2010年1月6日星期三

[GFW BLOG] GFW DNS 污染 IP 列表

来源:http://blog.lrfz.com/?p=535

GFW 最近半年愈发猖獗。一个直观的个人的体验是:以前用 FoxyProxy 也就是建个翻墙白名单;现在已经是全天开 proxy 上了,在考虑啥时候建个不翻墙的白名单。当然,Tor 也被干扰了,速度慢,而且要经常换 Bridge 。后来还是花钱和朋友合租了 VPS,用上了 SSH Tunnel。

关于翻墙这种行为,我要强调的是:这是个人在基本的言论和通讯权力被侵害时的被动的生存行为;墙和墙的所有者是没有法理基础的;建设、维护和拥有墙都是侵害人权的罪恶和违法行为;这种罪恶不因民众的翻墙能力增长而减小。

以下是正题:最近我在给自己的 Android 手机用 VPN 翻墙,路由问题已经有解,DNS 似乎更容易。但由于 Android 系统的一些问题,DNS over VPN 在某些情况下不稳定,所以 hosts 文件是一个有必要的补充手段。关于抗 GFW 的 hosts 的文章不少,但大多只给了 Twitter, Youtube 等大网站的 DNS 记录;Hosts File Patch提供了 Windows 下的若干 hosts 的 hosts patch。 在"深入理解GFW:DNS污染"一文中,提到了 GFW 在 DNS 污染中使用的 8 个 IP:

  • 4.36.66.178
  • 203.161.230.171
  • 211.94.66.147
  • 202.181.7.85
  • 202.106.1.2
  • 209.145.54.50
  • 216.234.179.13
  • 64.33.88.161

而我的兴趣是:

  1. 调查更多的 GFW 使用的 DNS 污染 IP
  2. 建立和维护一份覆盖更广泛的 Anti GFW Hosts 文件

针对上述第一个问题,我使用了一些简单的 Web 服务,获得了一个较长的 Faked IP list:

  • 4.36.66.178
  • 8.7.198.45
  • 37.61.54.158
  • 46.82.174.68
  • 59.24.3.173
  • 64.33.88.161
  • 64.33.99.47
  • 64.66.163.251
  • 65.104.202.252
  • 65.160.219.113
  • 66.45.252.237
  • 72.14.205.104
  • 72.14.205.99
  • 78.16.49.15
  • 93.46.8.89
  • 128.121.126.139
  • 159.106.121.75
  • 169.132.13.103
  • 192.67.198.6
  • 202.106.1.2
  • 202.181.7.85
  • 203.161.230.171
  • 207.12.88.98
  • 208.56.31.43
  • 209.145.54.50
  • 209.220.30.174
  • 209.36.73.33
  • 211.94.66.147
  • 213.169.251.35
  • 216.221.188.182
  • 216.234.179.13

对这些 IP 作 GeoIP 查询如下:

4.36.66.178 :GeoIP Country Edition: US, United States
8.7.198.45 :GeoIP Country Edition: US, United States
37.61.54.158 :GeoIP Country Edition: --, N/A
46.82.174.68 :GeoIP Country Edition: --, N/A
59.24.3.173 :GeoIP Country Edition: KR, Korea, Republic of
64.33.88.161 :GeoIP Country Edition: US, United States
64.33.99.47 :GeoIP Country Edition: US, United States
64.66.163.251 :GeoIP Country Edition: US, United States
65.104.202.252 :GeoIP Country Edition: US, United States
65.160.219.113 :GeoIP Country Edition: US, United States
66.45.252.237 :GeoIP Country Edition: US, United States
72.14.205.104 :GeoIP Country Edition: US, United States
72.14.205.99 :GeoIP Country Edition: US, United States
78.16.49.15 :GeoIP Country Edition: IE, Ireland
93.46.8.89 :GeoIP Country Edition: --, N/A
128.121.126.139 :GeoIP Country Edition: US, United States
159.106.121.75 :GeoIP Country Edition: US, United States
169.132.13.103 :GeoIP Country Edition: US, United States
192.67.198.6 :GeoIP Country Edition: DE, Germany
202.106.1.2 :GeoIP Country Edition: CN, China
202.181.7.85 :GeoIP Country Edition: AU, Australia
203.161.230.171 :GeoIP Country Edition: HK, Hong Kong
207.12.88.98 :GeoIP Country Edition: US, United States
208.56.31.43 :GeoIP Country Edition: US, United States
209.145.54.50 :GeoIP Country Edition: US, United States
209.220.30.174 :GeoIP Country Edition: US, United States
209.36.73.33 :GeoIP Country Edition: US, United States
211.94.66.147 :GeoIP Country Edition: CN, China
213.169.251.35 :GeoIP Country Edition: NL, Netherlands
216.221.188.182 :GeoIP Country Edition: US, United States
216.234.179.13 :GeoIP Country Edition: CA, Canada

对这些 IP 作 PTR 查询如下:

4.36.66.178 PTR record not found, server failure
8.7.198.45 does not exist, try again
37.61.54.158 does not exist (Authoritative answer)
46.82.174.68 does not exist (Authoritative answer)
59.24.3.173 does not exist (Authoritative answer)
Name: tonycastro.org.ez-site.net
Address: 64.33.88.161

64.33.99.47 does not exist (Authoritative answer)
64.66.163.251 does not exist (Authoritative answer)
Name: 65.104.202.252.ptr.us.xo.net
Address: 65.104.202.252

65.160.219.113 does not exist, try again
66.45.252.237 does not exist (Authoritative answer)
72.14.205.104 does not exist (Authoritative answer)
72.14.205.99 does not exist (Authoritative answer)
78.16.49.15 does not exist (Authoritative answer)
Name: 93-46-8-89.ip105.fastwebnet.it
Address: 93.46.8.89

128.121.126.139 does not exist (Authoritative answer)
159.106.121.75 does not exist (Authoritative answer)
169.132.13.103 PTR record not found, server failure
Name: web3.webmailer.de
Address: 192.67.198.6

202.106.1.2 does not exist, try again
202.181.7.85 does not exist (Authoritative answer)
203.161.230.171 does not exist (Authoritative answer)
Name: 207.12.88.98.nyinternet.net
Address: 207.12.88.98

Name: unassigned.alabanza.com
Address: 208.56.31.43

Name: dns1.gapp.gov.cn
Address: 209.145.54.50

Name: 209.220.30.174.ptr.us.xo.net
Address: 209.220.30.174

209.36.73.33 does not exist, try again
211.94.66.147 does not exist, try again
213.169.251.35 PTR record not found, server failure
216.221.188.182 does not exist (Authoritative answer)
Name: ip-216-234-179-13.tera-byte.com
Address: 216.234.179.13

对这些 IP 作 Whois 查询见附件 whois

GFW 很可能还使用了其他的 IP 进行 DNS 污染,而在未来还可能使用其他的 IP 。本文显示,GFW 在 DNS 污染中使用的 IP 是可以被跟踪的,并可以进一步对于被污染 domain name 进行跟踪,并用于维护一个 hosts 文件来规避 GFW DNS 污染。在以后的一段时间,我将进一步分析被污染的 domain name 并试图建立和维护这个 hosts 文件。



--
Posted By GFW Blog to GFW BLOG at 1/06/2010 09:32:00 PM

没有评论:

发表评论