A typical DNS poisoning event consists of three steps: A client sends a DNS query to a DNS server, asking for the IP address of a sensitive domain; the GFW observes the query and injects a forged DNS response, telling the client a wrong IP address; the client receives the forged response, and attempts to connect to the wrong IP address. But what will happen after step 3? While packets sent to these wrong IP addresses are often believed to be dropped or null-routed; in this report, we document...
