship by DNS, one of the main reasons is that it's tampering with one of the fundamental building blocks of the internet, it's also a sneaky and actually rather useless way of internet censorship that is easy to bypass anyway.

So what actually happens with DNS Internet Censorship?



Well it's not very clever, all you have to do is modify an ISP DNS tables for a certain web site, so instead of sending you to the proper site, you'll get routed to wherever the DNS entry points you to - (if you need a fuller explanation of DNS - visit here - Wikipedia DNS page, or you can ask me here, I spent quite a lot of time DNS troubleshooting in my career !)

Anyway in simple terms what will happen is you get redirected to the web site that your Government want you to see, typically a page with a warning message. Many of the Scandinavian countries (particularly Norway where rather fond of DNS censorship), it's obviously flawed though as all you need to do is point your PC at another DNS server anywhere on the internet and you'll bypass this basic censorship.

So let's illustrate a point and at the same time highlight the opportunity for your own internet censorship (or even a rather funny prank). All windows machines will actually try and resolve the IP address of a web site locally before requesting an address from a DNS server. This means looking at a file stored on your computer to see if it has a record of the address.


This file is usually stored on most later versions of windows in the C:\windows\system32\drivers\etc directory, it is a simple text file which should be opened with notepad (with admin rights if you're using Vista and it's stupid UAC).

Here's a sample one

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#

127.0.0.1 localhost
::1 localhost


It's just a simple text file, it has no extension and is simply called 'hosts'. However this file will be one of the first places your system will look if it needs to find the IP address of a web site.

So if you want to stop someone going to a specific web site then you can add your own custom address to redirect them.

Let's show you an example, if I add this line to my hosts file and save it.

216.163.137.68 www.facebook.com

I am telling my computer that whenever anyone wants the address for www.facebook.com, it should go to IP address 216.163.137.68. So let's see this DNS censorship in action.


DNS Censor example


As you can see, whenever I type in the url for facebook, I'll end up at another popular website!

This is exactly what is happening with DNS censorship, you are being given false information and redirected to another website. Many companies and schools use this method as an inexpensive way of filtering websites, but usually redirecting to a home page or warning pages instead !

You'll often find many more entries in these host files usually to force redirection to an application or similar. You can use it at home to stop minors accessing specific web sites (but obviously redirect them to something more suitable !)

Have a look at the host files on your own machines to check your not being redirected aswell, it's also a trick used by viruses and malware - imagine having your bank web site redirected to one set up by an identity thief, completely transparently you could be redirected without you knowing. Manipulation and censorship by DNS is actually quite a big subject so I will be writing more on this subject and also including a list of countries who still actively use DNS censorship to my knowledge.

0 comments: