I knew Turkey was blocking access to 8.8.8.8 etc., but you are saying they are actually providing wrong DNS results via that IP address within Turkey? Where are these imposter DNS servers sending Turkish requests for YouTube, for example?
I knew Turkey was blocking access to 8.8.8.8 etc., but you are saying they are actually providing wrong DNS results via that IP address within Turkey? Where are these imposter DNS servers sending Turkish requests for YouTube, for example?
If the aim of this blog post is a public disclaimer of Google's involvement in this then please clarify:
- Which dns queries were affected? - To which IP address did they resolved to?
It is obvious that Erdogan's administration is resorting even the most desperate measures, but still, this is a public accusation and you can't do it without providing any evidence/details like you do it here.
The issue here is not just DNS Poisoning, as in the Phone Book example. It is also IP Spoofing.
They forward some internet traffic to their servers. I'm pretty sure this doesn't stand with ARIN and RIPE's policies! There should be a response to this!
IP Analysis screenshots in Turkey. http://i.imgur.com/dS6ptJR.jpg http://i.imgur.com/WoLflZJ.jpg
Our analysis shows that there is only one ISP doing that. The rest is either routing towards them or they have no other way to bypass that particular ISP.
Can you please check again? Blaming all ISPs in this way is misleading. The outcome may be the same but masquerading is one thing, routing is another.
Does Google have a plan to mitigate these attacks, at least within its own ecosystem? There are many options, including local DNSSEC validation and/or protected DNS protocol transports - until they are implemented, end user security is in jeopardy.
As a citizen of Turkey, I apologize on behalf of my government. The ISPs are under direct control of the government and once again, they proved how LOW they can get in order to do whatever they want.
You cannot imagine how ashamed we are because of them.
Ok I understand the concept but what is the worst case scenario of this? How can it lead to fraud? Difficulties? I'm a novice at how the world of computer magic works.
Is this not a crime? Will Google do anything about this? Is there any way to workaround this? Is dnscrypt a solution for at least making sure that we are not using a fake DNS?
As one part of an overall defense strategy, why doesn't Google implement DNSCrypt on its DNS servers? DNSCrypt is lightweight and Google could easily create a tiny client for desktop OSs as well as baking support into Android and ChromeOS.
As one part of an overall defense strategy, why doesn't Google implement DNSCrypt on its DNS servers? DNSCrypt is lightweight and Google could easily create a tiny client for desktop OSs as well as baking support into Android and ChromeOS.
V for vendetta gerçek mi oluyor? Dünyada birçok ülkede BAHAR adı altında devrimler yapılıyor, hükümetler yıkılıyor. İnsanlar filmdeki gibi isyan edip devlete savaş açıyor ama gerçekten de filmdeki gibi mi acaba?
Hem kendi halkını, hem de dünyadaki diğer halkları sömüren SÜPER DEVLETLERDE bahar mahar yok. Her nedense, burada hükümetin haksızlıklarını protesto edenler kolayca etkisiz hale getiriliyor.
Demokrasi nerede, özgürlük nerede, insan hakları nerede?
Fakat sğper olmamış, sömürge sahibi olmamış ülkelerde ise sırayla bir bahar havasıdır esip duruyor. İşte tam burada süper emperyalist devletler derhal demokrasi şakşakçısı oluveriyor.
Birçok ilkede çalışan sistem Türkiye'de sökmedi. Diğerlerinde yaptıkları kaos ve karmaşayı gerektiği gibi yapamadılar.
Türkiye'de gezi parkı olaylarını iç savaş ve kaosa dönüştürmek isteyenler oldu. Hem dünya basını hem de sosyal medya tetikçileri iyi performans sarf etti. İyi yol aldılar ama tam oarak başarılı olamadılar.
İstedikleri şu, Türkiye'de bir iç savaş çıksın, kaos olsun. Sonunda ya UYUMLU bir hükümet kurulsun ya da dışarıdan askeri müdahale yapılsın.
Facebook twitter ve youtube bu opersyonlarda anarşistlere hem destek veriyor, hem de suçluların kimliğini gizliyor. Böylelikle terörizme destek oluyor.
Şimdi Google abi, sen Türkiye'de meşru hükümeti devirmek isteyen hain ve teröristlere mi destek oluyorsun yoksa seçimle iş başına gelmiş meşru bir hükümete mi?
