Revision as of 05:34, 1 May 2015

Overview

If you're being randomly redirected to sites like ours, www.norwich.edu, opensourcematters.org, www.paramiko.org, but also thousands of other sites[1], it means your a victim of the Great Firewall of China (GWF).

Starting in January 2015, the Great Firewall was slightly modified and began to use DNS spoofing on a mass scale - for any "censored" DNS names like www.youtube.com or www.facebook.com, GWF sends fake DNS replies aimed at seemingly random IP addresses outside of China[2]. This results in massive disruptions for internet users in China and massive overload of random webservers outside of China.

Quick help for affected users

What can I do to prevent the Great Firewall of China spoof my DNS requests

The only way is to use a reliable DNS server located outside of China (for example, OpenDNS or Google Public DNS) *and* a reliable VPN provider. Please note that GFW can easily intercept DNS queries and fake the replies - this is why using a VPN is so important.

I'm using VPN, but my internet experience is still erratic

It's a common mistake to use a VPN service but send DNS queries locally. If you use a VPN connection, you should make sure your DNS queries are sent to a reliable DNS server - this excludes any public DNS located in China.

I'm outside of China, but I'm still randomly redirected

• your device (computer, laptop, mobile phone, tablet...) may be infected with malware
• your device may have DNS servers changed to Chinese ones
• your local router may be hacked / have DNS servers changed to Chinese ones

[1] Full list available to interested parties.

[2] List of affected IP addresses changes approximately once a month and consists of thousands of IP addresses with different weights assigned. Full list for every day from past months available to interested parties.