Login

Forgot password?

We love free and open web!

Author Topic: Did your VPN stop working? Here's why.  (Read 5902 times)

Offline ryan

  • Newbie
  • *
  • Posts: 22
    • View Profile
Did your VPN stop working? Here's why.
« on: December 13, 2012, 07:20:52 AM »
Have you been using a VPN for awhile and sudenly it can no longer connect? When you check the log file, take note of the IP it was trying to log into. Most likely it is not the IP of your VPN company's server.

How are they (the GFW), doing this? It's called DNS poisoning.

Quote
Cache poisoning attacks
Normally, a networked computer uses a DNS server provided by the computer user's organization or an Internet service provider (ISP). DNS servers are generally deployed in an organization's network to improve resolution response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users serviced directly by the compromised server or indirectly by its downstream server(s) if applicable.

To perform a cache poisoning attack, the attacker exploits a flaw in the DNS software. If the server does not correctly validate DNS responses to ensure that they are from an authoritative source (for example by using DNSSEC) the server will end up caching the incorrect entries locally and serve them to other users that make the same request.

This technique can be used to direct users of a website to another site of the attacker's choosing. For example, an attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates files on the server they control with names matching those on the target server. These files could contain malicious content, such as a computer worm or a computer virus. A user whose computer has referenced the poisoned DNS server would be tricked into accepting content coming from a non-authentic server and unknowingly download malicious content.


Unlike the situation outlined in this Wiki quote, in China the government is poisoning it's own servers to disrupt people trying to use sights like FaceBook. And sometimes the the DNS servers in China screw up other countries internet conections as well.

Quote
DNS Screwup Accidentally Extends Great Firewall Of China To Chile And The US?

A bit surprised this story didn't get more attention, but apparently some sort of DNS networking "error" meant that certain computers in both the US and Chile came up against the infamous Great Firewall of China -- meaning many sites were suddenly inaccessible (and, one assumes, Google sent folks to Google Hong Kong):

Security experts are not sure exactly how this happened, but it appears that at least one ISP recently began fetching high-level DNS (domain name server) information from what's known as a root DNS server, based in China. That server, operated out of China by Swedish service provider Netnod, returned DNS information intended for Chinese users, effectively spreading China's network censorship overseas. China tightly controls access to a number of Web sites, using technology known colloquially as the Great Firewall of China.

The issue was reported Wednesday by Mauricio Ereche, a DNS admin with NIC Chile, who found that an unnamed local ISP reported that DNS queries for sites such as Facebook.com, Twitter.com and YouTube.com -- all of which have been blocked in China -- were being redirected to bogus addresses.

I'm reminded of the case when Pakistan tried to block YouTube and ended up blocking YouTube around the globe. Just a bit of a scary reminder of how fragile and interconnected the internet can be at times.



Offline Administrator

  • Administrator
  • Jr. Member
  • *****
  • Posts: 88
    • View Profile
How to fix DNS poisoning in China?
« Reply #1 on: December 13, 2012, 07:21:55 AM »
How to fix:

 They are changing the DNS for your VPN service to a different IP address.

There are a couple of workarounds to this problem.

1) Change the DNS servers your computer is using. You can use any number of free & open DNS servers like Google DNS or OpenDNS. If you're unsure on how to do this, simply google "Set custom dns servers on my computer" The problem with this solution is that the Chinese DNS servers have poisoned these sites IPs and you'll not be able to see these sites unless you have a working VPN.

Free DNS Server List: http://theos.in/windows-xp/free-fast-pu ... rver-list/
Public US DNS servers: http://www.topbits.com/public-dns-servers.html
How to find out what your DNS server is: http://www.cyberciti.biz/faq/how-to-fin ... ddress-is/
More helpful DNS server info: http://www.dnsserverlist.org/

2) Edit your local hosts file - you can edit your local hosts file for your computer (using only notepad or other plain text editor) and add the proper server addresse and name to the end of the line.

Save and restart your computer, and you should be connecting to the correct IP address.

How to edit which DNS server your computer logs into:
    * You can Click on Start button > Settings > Network connections
    * Double click on Local Area Connection
    * Click on Properties button
    * Select Internet Protocol (TCP/IP)
    * Click on Properties button and Look for Preferred DNS Server:

Image

Good Luck

PS. Wanna know who helped China set-up the GFW's DNS poisoning system? Veri-Sign did in 2007! China Network Communications Group signed with US-based VeriSign Incorporation, the world's largest domain name registry services provider, to launch the Chinese mirror server of root domain names. Thankyou American Capitalists for enabling the Communist Chinese to stop people from looking at what they want on the internet!