Welcome Guest ( Log In | Register )

21 Pages « < 9 10 11 12 13 > » Bottom

Outline · [ Standard ] · Linear+

 YouTube Deep Packet Inspection, All HTTP connections being MITMed

views
     
Meek
post May 2 2013, 05:13 AM

Getting Started
**
Junior Member
58 posts

Joined: Apr 2013


QUOTE(zaini900 @ May 2 2013, 05:03 AM)
i'm unifi user. all links can be open.
*
Any chance you're on Google DNS?
Meek
post May 2 2013, 05:14 AM

Getting Started
**
Junior Member
58 posts

Joined: Apr 2013


QUOTE(KVReninem @ May 2 2013, 04:58 AM)
nope. ddos firing. icon_idea.gif

need advance server to fire back the line coming.
if someone could just hijack those firing and divert back to where the source, it will be awesome.
*
It's actually working fine now, making my previous post an embarassment. It's either admin did something, or it was just my imagination.
KVReninem
post May 2 2013, 05:48 AM

IX
*******
Senior Member
5,369 posts

Joined: Jan 2003
QUOTE(Meek @ May 2 2013, 08:14 AM)
It's actually working fine now, making my previous post an embarassment. It's either admin did something, or it was just my imagination.
*
its not imagination.

i got to the few pages too, so i`m just assume the admins must be sleepy tongue.gif
Upsilon
post May 2 2013, 06:00 AM

On my way
****
Senior Member
518 posts

Joined: Jan 2003
From: Subang Jaya



just a quick note, i am a unifi user here, and this is also not loading (on google dns)

http://www.youtube.com/watch?feature=playe...d&v=gEIEm3t4EG0

also briefly blogged this incident on a blog i co-author
http://www.techniama.com/blog/?p=481

EDIT: works after reloading a couple of times later (if i am lucky)

This post has been edited by Upsilon: May 2 2013, 06:07 AM
ebernie
post May 2 2013, 07:27 AM

On my way
****
Senior Member
540 posts

Joined: Dec 2004
From: Kuala Lumpur


QUOTE(zaini900 @ May 2 2013, 05:03 AM)
i'm unifi user. all links can be open.
*
Around 4-5 friends in Facebook tried, and they all couldn't access the blocked URLs. Facebook pages must be accessed using HTTPS to work, YouTube videos won't work unless they view newly uploaded videos.

How did you get it to work? Do share.
SUSvuetnam
post May 2 2013, 07:44 AM

Regular
******
Senior Member
1,259 posts

Joined: May 2012
From: Kaoshiung, Taiwan and Kuala Lumpur


QUOTE(prince_katana @ May 2 2013, 12:49 AM)
http://youtu.be/EDaqTgY-AzQ

who can open this video???
*
I can , using university's wifi
khelben
post May 2 2013, 07:52 AM

I love my mum & dad
*******
Senior Member
6,024 posts

Joined: Jan 2003
From: Suldanessellar



Anyone can play this video?

http://www.youtube.com/watch?&v=uI7xB3d2rNA
SUSvuetnam
post May 2 2013, 07:54 AM

Regular
******
Senior Member
1,259 posts

Joined: May 2012
From: Kaoshiung, Taiwan and Kuala Lumpur


QUOTE(khelben @ May 2 2013, 07:52 AM)
can
SUSaaronsuarez95
post May 2 2013, 08:11 AM

huehuehue
*****
Senior Member
721 posts

Joined: May 2012
From: Kuala Lumpur


stimix 2mbps user can't watch those videos, can access fb pages (selangor)
westthen
post May 2 2013, 08:12 AM

Regular
******
Senior Member
1,654 posts

Joined: Jan 2003
i can enter most of the sites...i use google dns
rao_05
post May 2 2013, 08:14 AM

New Member
*
Junior Member
14 posts

Joined: Jun 2007
QUOTE(vuetnam @ May 2 2013, 07:44 AM)
I can , using university's wifi
*
careful while using university's line.... they can monitor every single site you browse....

one of the uni ppl kena before torrent/ download some thing in uni... (forgot details)
chickenshit36
post May 2 2013, 08:35 AM