I wonder if it's against any kind of international convention/agreement to steal the name of servers, besides stealing traffic.
As you can see from the below trace, Turk Telekom has named its server after Google's own:
Tracing route to google-public-dns-a.google.com [8.8.8.8] over a maximum of 30 hops:
1 53 ms 99 ms 99 ms 192.168.1.1 2 13 ms 14 ms 13 ms 93.155.1.196 3 * 13 ms 15 ms 81.212.78.29.static.turktelekom.com.tr [81.212.78.29] 4 17 ms 14 ms 14 ms gayrettepe-t2-3-beyoglu-t3-1.turktelekom.com.tr.216.212.81.in-addr.arpa [81.212.216.246] 5 20 ms 19 ms 20 ms ulus-t2-3-gayrettepe-t2-3.turktelekom.com.tr.204.212.81.in-addr.arpa [81.212.204.205] 6 21 ms 21 ms 20 ms ulus-t3-3-ulus-t2-3.turktelekom.com.tr.219.212.81.in-addr.arpa [81.212.219.209] 7 19 ms 19 ms 19 ms google-public-dns-a.google.com [8.8.8.8]
i thought it's me alone to have this kind of problem, i own a blog and it has no problem since 2011..but in 2014 i can hardly open my blog either it's Chrome or Firefox..
My ISP has their own DNS number (DNS1 & DNS2) but got error many times when i tried to open Blogger. If this happens, i changed them to Google DNS: DNS1 => 8.8.8.8 DNS2 => My ISP DNS -or- DNS1 => 8.8.8.8 DNS2 => 8.8.4.4 DNS3 => My ISP DNS.
They worked for some moments and then the problem occured again. So i switched them back to my ISP DNS to get it work.
Things that makes me confused are, when my ISP DNS cannot open the blog, the Google DNS can.. and when the Google DNS cannot, my ISP DNS can do it.
I'm sick with this really.. Can you help me? Is there anything wrong with my blog or the problem came from Google or my ISP itself?
Thank you very much before, i really appreciates your help.
Can you give more details about how this attack works? Are they advertising fake routes to 8.8.8.8 and 8.8.4.4 within Turkey, or are ISPs simply hard coding rules for those IP addresses?
What actions are you planning against this? I mean, I think the IP addresses of Google Public DNS service and the service itself are google's property and some ISPs are abusing this service and google's name by altering the official routing to redirect traffic to their local server without the google user's knowledge.
To understand the situation better, let's imagine that they can replace the google.com web page with a similar one to show the search listings as they would like while keeping it under the name of the google.
Google should have something to do to prevent this.
Unfortunately they are intercepting ALL DNS traffic from withing Turkey. They're transparently redirecting traffic to port 53 (DNS) to their own DNS servers. Eg. You are not able to use any outside DNS server from within Turkey at moment.
I'm in Hong Kong and I find that Google Public DNS points google.com and www.google.com to somewhere that is far away to me, while ISP DNS points to somewhere close to me.
this article seems too short to provide information. Okay, Turkish ISP have set up servers that masquerade, so what is actually happening and what has google done about it? There should have been some updates about this given original date of the article, right?
Same here at Indonesia. The government have been intercepting our data for the sake of fighting "porn" by banning Vimeo, imgurl, reddit, and other sites.
Follow
40 Kommentare :
I am writing this from Turkey. It is a shame.
For those who don't know, last week the Turkish government banned Twitter and YouTube.
twitter.com and youtube.com have been redirected to a page where you get to see it is banned.
People switched to Google DNS for being able to access these web sites.
And to prevent this, now the government instead of banning Google DNS, they intercepted it! We have no idea what's next. B
eing unable to access is one thing, but getting intercepted by the government is a totally different beast... It's a shame.
I knew Turkey was blocking access to 8.8.8.8 etc., but you are saying they are actually providing wrong DNS results via that IP address within Turkey? Where are these imposter DNS servers sending Turkish requests for YouTube, for example?
I knew Turkey was blocking access to 8.8.8.8 etc., but you are saying they are actually providing wrong DNS results via that IP address within Turkey? Where are these imposter DNS servers sending Turkish requests for YouTube, for example?
