Initial research indicates that even attempting to use 3rd Party DNS servers on some ISPs elicits a spoofed response which indicates that these ISPs are intercepting and monitoring ALL DNS queries you make. This presents a variety of concerns such as the accuracy of SPF, DNS-SEC or TXT responses but that’s a topic for another time.
Circumnavigation:
If you discover that you are getting faked responses and are unable to reach the correct webserver follow the steps below.
Get the A Record
Navigate to a website such as http://www.dnsstuff.com/tools
Look for the DNS Lookup tool
In the text box enter the URL you are trying to reach (e.g. www.google.com)
Select A from the record type
Submit the request and make a note of the IP address returned.
Edit the Hosts file
Windows
Start notepad.exe as an Administrator
Open C:\Widnows\System32\drivers\etc\hosts
Add the URL and the IP address in the format shown below; 173.194.34.67 www.google.com
Save the file ensuring that a file suffix isn’t appended
Linux / Mac
Open /etc/hosts as the superuser with your editor of choice (vim!)
Add the URL and the IP address in the format shown below; 173.194.34.67 www.google.com
Save the file ensuring that a file suffix isn’t appended
Testing
Load up a cmd prompt (Ctrl + R, type cmd, press return)
Type nslookup www.google.com
Ensure you receive the IP address you entered in the hosts file
If the ISP is using BGP filtering methods, Deep Packet Inspection (DPI) or a transparent proxy then this still may not work as they’ll detect traffic going to the blocked IP subnet and act accordingly.
Keep an eye on our How to Evade Blocks page and follow @STCPI on Twitter for more methods to discover and evade Internet censorship.
Basic DNS Filter Evasion: HOSTS file
Background:
Various ISPs such as Sky and BT use DNS manipulation to spoof responses that forwards requests to their proxy server instead of the correct response.
Taking BT as an example a request for a blocked site has been seen to return an IP from within this netblock instead;
inetnum: 213.120.234.0 - 213.120.235.255
netname: BT-UKIP-IPV4-INFRASTRUCTURE
descr: POP
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to [email protected]
remarks: New netname
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered
Sky commonly reports back with IPs from;
inetnum: 90.207.238.128 - 90.207.238.191
netname: SKY-IRONMAN-VIRTUALISATION-LAN
descr: Sky Network Services
country: GB
admin-c: BBH-RIPE
tech-c: BBH-RIPE
status: ASSIGNED PA
mnt-by: BSKYB-BROADBAND-MNT
source: RIPE # Filtered
Initial research indicates that even attempting to use 3rd Party DNS servers on some ISPs elicits a spoofed response which indicates that these ISPs are intercepting and monitoring ALL DNS queries you make. This presents a variety of concerns such as the accuracy of SPF, DNS-SEC or TXT responses but that’s a topic for another time.
Circumnavigation:
If you discover that you are getting faked responses and are unable to reach the correct webserver follow the steps below.
173.194.34.67 www.google.com173.194.34.67 www.google.comnslookup www.google.comIf the ISP is using BGP filtering methods, Deep Packet Inspection (DPI) or a transparent proxy then this still may not work as they’ll detect traffic going to the blocked IP subnet and act accordingly.
Keep an eye on our How to Evade Blocks page and follow @STCPI on Twitter for more methods to discover and evade Internet censorship.
Op
Anti Internet censorship trouble maker.
You might also like
Immunicity Returns
On the 2nd of October the Government Intellectual Property Office and the City of London Police PIPCU posted to twitter about how they’d diverted 11 million views from ‘pirate’ websites since July 2014. #IPCrimeReport15 – Since Jun 14, @CityPolicePIPCU divert 11m pirate web views to police pages http://t.co/iWi0DnVdDa pic.twitter.com/qlBsYYMFcx — IPO.GOV.UK (@The_IPO) October 2, 2015…
https://survivetheclaireperryinter.net/wp-content/uploads/2015/10/PhoenixFire.jpg
Introducing ASafe.Space
David Cameron recently said in a speech that he would deny potential Terrorists a safe space on the Internet to communicate; The obvious problem here is that everyone is a potential Terrorist so what David Cameron is actually promising that he intends to legislate against anyone having a means of communication that is secure from…
https://survivetheclaireperryinter.net/wp-content/uploads/2015/02/safe-150x150.jpg
Increase the Cost of Filtering to ISPs by Raising ADR Complaints
OFCOM has a lot of rules for ISPs to follow and under General Condition 14 (GC14.5 – Dispute Resolution) – all ISPs in the United Kingdom are required to be members of an approved ADR scheme like CISAS or Ombudsman Services, which are designed to supplement (not replace) the ISPs own internal complaints procedures and…
https://survivetheclaireperryinter.net/wp-content/uploads/2014/09/adr-150x150.jpg
Filters Are For Coffee – Not The Internet
Today is International Coffee Day so what better day to take the Open Rights Group tag line of “Filters Are For Coffee Not The Internet” and investigate the capabilities of the Internet filtering at various coffee locations. Costa Coffee / Cafe Nero – O2 Wifi DNS Spoofing: Partial MiTM SSL: No Deep Packet Inspection: Yes…
https://survivetheclaireperryinter.net/wp-content/uploads/2014/09/BwheKLxCQAAdzAP.jpg-large-150x150.jpg
Next ArticleBuilding a SOCKS5 Proxy with a Digital Ocean Server to Bypass UK Internet Filters