S. Basso (Open Observatory of Network Interference)

We designed DNSCheck, an active network experiment to detect the blocking of DoT/DoH services. We implemented DNSCheck into OONI Probe, the network-interference measurement tool we develop since 2012. We compiled a list of popular DoT/DoH services and ran DNSCheck measurements with help from volunteer OONI Probe users. We present preliminary results from measurements in Kazakhstan (AS48716), Iran (AS197207), and China (AS45090). We tested 123 DoT/DoH services, corresponding to 461 TCP/QUIC endpoints. We found endpoints to fail or succeed consistently. In AS197207 (Iran), 50% of the DoT endpoints seem blocked. Otherwise, we found that more than 80% of the tested endpoints were always reachable. The most frequently blocked services are Cloudflare’s and Google’s. In most cases, attempting to reach blocked endpoints failed with a timeout. We observed timeouts connecting, during, and after the TLS handshake. TLS blocking depends on either the SNI or the destination endpoint.

View More Papers

Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and...

Tyler McDaniel (University of Tennessee, Knoxville), Jared M. Smith (University of Tennessee, Knoxville), Max Schuchard (University of Tennessee, Knoxville)

Read More

Demo #9: Attacking Multi-Sensor Fusion based Localization in High-Level...

Junjie Shen, Jun Yeon Won, Zeyuan Chen and Qi Alfred Chen (UC Irvine)

Read More

(Short) WIP: End-to-End Analysis of Adversarial Attacks to Automated...

Hengyi Liang, Ruochen Jiao (Northwestern University), Takami Sato, Junjie Shen, Qi Alfred Chen (UC Irvine), and Qi Zhu (Northwestern University) Best Short Paper Award Winner!

Read More