Upload File

budaworkshop

22
Internet Censorship Detecting Internet Censorship: Tools and Techniques Nart Villeneuve PHD Candidate, Senior Research Fellow Citizen Lab , Munk Centre for International Studies University of Toronto

Upload: nartv

Post on 16-Jul-2015

1.035 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

Page 1: Budaworkshop

Internet Censorship

Detecting Internet Censorship: Tools and Techniques

Nart Villeneuve PHD Candidate, Senior Research Fellow

Citizen Lab , Munk Centre for International StudiesUniversity of Toronto

Page 2: Budaworkshop

Overview

Techniques to test for Internet censorship. Key Questions Tests and Tools Drawing Conclusions

Page 3: Budaworkshop

Key Questions

Filtering can take a variety of forms and can be implemented at a variety of locations: Is there a way to determine what is filtered? Is there a way to determine how filtering is

occuring? Is there a way to determine why specific content is

filtered?

Page 4: Budaworkshop
Page 5: Budaworkshop
Page 6: Budaworkshop

Strategy

Know your testing environment. Distinguish between errors and deliberate

filtering. Distinguish between filtering by an intermediary

and filtering by the destination. Isolate the scope of the test, and test each

component. Test each component again through an

encrypted, external connection. Carefuly observe and evaluate the results.

Page 7: Budaworkshop
Page 8: Budaworkshop
Page 9: Budaworkshop

Simple Anatomy of a URL

http://www.example.com/example.html Protocol: http, port 80 (https://, port 443, ftp://, port

21 etc...) Domain name: www.example.com

You may wish to test www.example.com or example.com or both

Path: /example.html Before testing this path, we want to test the default path

of / The requested page may attemp to load content

from other (possibly blocked) locations (images, frames, etc...)

Page 10: Budaworkshop

DNS

DNS translates domain names into IP addresses.

A single domain name may have multiple IP addresses, these IP addresses may vary depending on geographical location.

Sub-domain(s) may have different IP addresses (www.x.com and x.com may even resolve to different Ips)

There may be many domains hosted on one IP address DNS Tampering

Interference with DNS resulting in domain names being translated into incorrect or invalid IP addresses

An ISP's local DNS servers can be modified, an intermediary can send a forged answer.

Page 11: Budaworkshop

DNS Tests

Compare the IP's returned from the local dns with one from a remote location. Nslookup (host, digg)

nslookup example.com Use a remote DNS Server

nslookup example.com 208.67.222.222 See, opendns.com – It may be already blocked?

Look up the IP's https://asn.cymru.com/ Note the reverse DNS for the IPs, note the network and range to

which IP's are assigned, look for services such as Akamai Don't have a remote location?

https://www.websitepulse.com/help/tools.php

Page 12: Budaworkshop
Page 13: Budaworkshop

TCP/IP

TCP/IP is a set of protocols upon which the Internet runs. Traceroute is a tool that determines that path packets take on an

IP network

On Windows traceroute is ICMP, UDP on *nix, we want to use TCP Traceroute (and be able to receive ICMP packets).

IP Blocking A router is configured to drop packets to particular IP addresses

A destination may block requestions form a particular source

Packet Injection An entity other than the destination send packet(s) that appear to

be from the requesting source.

These can be RST packets, that disrupt the connection.

Page 14: Budaworkshop

TCP/IP Tests

Connect to the IP's obtained from the DNS tests, compare the results of the TCP probes from the local and remote locations.

TCP Traceroute http://tracetcp.sourceforge.net/ A transparent proxy may interefere, this is not necessarily bad. Hops may timeout, this is not necessarily bad.

TCP Ping http://www.elifulkerson.com/projects/tcping.php

Technical folks will want to use a packet sniffer such as wireshark to sniff te connection. Look for a situation in which there are only outgoing SYN's and no SYN/ACK's

Page 15: Budaworkshop
Page 16: Budaworkshop

HTTP

HTTP is the protocol upon which information is tranfered on the WWW.

Headers contain information that is transfered between a browser and a web server that the user does not typically see.

http://livehttpheaders.mozdev.org/ is a Firefox extension that shows http headers.

Filtering Proxies A (transparent) filtering proxy blocks access to content based on a

blocklist, whitelist, keyword in URL, keyword in content or dynamic analysis (links, reputation, file type, image analysis etc...)

Users typically receive a blockpage indicating that the request has been blocked.

Page 17: Budaworkshop

HTTP Tests

Connect to the IP's obtained from the DNS tests, compare the content returned from the local and remote locations. Request the path of / first, then the path you are testing.

Look for a blockpage. Often the page will have the logo of the company that produced the filtering software, it may also have category information.

Look at the source code of the blockpage.

NOTE: Some proxies do not allow direct connections to IP addresses.

Compare the HTTP headers. Some times you get a 200, sometimes a 403, sometimes a 302. Filtering software often have unique identifying headers.

If you are behind a proxy you may get what appears to be block page as a result of some other form of filtering (or error) such as IP blcoking (connection timeout).

Page 18: Budaworkshop
Page 19: Budaworkshop

Drawing Conclusions

Is it the source that is blocking itself from you? Blocked in X? In many countries there are

significant variations among ISP's. Overblocking due to commercial product?

http://www.trustedsource.org/TS?do=feedback&subdo=url

Overblocking due to virtual hosting? http://www.domaintools.com/reverse-ip/

Page 20: Budaworkshop
Page 21: Budaworkshop
Page 22: Budaworkshop

Questions?

[email protected] http://www.nartv.org/


Personal Branding Presentation for HCC

Become A Photographer

Using Social Networks as Job Searching Tools

Campaign Tracking and Adwords Integration

Succumbing to the Python in Financial Markets

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

PickupPal Eco-Rideshare Program

Ogilvy PR 360 DI Twitter Webinar

Designing for an Augmented Reality world

Expert Positioning Using LinkedIn

The Art & Science of Seductive Interactions

Refresh OKC

Profile & Resume Buzzkill - Words to avoid

Google Analytics New Feature

Lean Prototyping - A Practical Guide

What is Big Data?

How to Set Google Analytics Goals and Funnels

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Foursquare Wallet presentation

Leaving Positive Impression

Automotive20

Site Search Analytics in a Nutshell

Big Data - The 5 Vs Everyone Must Know

Wireframes for the Wicked

Evangelizing Yourself

Social, Digital & Mobile in India 2014

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

App optimization for ios 7

Zipcar Millennials Survey

User Centered Design Overview

Snapshot of Digital India - March 2014

trendwatching.com's INTERNET OF CARING THINGS

Designing With Vision

On Digital Transformation - 10 Observations

Simple Steps to UX/UI Web Design