A question of DNS...
Discussion
So I am trying to use a DNS service where it appears as though I'm in either the UK or US when I'm not. As I am travelling to Brazil for work for most of the summer, I'd like to keep in touch with UK programmes etc. Whilst this is simple enough to do on a blanket level (all my traffic) what I'd like to do is just route certain traffic via my 'international' DNS servers and the rest via Open DNS.
Is it possible to do this on the computer, as I don't want to start buggering around with my router.
Is it possible to do this on the computer, as I don't want to start buggering around with my router.
I think it is DNS. I'm currently testing this service: https://unlocator.com/
So when it's 'on' and I have my DNS set to the correct servers as per the setup, I can't make ITV Player work. However, with it off I can make ITV Player work. So what I would like to do, would be have a setup that says when using ITV.com/*** it uses these DNS servers, and when I use another site it uses my local DNS.
The service provider says "From then on you will automatically appear in the correct location needed to use the supported services. " however, as I've said it doesn't seem to work with ITV Player.
Does that clear it up?
So when it's 'on' and I have my DNS set to the correct servers as per the setup, I can't make ITV Player work. However, with it off I can make ITV Player work. So what I would like to do, would be have a setup that says when using ITV.com/*** it uses these DNS servers, and when I use another site it uses my local DNS.
The service provider says "From then on you will automatically appear in the correct location needed to use the supported services. " however, as I've said it doesn't seem to work with ITV Player.
Does that clear it up?
ViperDave said:
The thing that you have to bear in mind with these services is their security, especially if they are tweaking your DNS.
DNS is the internet equivalent of the phone book for someone who has a 15 minute memory for numbers. If you get a copy from BT you can be pretty sure the numbers contained within it are the numbers of the person you want to call, So you can pick it up, look up the number for your bank, give them a call and tell them your security details and pay your bills. On the other hand if you buy your phone book for that Nigerian bloke down the market who has a sideline in unclaimed estates and gold reserves. would you believe the number contained in the book for your bank, Would you know if the person who answers the phone is actually natwest or just someone who said "hello natwest here, whats your password".
If you want to gather data a good way is a man in the middle attack where they can sit in the middle of the conversation having convinced the client they are talking to the secured service, Its like you phoning your bank and they answer, but then they call your bank and put the two handsets together to forward the conversation, all the while listening in. That's ok, isn't my conversation encrypted i hear you cry. well the smart ones could set up the encryption between them and you and then another session between them and the destination service, everything on their server is unencrypted and subject to snooping, smart users may notice the invalid certificates, some my just click ok, not really understanding, who reads windows prompts these days anyway. some of your data may even be in clear text anyway.
But how do they get in the middle of your conversation with the bank, well that's where DNS poisoning comes in from our first lesson. If they control the DNS they control who you talk to. You type in www.facebook.com and they can send you wherever they want, wouldn't be hard to fake up a page that looks like facebook, and ask for your password, it would even say www.facebook.com in the address bar, same for your bank, ask you for three digits of your password, say its wrong ask for another three, then another where your really careful to type in the right ones as its your last go. They can pretty much do what they want with you. Their only problem is how to get control of your DNS service in the first place, as that usually set by your ISP, which unless your on a dodgy fake public wifi in starbucks, are usually trustworthy.
To do that they need a nice pot of honey. (if they haven't already given you free wifi in SB) and wouldn't you know, there are a whole lot of people out there wanting to pretend they are where they are not in order to watch a bit of TV from another country. So set up a service to proxy the TV, Do it via DNS tricks and proxy's, the whole thing is using the exact same services they need to man in the middle attack your data. Throw in a small charge for the service and they get some small change for the xmas party too with the added benefit of making the service look even more legit.
Sounds far fetched, do i know this lot are dodgy, haven't a clue but i can tell you one thing, they are already showing dishonesty by providing a service to bypass region content control. Its not a debate on the ethics of that, but its the first red flag. Also not saying you cant use such services and beat them at their own game but the risks are there and they are VERY high. Give away the trust in DNS and you cant trust anything unless you are very very careful.
If you want to use anything that redirects your traffic, be it a proxy, dns/proxy, browser plugin, etc, for god sake do it on a laptop used only for that, and if you use the same laptop for these things as your banking, email etc then we will see you back here sometime, if your lucky its just a virus they sent you to. if your not so lucky you may not be able to afford your ISP bill.
Very very interesting and has given me food for thought I have to say. Oddly, I've always used OpenDNS as my DNS server as I felt that they were 'safe', but given the flaws in OpenSSL of late I should question that as well.DNS is the internet equivalent of the phone book for someone who has a 15 minute memory for numbers. If you get a copy from BT you can be pretty sure the numbers contained within it are the numbers of the person you want to call, So you can pick it up, look up the number for your bank, give them a call and tell them your security details and pay your bills. On the other hand if you buy your phone book for that Nigerian bloke down the market who has a sideline in unclaimed estates and gold reserves. would you believe the number contained in the book for your bank, Would you know if the person who answers the phone is actually natwest or just someone who said "hello natwest here, whats your password".
If you want to gather data a good way is a man in the middle attack where they can sit in the middle of the conversation having convinced the client they are talking to the secured service, Its like you phoning your bank and they answer, but then they call your bank and put the two handsets together to forward the conversation, all the while listening in. That's ok, isn't my conversation encrypted i hear you cry. well the smart ones could set up the encryption between them and you and then another session between them and the destination service, everything on their server is unencrypted and subject to snooping, smart users may notice the invalid certificates, some my just click ok, not really understanding, who reads windows prompts these days anyway. some of your data may even be in clear text anyway.
But how do they get in the middle of your conversation with the bank, well that's where DNS poisoning comes in from our first lesson. If they control the DNS they control who you talk to. You type in www.facebook.com and they can send you wherever they want, wouldn't be hard to fake up a page that looks like facebook, and ask for your password, it would even say www.facebook.com in the address bar, same for your bank, ask you for three digits of your password, say its wrong ask for another three, then another where your really careful to type in the right ones as its your last go. They can pretty much do what they want with you. Their only problem is how to get control of your DNS service in the first place, as that usually set by your ISP, which unless your on a dodgy fake public wifi in starbucks, are usually trustworthy.
To do that they need a nice pot of honey. (if they haven't already given you free wifi in SB) and wouldn't you know, there are a whole lot of people out there wanting to pretend they are where they are not in order to watch a bit of TV from another country. So set up a service to proxy the TV, Do it via DNS tricks and proxy's, the whole thing is using the exact same services they need to man in the middle attack your data. Throw in a small charge for the service and they get some small change for the xmas party too with the added benefit of making the service look even more legit.
Sounds far fetched, do i know this lot are dodgy, haven't a clue but i can tell you one thing, they are already showing dishonesty by providing a service to bypass region content control. Its not a debate on the ethics of that, but its the first red flag. Also not saying you cant use such services and beat them at their own game but the risks are there and they are VERY high. Give away the trust in DNS and you cant trust anything unless you are very very careful.
If you want to use anything that redirects your traffic, be it a proxy, dns/proxy, browser plugin, etc, for god sake do it on a laptop used only for that, and if you use the same laptop for these things as your banking, email etc then we will see you back here sometime, if your lucky its just a virus they sent you to. if your not so lucky you may not be able to afford your ISP bill.
Edited by ViperDave on Wednesday 23 April 20:28
I've answered my original question, but this post has given me one or two more to consider. Thanks for taking the effort to type that out, it's appreciated.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff