Jump to content

Recommended Posts

Posted (edited)
20 minutes ago, MaiChai said:

Your router will give you an ip  and dns settings using dhcp. Typically the dns setting will either be the ip of the router or the isp's dns. Either way you can override it as mentioned. then you need a cmd dns tool such as nslookup. With this you can lookup a hostname and it should tell you which dns server gave you the lookup. Then you will know if your dns or the dhcp supplied dns is doing the lookup.

 

if you use a vpn, this sets up an encrypted tunnel to your vpn end point, which does your dns lookups for you. Hence the dns server/s will change when using a vpn. vpn is a good way of overriding your isps settings and doing some testing.

Thanks for the info, but it doesn't really tell me anything, or I don't know how to read it since the DNS is my local host.

 

Could you try to educate me further on this?

 

59b4e87a58e5a_dnslookup.JPG.5d1eb97b93fa2706c2463720d7eff8ca.JPG59b4e888c46e1_routingtable.JPG.76dae3fd04984fb62ce2789a9fb5ac7a.JPG

 

 

Edit : A nslookup command line tells me OpenDNS is used, so that is OK.

 

Now how about the warnings in the Netalyzr report?

Edited by janclaes47
Posted
2 hours ago, ubonjoe said:

A inflammatory post and a reply to it have been removed.

And again by the same poster. A repeat of it will result in formal warning.

Posted

Ignore the router.

 

On your laptop configure the network settings for your NIC to explicitly use DNS server 8.8.8.8

 

Run ipconfig /all to verify.

 

Then run tests. If you are still not using 8.8.8.8 for DNS resolution then the someone is redirecting your DNS queries.

 

don't rule out the possibility of an infection/spyware on your laptop.

Posted

I have 3BB VDSL and my speeds are 33+ down/8+ up with the supplied Huawei HG630V2 router, so I don't think the router is the problem causing your slow speeds.  I live NE of Surin about 1km from the village where my internet connection comes from. I stream geographically restricted content daily using a proxy service by changing the DNS settings on my laptop.  I have no speed or latency issues. If you need a proxy service, send me a pm. 

Posted
7 minutes ago, tweedledee2 said:

I have 3BB VDSL and my speeds are 33+ down/8+ up with the supplied Huawei HG630V2 router, so I don't think the router is the problem causing your slow speeds.  I live NE of Surin about 1km from the village where my internet connection comes from. I stream geographically restricted content daily using a proxy service by changing the DNS settings on my laptop.  I have no speed or latency issues. If you need a proxy service, send me a pm. 

I also have no speed issues, in fact with the ZTE router supplied by 3BB I get 33/5, but with the Huawei HG630V2 I only get about 22/3.

 

My speed to UK tested with testmy.net, also goes from ~8Mb to 3.5Mb if I use the Huawei router.

 

We have tried 4 Huawei and 2 ZTE routers so far, and all the same result.

Posted

Here on Samui, no problems with 3BB, fast efficient service, drop outs, yes lately due to some very bad solar storms effecting a lot of the world for the last 2 weeks. Satellite disruption as well as GPS problems.

I get what I pay for in speed, but again depends where you are downloading from and when. My dedicated download server downloads at over 100 mbs on most days.

Posted

I too have been looking into this hijacking of DNS queries supposedly to 'help' you by the ISPs who sometimes have a way of allowing you to opt out of it, but not always.  A good test is to 'Ping' an unresolvable address like http://www.normalbutfubar.com/ and if it resolves to an IP address then you know you're being hijacked.  If you have a router capable of it, you could try activating DNSSEC as long as your DNS provider supports it as well.  There's a good list here:  http://wiki.ipfire.org/en/dns/public-servers but it seems that even DNSSEC isn't that smart nowadays.  You can find out which IP address is presently resolving your DNS by going to http://whatsmyresolver.stdlib.net/

 

The only real way to try stop the ISP hijacking DNS is to ensure that DNS queries are sent somewhere of your choice over a VPN.  However, even if this is successful the ISP can still see which IP addresses you are accessing and do a reverse lookup to get the names.  So to be truly secure then you'd have to use the VPN for everything, DNS and IP addresses.  To find out what you'd been accessing someone would need to look at records held by the VPN provider.

 

While all this looks promising, you are being led up the path of thinking that VPNs are totally secure.  Unfortunately, both ISPs and Microsoft have been caught out using ways to read the content of VPN packets in the clear using 'man in the middle' attack technology because they 'don't like' traffic of unknown types.  While nobody is supposed to be spoofing digital certificates it's what you'd have to do if you were the security services, so don't think they're not doing it already.

 

To me, this confirms my suspicion that 'big brother' is watching all the time nowadays.  You can defend yourself by opting out of advertising but not opt out of being tracked,

Posted
7 hours ago, Guitar God said:

Also I've been paying 2650฿ for 100mb DL speeds and found out they've been selling the same service to new clients for ฿900 a month for over a year. 