If the aim of this blog post is a public disclaimer of Google's involvement in this then please clarify:
- Which dns queries were affected?
- To which IP address did they resolved to?
It is obvious that Erdogan's administration is resorting even the most desperate measures, but still, this is a public accusation and you can't do it without providing any evidence/details like you do it here.
The issue here is not just DNS Poisoning, as in the Phone Book example. It is also IP Spoofing.
They forward some internet traffic to their servers. I'm pretty sure this doesn't stand with ARIN and RIPE's policies! There should be a response to this!
IP Analysis screenshots in Turkey.
http://i.imgur.com/dS6ptJR.jpg
http://i.imgur.com/WoLflZJ.jpg
Our analysis shows that there is only one ISP doing that. The rest is either routing towards them or they have no other way to bypass that particular ISP.
Can you please check again? Blaming all ISPs in this way is misleading. The outcome may be the same but masquerading is one thing, routing is another.
Spoofing by ISPs could be disastrous. It adds a whole new dimension in Internet securities.
Does Google have a plan to mitigate these attacks, at least within its own ecosystem? There are many options, including local DNSSEC validation and/or protected DNS protocol transports - until they are implemented, end user security is in jeopardy.
Valla Maşşallah. Helal olsun Türkiye Cumhuriyeti'ne...
Sosyal Medya, Haber
There is nothing to do?
We get what is happening, question is what will you do about it?
Our goverment is mocking with us. I feel ashamed.
Not even suprised.
We need Internet freedom.
As a citizen of Turkey, I apologize on behalf of my government. The ISPs are under direct control of the government and once again, they proved how LOW they can get in order to do whatever they want.
You cannot imagine how ashamed we are because of them.
Thamks :) I am Turkish. Do you have a DNS address that you can recommend?
Ok I understand the concept but what is the worst case scenario of this? How can it lead to fraud? Difficulties? I'm a novice at how the world of computer magic works.
It reminded me a dialogue from the movie Matrix:
Morpheus: ... But they are
the gatekeepers. They are guarding all the doors, they are
holding all the keys, which means that sooner or later...
_someone_ is going to have to fight them.
It reminded me a dialogue from the movie Matrix:
Morpheus: ... But they are
the gatekeepers. They are guarding all the doors, they are
holding all the keys, which means that sooner or later...
_someone_ is going to have to fight them.
What is the status of uProxy? Would be nice to accelerate its debut...
Will you be supporting DNSCrypt protocol now?
Is this not a crime? Will Google do anything about this? Is there any way to workaround this? Is dnscrypt a solution for at least making sure that we are not using a fake DNS?
As one part of an overall defense strategy, why doesn't Google implement DNSCrypt on its DNS servers? DNSCrypt is lightweight and Google could easily create a tiny client for desktop OSs as well as baking support into Android and ChromeOS.
As one part of an overall defense strategy, why doesn't Google implement DNSCrypt on its DNS servers? DNSCrypt is lightweight and Google could easily create a tiny client for desktop OSs as well as baking support into Android and ChromeOS.
V for vendetta gerçek mi oluyor? Dünyada birçok ülkede BAHAR adı altında devrimler yapılıyor, hükümetler yıkılıyor.
İnsanlar filmdeki gibi isyan edip devlete savaş açıyor ama gerçekten de filmdeki gibi mi acaba?
Hem kendi halkını, hem de dünyadaki diğer halkları sömüren SÜPER DEVLETLERDE bahar mahar yok. Her nedense, burada hükümetin haksızlıklarını protesto edenler kolayca etkisiz hale getiriliyor.
Demokrasi nerede, özgürlük nerede, insan hakları nerede?
Fakat sğper olmamış, sömürge sahibi olmamış ülkelerde ise sırayla bir bahar havasıdır esip duruyor. İşte tam burada süper emperyalist devletler derhal demokrasi şakşakçısı oluveriyor.
Birçok ilkede çalışan sistem Türkiye'de sökmedi.
Diğerlerinde yaptıkları kaos ve karmaşayı gerektiği gibi yapamadılar.
Türkiye'de gezi parkı olaylarını iç savaş ve kaosa dönüştürmek isteyenler oldu. Hem dünya basını hem de sosyal medya tetikçileri iyi performans sarf etti. İyi yol aldılar ama tam oarak başarılı olamadılar.
