Injector 3 mirrors the probe packet's IP TTL in its injected reply rather than using a fixed TTL. This defeats TTL-limited localization probes: the injected reply only reaches the prober when the probe's initial TTL equals 2n−1 (where n is the hop distance to the injector); at lower TTLs the mirrored TTL is too small for the reply to return. All three injectors appear co-located (inter-probe delays within 0.2 ms of each other), confirmed from 7 vantage points across 5 continents, and the behavior is consistent across 62% of all 36K tested Chinese IP prefixes.

The GFW's DNS injection infrastructure comprises three distinct packet injectors, fingerprinted by combinations of IP-DF bit, IP-TTL behavior, DNS-AA flag, and DNS-TTL: Injector 1 (IP DF=0, incrementing IP TTL, DNS AA=1, DNS TTL=60) filters 88 domains including most Google properties; Injector 2 (IP DF=1, randomized IP TTL, DNS AA=0) handles ~24,729 domains; Injector 3 (IP DF=0, IP ID=0, fixed IP TTL, DNS AA=0) covers ~22,948 domains as a subset of Injector 2's domains. Over a 9-month study (Sept 2019–May 2020) sending 2.8 billion queries, 119.6 million forged responses were observed.

§4.1, Table 3 detection

Wallbleed was a buffer over-read in the GFW's DNS injection subsystem that caused middleboxes to append up to 125 bytes of their own process memory to forged DNS responses. The bug persisted for at least two years (confirmed from October 2021); the GFW issued an incorrect partial patch in November 2023 (Wallbleed v2 remained exploitable) and fully patched it in March 2024. Over 5.1 billion Wallbleed responses were collected during continuous measurement, and an IPv4-wide scan found 242 million IP addresses across 381 autonomous systems receiving Wallbleed-injected responses — including some traffic whose source and destination were both outside China, due to routing through China's network border.

2025-fan-wallbleed §1–§3, §7 dns-poisoningpacket-injection

Iran's DNS censor now injects two distinct block-page IPs: 10.10.34.36 (≈87% of 47,633 censored domains) and 10.10.34.34 (≈13%). Both originate from the same network node at Iran's border. Prior research (Aryan et al. 2013) described only 10.10.34.34. The IP injected correlates strongly with the HTTP censorship method applied: domains with 10.10.34.34 in DNS receive TCP RST via HTTP (86.8% of RST cases), while domains with 10.10.34.36 in DNS receive HTTP block pages (84.6% of block-page cases).

2025-lange-i-ra-nconsistencies §3.1, Table 2 dns-poisoningrst-injectionpacket-injection

Over 2.5 months (Nov 2024–Jan 15, 2025), IRBlock scanned all 11M Iranian IPv4 addresses daily, finding 6.8M IPs subject to DNS poisoning and HTTP blockpage injection, and 5.4M IPs subject to UDP-based traffic disruption. Testing over 700M FQDNs (500M apex domains) revealed 6M banned FQDNs from 3.3M censored apex domains. Of 537 active ASes in Iran, 485 (90.3%) exhibited blocking for at least 25% of assigned IPs. DNS and HTTP censorship overlapped at >99% of censored IPs; UDP blocking was a strict subset of DNS-censored IPs, affecting ~5M addresses.

2025-tai-irblock §5.1, §1 dns-poisoningpacket-injectionhttp3-quic-block

The GFI operates three distinct DNS/HTTP injectors with different fake IP addresses (10.10.34.34, 10.10.34.35, 10.10.34.36) and partially overlapping blocklists—mirroring the GFW's triplet-censor architecture. Injector 10.10.34.35 exhibits TTL reflection (injected response TTL = probe TTL − hop count), identical to the GFW. No IP exclusively receives injections from 10.10.34.34 (a smaller, selective component); the two primary injectors 10.10.34.35 and 10.10.34.36 handle the majority of censorship. Different injectors maintain distinct domain blocklists, meaning which domains a user sees as censored depends on routing through their AS.

2025-tai-irblock §5.4, Table 2 dns-poisoningpacket-injectiondpi

The GFW DNS injector vulnerability enabled reflective amplification attacks with a baseline factor of 4.04× (46-byte payload → 186-byte response). Combined with routing loops — approximately 1,000 destination IP addresses in China were found to loop packets across the GFW more than 30 times, with 159 persisting after two days and a maximum of 119 loop iterations per query — the effective amplification factor reached 481.17×, sufficient to generate 100 Gbps of attack traffic from just over 200 Mbps of source traffic.

2024-sakamoto-bleeding §5.2 Reflective Amplification Attack dns-poisoningpacket-injection

The GFW's DNS packet injector (Injector 3, identified by TTL mirroring and zero IP ID) contained an out-of-bounds read vulnerability: due to missing label-length and null-terminator validation, malformed DNS requests caused the injector to copy adjacent stack memory into forged responses. Over three days in October 2023, researchers collected over 1 TB of data containing over 13 billion leaks, ~87.43% with non-duplicate content, including live Internet traffic transiting China's backbone and stack frames of the GFW's packet-handling processes.

2024-sakamoto-bleeding §3 Vulnerability dns-poisoningpacket-injectiondpi