Its only 700 Baht  now on the website

Posted (edited)
3 hours ago, DiDiChok said:

I too have been looking into this hijacking of DNS queries supposedly to 'help' you by the ISPs who sometimes have a way of allowing you to opt out of it, but not always.  A good test is to 'Ping' an unresolvable address like http://www.normalbutfubar.com/ and if it resolves to an IP address then you know you're being hijacked.  If you have a router capable of it, you could try activating DNSSEC as long as your DNS provider supports it as well.  There's a good list here:  http://wiki.ipfire.org/en/dns/public-servers but it seems that even DNSSEC isn't that smart nowadays.  You can find out which IP address is presently resolving your DNS by going to http://whatsmyresolver.stdlib.net/

 

The only real way to try stop the ISP hijacking DNS is to ensure that DNS queries are sent somewhere of your choice over a VPN.  However, even if this is successful the ISP can still see which IP addresses you are accessing and do a reverse lookup to get the names.  So to be truly secure then you'd have to use the VPN for everything, DNS and IP addresses.  To find out what you'd been accessing someone would need to look at records held by the VPN provider.

 

While all this looks promising, you are being led up the path of thinking that VPNs are totally secure.  Unfortunately, both ISPs and Microsoft have been caught out using ways to read the content of VPN packets in the clear using 'man in the middle' attack technology because they 'don't like' traffic of unknown types.  While nobody is supposed to be spoofing digital certificates it's what you'd have to do if you were the security services, so don't think they're not doing it already.

 

To me, this confirms my suspicion that 'big brother' is watching all the time nowadays.  You can defend yourself by opting out of advertising but not opt out of being tracked,

 

Thanks for the useful info, my router unfortunately doesn't have a DNSSEC setting anywhere, but the resolver shows me an OpenDNS IP.

 

Doing a ping to www.normalbutfubar.com gives me the same IP address as is mentioned in the Netalyzr report, even with a paid VPN, DNSleak and highest security settings enabled.

 

59b54d3bb7589_fubarping.JPG.d428b52f50c7b6e0e6280f922a0f8fda.JPG

 

Will have to read up on the wiki

Edited by janclaes47
Posted (edited)
6 minutes ago, Lordfoul said:

 

My browser isn't hijacked, because Netalyzr doesn't use my browser to run their tests, they connect to the isp from their servers, and they report that my ISP redirects traffic to that IP.

 

Netalyzr3.JPG.1b74fa5b20d242a42bcc0a52683077d7.JPG

Edited by janclaes47
Posted (edited)

You are correct, a person that make browser hijacking software would never create anything that would hijack DNS. I should have thought harder before I posted.

 

 

Edited by Lordfoul
Posted

I always have a good laugh when I see people that insist it is their right to access the internet in any way that they choose.  You subscribed to a service and your provider only has to provide service to you as they specify in their terms of service.  Any other attempts by you to use their system or equipment in ways that they don't allow is your problem you, not theirs.

By the way, if you think your service provider or any other service or web site you access on the internet is spying on you, don't be alarmed.  They are spying on you, capturing your data usage and history and profitably selling that information.  It's called Data mining and marketing companies love it.  If you want to hide or mask your internet usage, you really can't.  Just don't use the internet.

Posted
8 minutes ago, dansbkk said:

I always have a good laugh when I see people that insist it is their right to access the internet in any way that they choose.  You subscribed to a service and your provider only has to provide service to you as they specify in their terms of service.  Any other attempts by you to use their system or equipment in ways that they don't allow is your problem you, not theirs.

 

Maybe you could point me to the clause in their terms and conditions that says I'm not allowed to stream video and where they say they will redirect my traffic.

Posted

To  janclaes47:  I'm sorry to hear that your router doesn't have DNSSEC capability.  I am with a UK company called Virgin Media (VM) who do exactly the same kind of hijacking that you are experiencing.  However, VM does allow you to opt out of this and they call it 'Advanced Network Error Search' and I have opted out.  When turned off, mistyped web addresses will no longer be redirected to the ISPs search page.  By rights, you should be given the option to opt out because the feature can and does sometimes cause problems on home networks.  As usual for Thailand, I feel that maybe you are not asking this question in a way that 3BB can understand - maybe they call it something else?  Could you try asking the ISP again or search their web pages as I feel that it is not an unusual request?  There will be 3BB technicians who know all about this, it's just a question of finding someone to speak to somewhere like in 'second line support'.

 

I use DNS servers from DNSwatch on 84.200.69.80 and 84.200.70.40 but found that DNS queries were still being redirected incorrectly.  It turned out that this was because I was entering the numbers in what I though was the appropriate place but they were being overwritten when the router was obtaining its IP address from the ISP.  To correct the problem, I had to tell the router to use the DNS servers that I wanted used somewhere else in its configuration.

 

As DNS queries mostly go out on port 53 using UDP protocol, routers upstream of yours can always intercept the enquiry and redirect it somewhere other than where you wanted it to go (i.e. to your DNS provider), but it is unusual for this to be done by ISPs.  As you have already found out, what is not unusual is for enquiries that don't receive a reply to be redirected to an ISPs server.  I suppose that you could say that it's not really hijacking since only failed enquiries are redirected, but I think it is hijacking because the correct reply was actually 'not found'.

 

I've noticed that sometimes, certain Company local routers redirect DNS queries away from settings made on devices (PCs and Mobiles) so that the router's DNS settings become mandatory.  This is often done for instance when web pages can be delivered seamlessly from that Company's intranet and their DNS servers rather than through the internet.

 

I'll continue to watch this thread with interest.

Posted

3BB does have Man in the Middle server for port 80 connections (and perhaps 443, I don't remember)

you can check this by tcptraceroute command line app (not bundled with linux/windows, google it)

 

so I'm not suprised if they force to use their dns servers.

 

best way to bypass that is, using openvpn at router level at all times. A singapore 5 usd/month vps at digitalocean is your best friend.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...