QUOTE(zaini900 @ May 2 2013, 05:03 AM)
Any chance you're on Google DNS?YouTube Deep Packet Inspection, All HTTP connections being MITMed
YouTube Deep Packet Inspection, All HTTP connections being MITMed
|
May 2 2013, 05:13 AM
|
Junior Member
58 posts Joined: Apr 2013 |
|
|
|
|
May 2 2013, 05:14 AM
|
Junior Member
58 posts Joined: Apr 2013 |
QUOTE(KVReninem @ May 2 2013, 04:58 AM) nope. ddos firing. It's actually working fine now, making my previous post an embarassment. It's either admin did something, or it was just my imagination.need advance server to fire back the line coming. if someone could just hijack those firing and divert back to where the source, it will be awesome. |
|
May 2 2013, 05:48 AM
|
Senior Member
5,369 posts Joined: Jan 2003 |
|
|
May 2 2013, 06:00 AM
|
Senior Member
518 posts Joined: Jan 2003 From: Subang Jaya |
just a quick note, i am a unifi user here, and this is also not loading (on google dns)
http://www.youtube.com/watch?feature=playe...d&v=gEIEm3t4EG0 also briefly blogged this incident on a blog i co-author http://www.techniama.com/blog/?p=481 EDIT: works after reloading a couple of times later (if i am lucky) This post has been edited by Upsilon: May 2 2013, 06:07 AM |
|
May 2 2013, 07:27 AM
|
Senior Member
540 posts Joined: Dec 2004 From: Kuala Lumpur |
QUOTE(zaini900 @ May 2 2013, 05:03 AM) Around 4-5 friends in Facebook tried, and they all couldn't access the blocked URLs. Facebook pages must be accessed using HTTPS to work, YouTube videos won't work unless they view newly uploaded videos.How did you get it to work? Do share. |
|
May 2 2013, 07:44 AM
|
Senior Member
1,259 posts Joined: May 2012 From: Kaoshiung, Taiwan and Kuala Lumpur |
QUOTE(prince_katana @ May 2 2013, 12:49 AM) I can , using university's wifi |
|
May 2 2013, 07:52 AM
|
Senior Member
6,024 posts Joined: Jan 2003 From: Suldanessellar |
|
|
May 2 2013, 07:54 AM
|
Senior Member
1,259 posts Joined: May 2012 From: Kaoshiung, Taiwan and Kuala Lumpur |
QUOTE(khelben @ May 2 2013, 07:52 AM) can |
|
|
|
May 2 2013, 08:11 AM
|
Senior Member
721 posts Joined: May 2012 From: Kuala Lumpur |
stimix 2mbps user can't watch those videos, can access fb pages (selangor)
|
|
May 2 2013, 08:12 AM
|
Senior Member
1,654 posts Joined: Jan 2003 |
i can enter most of the sites...i use google dns
|
|
May 2 2013, 08:14 AM
|
Junior Member
14 posts Joined: Jun 2007 |
|
|
May 2 2013, 08:35 AM
|
Junior Member
501 posts Joined: Jun 2006 |
QUOTE(khelben @ May 2 2013, 07:52 AM) i can't. im on maxis fibre |
|
May 2 2013, 08:53 AM
|
Senior Member
6,024 posts Joined: Jan 2003 From: Suldanessellar |
|
|
May 2 2013, 08:59 AM
|
Junior Member
98 posts Joined: Apr 2009 |
Dear Admin and Staff, with this post in LYN forum now, please be prepared for any kind of attack that's coming to you.
Save us from this information warfare ! |
|
|
|
May 2 2013, 09:35 AM
|
Senior Member
1,661 posts Joined: Oct 2012 |
It will be good if your guys could upload the Pcaps. I believe it's can be dissected in more clearance. Also, don't forget, in order to look in to more rigorous, it is requires to have one pcap from client and another one pcap from exact OCS.
This post has been edited by Asali: May 2 2013, 09:36 AM |
|
May 2 2013, 09:43 AM
|
Elite
195 posts Joined: Sep 2006 |
QUOTE(Asali @ May 2 2013, 09:35 AM) It will be good if your guys could upload the Pcaps. I believe it's can be dissected in more clearance. Also, don't forget, in order to look in to more rigorous, it is requires to have one pcap from client and another one pcap from exact OCS. I don't feel like uploading my PCAPs as it would reveal too much information on my internal network structure as well as on my remote servers. I could of course isolate the TCP streams + scrub layer 1/2 but I feel it would be better if other people could independently verify these findings as well. I have posted my full methodology + findings which anyone can replicate themselves.Just in case it wasn't clear in the first post.. Since I do not have access to run PCAPs on YT's CDN servers, it was just luck that I realized the DPI was also affecting SOCKS traffic allowing me to perform a PCAP on the client as well my SOCKS servers. The TCP streams should have been identical (with the exception of the destination addresses being different due to the internal NAT on my home network and the server talking to my router's public WAN IP) .. but it's fairly obvious the return SOCKS traffic was dropped after my initial YT CDN request for those videos. With the discovery of the GET request URI + Host header blocks for certain Facebook sites, I'm sure any network admin or security researcher worth their salt will be able to replicate those findings as well (wkkay already has.. and we came to the same workaround as well) |
|
May 2 2013, 09:48 AM
|
Senior Member
4,582 posts Joined: Jan 2003 From: West johor |
QUOTE(khelben @ May 2 2013, 07:52 AM) celcom also filter this video. TM is Celcom parent company. |
|
May 2 2013, 09:49 AM
|
Junior Member
580 posts Joined: Dec 2009 From: Malaysia |
I can watch all the videos from Singapore though.
|
|
May 2 2013, 09:54 AM
|
VIP
6,008 posts Joined: Jan 2003 |
QUOTE(Meek @ May 2 2013, 04:54 AM) Completely unrelated, but since 5 minutes ago I'm getting "Lowyat forum is busy blablabla" every few clicks. Everything else works fine, downloading and uploading as usual. We perform backups at that hour. This should improve once we finalize our database migration to SSDs.What are the odds Lowyat server is that busy at almost 5am in Malaysia? |
|
May 2 2013, 10:07 AM
|
Junior Member
136 posts Joined: Apr 2010 From: Melaka <-- -> Kuala Lumpur |
QUOTE(khelben @ May 2 2013, 07:52 AM) i can't. this time at office. using TM Net Streamyx |
Change to: | 0.0144sec
0.33
5 queries
GZIP Disabled
Time is now: 28th March 2024 - 07:51 PM |