İstedikleri şu, Türkiye'de bir iç savaş çıksın, kaos olsun. Sonunda ya UYUMLU bir hükümet kurulsun ya da dışarıdan askeri müdahale yapılsın.
Facebook twitter ve youtube bu opersyonlarda anarşistlere hem destek veriyor, hem de suçluların kimliğini gizliyor. Böylelikle terörizme destek oluyor.
Şimdi Google abi, sen Türkiye'de meşru hükümeti devirmek isteyen hain ve teröristlere mi destek oluyorsun yoksa seçimle iş başına gelmiş meşru bir hükümete mi?
Watching, and listening... Waiting for the end!
I wonder if it's against any kind of international convention/agreement to steal the name of servers, besides stealing traffic.
As you can see from the below trace, Turk Telekom has named its server after Google's own:
Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:
1 53 ms 99 ms 99 ms 192.168.1.1
2 13 ms 14 ms 13 ms 93.155.1.196
3 * 13 ms 15 ms 81.212.78.29.static.turktelekom.com.tr [81.212.78.29]
4 17 ms 14 ms 14 ms gayrettepe-t2-3-beyoglu-t3-1.turktelekom.com.tr.216.212.81.in-addr.arpa [81.212.216.246]
5 20 ms 19 ms 20 ms ulus-t2-3-gayrettepe-t2-3.turktelekom.com.tr.204.212.81.in-addr.arpa [81.212.204.205]
6 21 ms 21 ms 20 ms ulus-t3-3-ulus-t2-3.turktelekom.com.tr.219.212.81.in-addr.arpa [81.212.219.209]
7 19 ms 19 ms 19 ms google-public-dns-a.google.com [8.8.8.8]
Dear Sir,
i thought it's me alone to have this kind of problem, i own a blog and it has no problem since 2011..but in 2014 i can hardly open my blog either it's Chrome or Firefox..
My ISP has their own DNS number (DNS1 & DNS2) but got error many times when i tried to open Blogger.
If this happens, i changed them to Google DNS:
DNS1 => 8.8.8.8
DNS2 => My ISP DNS
-or-
DNS1 => 8.8.8.8
DNS2 => 8.8.4.4
DNS3 => My ISP DNS.
They worked for some moments and then the problem occured again.
So i switched them back to my ISP DNS to get it work.
Things that makes me confused are, when my ISP DNS cannot open the blog, the Google DNS can..
and when the Google DNS cannot, my ISP DNS can do it.
I'm sick with this really..
Can you help me?
Is there anything wrong with my blog or the problem came from Google or my ISP itself?
Thank you very much before, i really appreciates your help.
Great Work, You are the best
Can you give more details about how this attack works? Are they advertising fake routes to 8.8.8.8 and 8.8.4.4 within Turkey, or are ISPs simply hard coding rules for those IP addresses?
What actions are you planning against this? I mean, I think the IP addresses of Google Public DNS service and the service itself are google's property and some ISPs are abusing this service and google's name by altering the official routing to redirect traffic to their local server without the google user's knowledge.
To understand the situation better, let's imagine that they can replace the google.com web page with a similar one to show the search listings as they would like while keeping it under the name of the google.
Google should have something to do to prevent this.
Unfortunately they are intercepting ALL DNS traffic from withing Turkey.
They're transparently redirecting traffic to port 53 (DNS) to their own DNS servers.
Eg. You are not able to use any outside DNS server from within Turkey at moment.
I'm in Hong Kong and I find that Google Public DNS points google.com and www.google.com to somewhere that is far away to me, while ISP DNS points to somewhere close to me.
I think it is a great post for increasing knowledge about how to more improve your website traffic .
Hello,
Is now the problem with Google DNS in Turkey resolved? Can we surf on web via Google DNS with mind at peace?
Thank you four your interest,
Turhan
I didn't know about it. Thanks for sharing.
this article seems too short to provide information. Okay, Turkish ISP have set up servers that masquerade, so what is actually happening and what has google done about it? There should have been some updates about this given original date of the article, right?
DNSCrypt? do it, Google!
Russia does the same now, so when is dnscrypt gonna be supported??
Same here at Indonesia. The government have been intercepting our data for the sake of fighting "porn" by banning Vimeo, imgurl, reddit, and other sites.
Kommentar veröffentlichen