.png){kind=logo}
CS6250 / CS 6250 Final Exam (Latest Update 2025 / 2026) Computer Networks | Questions & Answers | Grade A | 100% Correct - Georgia Tech
Question:
What steps does Iris follow to measure DNS manipulation?
Answer:
- Global DNS queries - Queries thousands of domains via thousands of open
resolvers (with 3 controlled domains for a baseline).
- Annotating responses - Adds geo-location, AS, and HTTP data (from
Censys).
- PTR & TLS scanning - Uses PTR and TLS SNI certs to avoid false
inconsistencies from virtual hosting.
- / 4
Question:
How does Iris find DNS resolvers for measurements?
Answer:
- Scans IPv4 space for open DNS resolvers.
- Filters to keep only resolvers from Internet infrastructure (not home
routers).
Question:
What metrics does Iris use to detect DNS manipulation?
Answer:
Consistency Metrics: Check if domain access is consistent (IP, AS, HTTP
content, HTTPS certs).
Independent Verifiability Metrics: Cross-check with external data (e.g.,
HTTPS certificate validity).If both fail → DNS response considered manipulated.
Question:
What is connectivity disruption in Internet censorship?
Answer:
A censorship approach that interrupts network connectivity rather than just filtering content. It blocks or disrupts access to the Internet or parts of it by disrupting routing or packet forwarding. 2 / 4
Question:
How does routing disruption censor Internet access?
Answer:
Disrupts communication of routing info (e.g., BGP updates) so routers withdraw or change advertised prefixes.➡ Results in large parts of the network becoming unreachable.
Easily detectable by monitoring global routing changes.
Question:
What is packet filtering in the context of connectivity disruption?
Answer:
Blocks packets matching certain criteria at firewalls or switches to stop forwarding.
➡ Harder to detect than routing disruptions, requires active probing or traffic monitoring.
- / 4
Question:
What other methods can be included in connectivity disruption?
Answer:
DNS-based blocking Deep packet inspection by ISPs Client software blocking traffic Connectivity disruption can work on multiple network layers beyond routing and packet filtering.
Question:
What is the goal of the Augur system in connectivity disruption detection?
Answer:
To detect whether filtering exists between two hosts (a reflector and a site) by using a measurement machine that probes network behavior.
Question:
What is the significance of the IP ID field in Augur's detection method?
Answer:
IP ID is a 16-bit identifier assigned to every packet by a host.Usually implemented as a global counter incremented for every sent packet.By tracking IP ID increments, Augur infers how many packets a host has sent.
- / 4
.png)