On my way
****
Junior Member
501 posts

Joined: Jun 2006


QUOTE(khelben @ May 2 2013, 07:52 AM)
i can't. im on maxis fibre
khelben
post May 2 2013, 08:53 AM

I love my mum & dad
*******
Senior Member
6,024 posts

Joined: Jan 2003
From: Suldanessellar



QUOTE(chickenshit36 @ May 2 2013, 08:35 AM)
i can't. im on maxis fibre
*
I'm on Maxis fibre too and I can't load that video.
WjLye
post May 2 2013, 08:59 AM

Getting Started
**
Junior Member
98 posts

Joined: Apr 2009
Dear Admin and Staff, with this post in LYN forum now, please be prepared for any kind of attack that's coming to you.
Save us from this information warfare !
Asali
post May 2 2013, 09:35 AM

Regular
******
Senior Member
1,661 posts

Joined: Oct 2012
It will be good if your guys could upload the Pcaps. I believe it's can be dissected in more clearance. Also, don't forget, in order to look in to more rigorous, it is requires to have one pcap from client and another one pcap from exact OCS.

This post has been edited by Asali: May 2 2013, 09:36 AM
TSrizvanrp
post May 2 2013, 09:43 AM

Getting Started
Group Icon
Elite
195 posts

Joined: Sep 2006



QUOTE(Asali @ May 2 2013, 09:35 AM)
It will be good if your guys could upload the Pcaps. I believe it's can be dissected in more clearance. Also, don't forget, in order to look in to more rigorous, it is requires to have one pcap from client and another one pcap from exact OCS.
*
I don't feel like uploading my PCAPs as it would reveal too much information on my internal network structure as well as on my remote servers. I could of course isolate the TCP streams + scrub layer 1/2 but I feel it would be better if other people could independently verify these findings as well. I have posted my full methodology + findings which anyone can replicate themselves.

Just in case it wasn't clear in the first post.. Since I do not have access to run PCAPs on YT's CDN servers, it was just luck that I realized the DPI was also affecting SOCKS traffic allowing me to perform a PCAP on the client as well my SOCKS servers. The TCP streams should have been identical (with the exception of the destination addresses being different due to the internal NAT on my home network and the server talking to my router's public WAN IP) .. but it's fairly obvious the return SOCKS traffic was dropped after my initial YT CDN request for those videos.

With the discovery of the GET request URI + Host header blocks for certain Facebook sites, I'm sure any network admin or security researcher worth their salt will be able to replicate those findings as well (wkkay already has.. and we came to the same workaround as well) laugh.gif
fat16
post May 2 2013, 09:48 AM

Look at all my stars!!
*******
Senior Member
4,582 posts

Joined: Jan 2003
From: West johor


QUOTE(khelben @ May 2 2013, 07:52 AM)
celcom also filter this video. TM is Celcom parent company.
xtylish
post May 2 2013, 09:49 AM

On my way
****
Junior Member
580 posts

Joined: Dec 2009
From: Malaysia


I can watch all the videos from Singapore though.
wKkaY
post May 2 2013, 09:54 AM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
QUOTE(Meek @ May 2 2013, 04:54 AM)
Completely unrelated, but since 5 minutes ago I'm getting "Lowyat forum is busy blablabla" every few clicks. Everything else works fine, downloading and uploading as usual.

What are the odds Lowyat server is that busy at almost 5am in Malaysia?
*
We perform backups at that hour. This should improve once we finalize our database migration to SSDs.
Mie131085
post May 2 2013, 10:07 AM

Getting Started
**
Junior Member
136 posts

Joined: Apr 2010
From: Melaka <-- -> Kuala Lumpur


QUOTE(khelben @ May 2 2013, 07:52 AM)
i can't. this time at office. using TM Net Streamyx sad.gif

21 Pages « < 9 10 11 12 13 > » Top
 

Change to:
| Lo-Fi Version
0.0144sec    0.33    5 queries    GZIP Disabled
Time is now: 28th March 2024 - 07:51 PM