Through Internet-scale BGP simulation against China, downstream-only decoy routing (Waterfall) with a single decoy AS provides equivalent resistance to routing attacks as a traditional upstream decoy system (e.g., Telex) with 53 decoy ASes. This efficiency gain arises because censoring ISPs can selectively re-route upstream traffic per destination but must re-route all or none of downstream traffic through each provider AS, making downstream-only routing far more expensive to evade.

Evaluation of the top 10,000 Alexa websites finds that 3,916 (39%) support HTTPS, of which 1,976 (50%) perform HTTP 3XX redirects that echo the requested path in the Location header and 812 (20%) replay the URL in HTTP 404 error responses — both usable as upstream covert channels readable by downstream-only decoy routers without intercepting upstream traffic.

§7.1.1 defense

Waterfall's Overt User Simulator caches previously loaded overt-website responses and replays them to generate cover traffic, overcoming Slitheen's 40% downstream throughput ceiling (caused by restricting covert replacement to leaf HTTP objects only). Because downstream-only decoy routers intercept all downstream TLS records — not just leaf content — Waterfall achieves higher covert capacity while perfectly mimicking overt browsing patterns against traffic analysis.

§9 defense

Table 2 shows that with 50 decoy ASes, the most powerful practical routing attack on downstream-only systems (rewiring-I) impacts 93% of China's routes (22.4% unreachable, 70% re-routed), compared to only 18.2% total impact from RAD on traditional upstream designs. Table 3 shows that even for Syria, the rewiring-II attack with just 1 downstream-only decoy AS already impacts 81% of routes versus 1.5% for RAD on upstream systems.

§4.2.1, Table 2, Table 3 evaluation

BGP simulation shows that a censor's source-block attack against 100 downstream-only decoy ASes disconnects 23% of Chinese Internet destinations, versus only 8% when applying the standard RAD attack against 100 upstream decoy ASes — imposing nearly 3× more unreachability collateral damage on the censor for the same decoy count.

§4.1.1, Figure 3 evaluation

Article 19 documents that Iran's National Information Network (NIN / SHOMA) was designed with explicit reference to China's Great Firewall as a model, with institutional mirroring: Iran's Supreme Council of Cyberspace parallels China's Cyberspace Administration of China, and both governments share a "cyber sovereignty" doctrine used to justify domestic content controls and cross-border technology transfer. The report frames Iran's filtering infrastructure as deliberately architected to replicate GFW capabilities, not as an independently developed system.

2026-article19-tightening-the-net §2, §3 dpisni-blockingdns-poisoningip-blockingbgp-hijackthrottling

On March 28, 2022, Russian ISP RTComm (AS8342) hijacked Twitter's IPv4 prefix 104.244.42.0/24 for approximately 45 minutes (12:05–12:50 UTC) and announced it to the global Internet as a blocking measure. The hijack was blunted because Twitter had preemptively registered RPKI route origin authorizations (ROAs) for its prefixes, causing RPKI-validating ASes worldwide to reject the hijacked route.

2023-ramesh-network §4.3 bgp-hijackasn-blackholing

For China (a highly connected, routing-capable adversary), the gossip protocol combined with any symmetric decoy routing design requires only 5 heavyweight downstream stations plus 880 lightweight upstream gossip stations — versus 880 heavyweight stations for purely symmetric designs. Five downstream stations alone impact 78% of routes from Chinese users, while a single downstream station already covers nearly 25% of traffic.

2018-bocovich-secure Table 2 / §3.2 bgp-hijack

Any one of five Indian ASes — each needing control of only its BGP-speaking routers — can individually censor traffic for all ~896 Indian ASes via IP prefix hijacking. For example, AS4755 (Tata Comm.) fake advertisements can impact 955 ASes total (896 Indian + 41 foreign); AS9730 (Bharti Telesonic) requires as few as 7 edge routers to execute such an attack.

2017-gosain-mending §4.3, Table 4 bgp-hijack

If India deployed centralized filtering at its key ASes, approximately 121,931 foreign-origin paths (1.15% of all Internet paths to censored sites worldwide) that transit Indian ASes would experience collateral blocking, affecting non-Indian users in Finland, Hong Kong, Singapore, Malaysia, the US, and elsewhere who have no connection to Indian censorship law.

2017-gosain-mending §4.1, §4.4 ip-blockingbgp-hijack

Internet connectivity is the primary determinant of RAD attack strength across nation-state censors: China (573 ASes, 858 ring ASes) achieves a censorship metric of 0.277 under profile T1, while Syria (4 ASes, 5 ring ASes) achieves only 0.101 with the same decoy budget. Venezuela, despite fewer total ASes than Saudi Arabia (44 vs. 107), achieves a higher censorship metric (0.210 vs. 0.197) owing to its disproportionately large ring AS count (835 vs. 176), confirming that ring AS count predicts RAD capability better than raw AS count.

2016-nasr-game §6.4 / Table 6 bgp-hijack