Turkish ISPs Intercepting Google Public DNS
As we've been discussing
, the Turkish government has been attempting to block numerous social media websites; both to paint these services as negative outside influences that erode family values (read: political brownie points) but to stifle discussion and debate as well. Most Internet users in Turkey have in response turned to alternative DNS providers to erode some of the bans (though some are based on IP ranges).
According to a Google blog post
, Turkish ISPs are battling this by intercepting Google's own DNS services:
We have received several credible reports and confirmed with our own research that Google’s Domain Name System (DNS) service has been intercepted by most Turkish ISPs (Internet Service Providers)...imagine if someone had changed out your phone book with another one, which looks pretty much the same as before, except that the listings for a few people showed the wrong phone number. That’s essentially what’s happened: Turkish ISPs have set up servers that masquerade as Google’s DNS service.
| |PhoenixDownFIOS is AwesomePremium
Fresh Meadows, NY
That's why the US should cede control of the Internet to the UN... ... or perhaps not.
Re: Doesn't that go against the rules for being allowed to have IP's?
said by Ano :Not necessarily, just about any linux-based router can do this with dnsmasq, intercepting Port 53 on UDP is trivial to do, and many public wifi hotspots already do this. The fact that it's being used by Turkish ISP's/government for censorship, is also not surprising.
...The only way they could intercept Google DNS request (because they are IP specific) is if they are spoofing or actually assigning the Google DNS server IP's on the ISP network for other devices, which would thus violate ARIN (or whatever version of Arin in said countries).
Edit: The part about dnscrypt, *may* work, as long as they haven't explicitly blocked any/all known publicly available dnscrypt servers.
Edit2: If you think you're safe on public wifi because you're "using https", you'd be wrong »www.thoughtcrime.org/software/sslstrip/ (Always, ALWAYS VPN WHEN POSSIBLE, to an endpoint that YOU or SOMEONE YOU TRUST controls, or don't use public wifi.)
·Time Warner Cable
| |said by Ano : yes we should just ban countries from the internet that overly censor it and send them back to the stone age
I am too lazy to go read into it more but doesn't part of ISP's being provided public addresses from ARIN, which are required to get online, is them agreeing to only use addresses to which they are authorized/assigned to?
The only way they could intercept Google DNS request (because they are IP specific) is if they are spoofing or actually assigning the Google DNS server IP's on the ISP network for other devices, which would thus violate ARIN (or whatever version of Arin in said countries).
Otherwise ISP's would just have a mess etc.
It's funny. The web should be open and free.
If people don't like what they see don't look at it.
Next countries and government will restrict how much air we are allowed to have in a day...
The internet is always going to exist and continue to grow, as you can tell you can try but you can't stop people going around it. The only way to do that is remove any connections to the rest of the world, at which point, you are no longer the internet but basically a big Intranet.
I hope the people of the country use OpenDNS with DNSCrypt or other providers that support DNSCrypt. They can't just intercept that because certificate/keys are used not to mention it's encrypted. hah
Live Free or Die Hard...
| |MaynardKrebsHeave Steve, for the good of the countryPremium
Google should drop Turkey in retaliation
Just wipe Turkey off the internet search map..... hotels, businesses, airlines, exporters......
Re: Google should drop Turkey in retaliation Do no evil? Two wrongs does not make a right.