Analysis of GreatFire.org's server logs (16.6M requests, 13K unique source IPs, March 18–19 2015) showed 67% of DDoS attack traffic originated from Taiwan and Hong Kong, while mainland China accounted for only 18 requests — confirming the GC weaponizes foreign browsers by intercepting traffic at China's network border, not domestic ones. The dominant attack vector (38% of requests) was pos.baidu.com (Baidu's ad network), meaning any user globally visiting a non-Baidu site that loads Baidu ad scripts became an unwitting DDoS participant without visiting any Chinese site directly.

The Great Cannon (GC) operates as a distinct in-path system — not an extension of the GFW — capable of both injecting and suppressing traffic, enabling full man-in-the-middle capability against targeted IP addresses. Unlike the on-path GFW, the GC only examines the first data packet of each connection (avoiding TCP bytestream reassembly), targets specific destination IP addresses rather than all border traffic, and maintains a per-source-IP flow cache of approximately 16,000 entries to ignore already-processed connections.

§3, §3.1 detection

The GC acted probabilistically, responding to only approximately 1.75% of eligible requests (526 out of 30,000 from three measurement IP addresses) and completely ignoring one of four measurement source IPs. Flow-cache exhaustion tests confirmed the probabilistic decision is made per-flow at cache insertion time: once the ~16,000-entry cache was filled, injections resumed on previously-ignored source ports, ruling out connection-tuple hashing as the selection mechanism.

§3.1 evaluation

TLS/HTTPS provides complete protection against GC-style content injection: the GC can only replace unencrypted HTTP responses and cannot inject into TLS-encrypted streams. GitHub's universal TLS enforcement prevented the GC from selectively targeting GreatFire.org's repositories despite sustained attack — China had previously attempted to block GitHub entirely but reversed the block within two days due to domestic programmer backlash, leaving TLS as the effective barrier.

§6, §8, §9 defense

Both GFW and GC injected packets share a distinctive implementation side-channel: the IP TTL field progressively increments on successive packets injected into the same connection, paired with an incrementing TCP window size. Using this compound fingerprint, the authors identified GC activity in 8 months of Lawrence Berkeley National Laboratory enterprise border traces with only a single false-positive source IP, and used per-hop TTL probing to localize both the GFW and GC to the same network link on China Telecom (hop 12–13, 144.232.12.211→202.97.33.37) and China Unicom (hop 17–18, 219.158.101.61→219.158.101.49).

§3.1, §4, §6 detection

An internet-wide scan of 500k IP addresses from an in-country VPS vantage point found TCP establishment-interception injections on 43,479 addresses (8.7% of scanned), with over 70% concentrated in two Akamai ASes (AS16625 and AS20940). The injection pattern — triggered by the first packet sent to these addresses — is consistent with targeted blocking of domain-fronting proxies hosted on Akamai CDN.

2025-alaraj-iran-refraction §4.1.2 packet-injectionrst-injectionip-blocking

Iran's censorship of refraction-networking proxies (Conjure via Psiphon) is not monolithic: different ISPs independently deploy different techniques and timelines. Over 800 million logged Conjure connections from July 2023–February 2025 across 10+ Iranian ASes show TCI (AS58224, ~33% of traffic) uses packet injection, while MCCI/Hamrah-e Avval (AS197207, ~22%) applies IP-based blocking, and some ASes (Parsonline AS16322, Shatel AS31549) show no proxy blocking at all.

2025-alaraj-iran-refraction §4 rst-injectionip-blockingpacket-injectiondpi

Wallbleed was a buffer over-read in the GFW's DNS injection subsystem that caused middleboxes to append up to 125 bytes of their own process memory to forged DNS responses. The bug persisted for at least two years (confirmed from October 2021); the GFW issued an incorrect partial patch in November 2023 (Wallbleed v2 remained exploitable) and fully patched it in March 2024. Over 5.1 billion Wallbleed responses were collected during continuous measurement, and an IPv4-wide scan found 242 million IP addresses across 381 autonomous systems receiving Wallbleed-injected responses — including some traffic whose source and destination were both outside China, due to routing through China's network border.

2025-fan-wallbleed §1–§3, §7 dns-poisoningpacket-injection

Iran's DNS censor now injects two distinct block-page IPs: 10.10.34.36 (≈87% of 47,633 censored domains) and 10.10.34.34 (≈13%). Both originate from the same network node at Iran's border. Prior research (Aryan et al. 2013) described only 10.10.34.34. The IP injected correlates strongly with the HTTP censorship method applied: domains with 10.10.34.34 in DNS receive TCP RST via HTTP (86.8% of RST cases), while domains with 10.10.34.36 in DNS receive HTTP block pages (84.6% of block-page cases).

2025-lange-i-ra-nconsistencies §3.1, Table 2 dns-poisoningrst-injectionpacket-injection

Over 2.5 months (Nov 2024–Jan 15, 2025), IRBlock scanned all 11M Iranian IPv4 addresses daily, finding 6.8M IPs subject to DNS poisoning and HTTP blockpage injection, and 5.4M IPs subject to UDP-based traffic disruption. Testing over 700M FQDNs (500M apex domains) revealed 6M banned FQDNs from 3.3M censored apex domains. Of 537 active ASes in Iran, 485 (90.3%) exhibited blocking for at least 25% of assigned IPs. DNS and HTTP censorship overlapped at >99% of censored IPs; UDP blocking was a strict subset of DNS-censored IPs, affecting ~5M addresses.

2025-tai-irblock §5.1, §1 dns-poisoningpacket-injectionhttp3-quic-block

The GFI's HTTP and HTTPS filters are now stateful (requiring initial SYN packet with matching sequence numbers) and have been activated on all TCP ports—not only standard ports 80 and 443 as reported by prior studies. This is a significant departure from previous work that found stateless HTTP/HTTPS blocking limited to standard ports. The HTTP filter injects a 403 Forbidden blockpage (not RST packets as used by the GFW), while HTTPS injects a single RST+ACK packet. The GFI also exhibits TCP non-compliance (not requiring a full three-way handshake to trigger filtering), enabling outside-in measurement without in-country servers.

2025-tai-irblock §2.1, §3.2 dpirst-injectionpacket-injectionmiddlebox-interference