Extending Geneva's genetic algorithm to the application layer automatically discovered 77 unique HTTP evasion strategies and 9 DNS evasion strategies against censors in China, India, and Kazakhstan — all requiring only unprivileged usermode modifications with no TCP/IP header access. Against India's Airtel censor, 56 of the 77 strategies succeeded; 29 worked against Kazakhstan; 22 evaded China's keyword-based HTTP censorship and 27 evaded its Host-header censorship.

China's Great Firewall runs three independent DNS censorship injectors in parallel; elevating the DNS qdcount field to 2 (despite only one query being present, violating RFC 1035) evades all three injectors simultaneously with 100% success rate across 1,000 trials — but only Cloudflare (1.1.1.1) among eight tested open resolvers responds to such queries. DNS compression paired with an elevated qdcount also achieves 100% evasion of all three injectors but is supported only by Cloudflare and Google (8.8.8.8).

§6, Table 3 evaluation

China's GFW keyword-based and Host-header HTTP censorship can be simultaneously defeated by a 'sandwich' strategy: a header with a name ≥64 bytes must appear before the Host header, the Host header value must start ≥1,281 bytes from the start of the headers, and the final header must be ≥129 bytes total — and the Host header must not be first or last. A 64+ byte header name alone is sufficient to defeat Host-header censorship because it prevents the GFW from reading further headers.

§5.2 defense

India's Airtel HTTP censor fails to reassemble TCP segments: padding any HTTP request to at least 1,449 bytes causes the IP+TCP overhead (52 bytes) to push the total past the Ethernet MTU of 1,500 bytes, forcing segmentation that the censor cannot handle and achieving 100% evasion. Kazakhstan requires the segmentation boundary to fall precisely between the Host header name and value (with two trailing spaces), rather than anywhere in the request.

§5.2 evaluation

A central finding of the paper is that RFC-compliance in the censor creates evasion opportunities: the more faithfully a censor parses HTTP/DNS per the RFC, the more RFC-permitted variants it will pass that servers also accept, yielding more viable evasion strategies. In contrast, India's Airtel censor was the most brittle (56/77 strategies bypassed it) precisely because it failed on many legitimate RFC variants; China's more sophisticated parser left fewer openings.

§5.1, §7 detection

Table 1 of the survey documents that by 2013–2014 censors were deploying simultaneous blocking across BGP, DNS, IP/port filtering, TCP disruption, TLS, and application-layer keyword filtering. No single detection tool in the survey covers all six layers; the most comprehensive, OONI (2012), covers DNS, IP/port, TCP, TLS, keyword, and HTTP but notes only partial BGP coverage.

2015-aceto-internet Table 1 bgp-hijackdns-poisoningport-blockingip-blockingrst-injectiontls-fingerprintkeyword-filteringdpi

OONI's experiment-control methodology explicitly favors false positives over false negatives: it is preferable to generate more censorship candidate events for further investigation than to miss genuine interference. Mismatch between experiment and control data is not always a definitive signal of manipulation but is treated as sufficient cause for flagging, and data collection and analysis are treated as distinct phases.

2012-filast-ooni §4 Methodology measurement-platformdpikeyword-filteringdns-poisoningrst-injection

TTL-based path analysis showed that all censorship actions (DNS poisoning, HTTP injection, TLS resets) in the June 2025 shutdown occurred at the same network hop across all tested ISPs, indicating a single centralized national border gateway—likely TCI AS gateways—rather than per-ISP enforcement. Global BGP announcements were kept intact throughout, making the shutdown invisible to routing monitors while domestic connectivity collapsed.

2025-aryapour-stealth-blackout §4.5 dpidns-poisoningrst-injection

TLS connections to blocked services (instagram.com, telegram.org) were terminated by TCP RST immediately after the client's ClientHello, before any certificate exchange, confirming SNI-based DPI that reads the plaintext SNI extension and aborts the handshake. HTTP filtering additionally matched Host headers and URL keywords case-sensitively, with injected HTTP 403 pages or TCP RST responses, and case-change evasions were sometimes effective.

2025-aryapour-stealth-blackout §4.2, §4.3 sni-blockingdpirst-injectionkeyword-filtering

Iran's HTTP censor exhibits several parsing inconsistencies exploitable for evasion: (1) it is case-sensitive and ignores lowercase method variant "gET"; (2) it does not censor the Host header for HTTP version strings "HTTP", "1.1", and "example" (suggests a version regex of HTTP/.*); (3) when the Host header is absent, the path is not censored for versions "HTTP" and "HTTP/1"; (4) the body is never analyzed regardless of version. All HTTP and DNS censorship occurs at the same last-hop border node, suggesting centralized architecture.

2025-lange-i-ra-nconsistencies §3.2, Table 1 dpikeyword-filteringrst-injection

GFWeb tested 1.02 billion domains against the GFW over 20 months and discovered 943,000 pay-level domains blocked by HTTP filters and 55,000 by HTTPS filters — the largest GFW blocklist dataset ever published. The HTTP-to-HTTPS ratio (17:1) confirms that the GFW's HTTPS keyword-based and SNI-based blocking covers far fewer domains than its HTTP host-header blocking, likely because HTTPS blocks carry higher collateral-damage risk.

2024-hoang-gfweb Abstract, §5.1 dpidns-poisoningip-blockingkeyword-filteringsni-blocking