Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> YouTube Deep Packet Inspection, All HTTP connections being MITMed

views
     
TSrizvanrp
post May 1 2013, 04:00 AM, updated 10y ago

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



Hi all,

I'm experiencing some anomalies while streaming videos off YouTube on Unifi. For certain 'political' videos -- I've observed that the HTTP connection for the videoplayback stream to YT's local CDNs are being disrupted as follows :

1. Client video player makes a connection to the YT CDN
2. HTTP GET request is sent

There's a few different behaviors after this .. :

3a. HTTP 200 OK is received however it arrives 90 seconds later (should be instant) :
user posted image

3b. HTTP 200 OK is received instantly, first 1-4KB of video stream traffic is sent (allowing the YT player to show the first frame of the video with a timestamp of 0:00).. then no traffic is received for 90 seconds once again :
user posted image

There's a duplicate TCP ACK when the stream returns, did my ACK at packet #271 ever reach the CDN in the first place??

Further testing :

1. Using an unencrypted SOCKS proxy on a remote server + non standard TCP port results in the same behavior with packet loss between the client and SOCKS proxy server

2. Using an encrypted SSH tunnel to the same remote server results in absolutely no issues with viewing the videos

Sample videos :
http://www.youtube.com/watch?v=hHTz22bTBRw
http://www.youtube.com/watch?v=uVWxB4AWOxc

UPDATE :

I performed a simultaneous packet capture on both my client + remote server while encapsulating the HTTP connection via plaintext SOCKS. All the video payload packets were dropped en route back to my SOCKS client :

user posted image

Dafuq?

UPDATE 2 :

Confirming all plaintext HTTP connections on Unifi (and maybe Celcom + Maxis) are being man-in-the-middle'd and dropped if they contain blacklisted data.

UPDATE 3 :

Other sources confirming this .. (thanks wkkay):

https://plus.google.com/1013966581485225280...sts/ak6opfbDxwa

UPDATE 4 :
What we know :

i. The DPI isn't only being used to selectively block YouTube videos, however unencrypted Facebook pages belonging to certain parties are also being blocked. You can get around this by appending 'https://' to the Facebook URLs rather than trying to use 'http://'.

ii. The DPI is based on TCP segment analysis. Basically, every single TCP packet has its payload analyzed for certain request URI strings that have been blacklisted. Obfuscation attacks such as packet fragmentation (splitting a large TCP payload containing a single HTTP request into smaller TCP segments) as well as packet padding (appending large amount of junk data to the HTTP request URI in order to force the 'HTTP/1.1\r\n' trailer into a separate TCP segment) will also work however you need specialized HTTP proxy software or iptables rules (on Linux) to do this.

iii. Once a blacklisted payload is detected within a packet, the header information for the TCP stream (SRC/DST port + SRC/DST IP address) is added to some kind of blacklist for 90 seconds. This causes all traffic for that particular TCP stream to be dropped for 90 seconds (hence the 90 second gaps in my packet capture samples above). This is also why some of you have noticed that if you wait long enough (well, 90 seconds in my tests).. the videos/sites that are blocked will eventually continue to load. Due to the persistent nature of TCP, once the 90 second blacklist window passes.. your TCP stream will continue and the payload data for whatever you're requesting will reach your computer.


Mitigation techniques :

i. Use 'https://' wherever possible (especially on Facebook). Users in the thread have recommended HTTPS Everywhere which is a Firefox/Chrome addon to do this automatically for most major websites.

* While YouTube supports HTTPS for their main website, their player does not support it so even if you were to use HTTPS on YT.. the videos won't load.

ii. For accessing blocked YouTube videos, you can use some of the various YouTube proxy sites such as ProxFree.

iii. Get a VPN/SSH tunnel service if you're worried about having your HTTP requests intercepted.


UPDATE 5 :
Response from MCMC
QUOTE
GE13: ISPs not restricting access, says MCMC
By PATRICK LEE

SUNGAI PETANI: Internet Service Providers (ISP) have not been restricting access to local online portals, according to the Malaysian Communications and Multimedia Commission (MCMC). "Preliminary investigations indicate no such restrictions by ISPs as alleged by certain quarters," it said in a statement.

It said network congestion could have caused users to experience difficulties in accessing the sites, adding there was an increase in traffic for GE13-related articles.
Hey, here's a simple test you can do with less than 2 commands on a Linux box + Wireshark :

CODE
wget http://www.facebook.com/DAPMalaysia

user posted image

So a HTTP GET request for /DAPMalaysia results in the query taking 109 seconds to respond along with 8 TCP retransmissions (I'm basically getting 0 TCP responses from the server for 109 seconds). Let's see what happens when we request for the exact same URL however we append 1500 bytes of junk URI padding to the end :

CODE
#!/bin/bash
for i in {1..1500}
do
PADDING=$PADDING"A"
done
wget "http://www.facebook.com/DAPMalaysia?test="$PADDING

.. which results in ..
CODE
wget "http://www.facebook.com/DAPMalaysia?test=AAAAA... (1500 times)"

user posted image

Oh? What do you know, no issues at all. Apparently appending an extra 1500 bytes of junk data to every HTTP request in a 'congested' network results in less network congestion. Who would have guessed /s

---

My final comments on this issue ..

I'm pretty apolitical when it comes to the Internet and networking. The only reason I have to keep testing what some may call PR-friendly URLs is because it seems that the only time we have 'congestion' is when accessing such content.. and the 'congestion' goes away the moment you obfuscate the requests enough. With the resources that the MCMC has available to debug these kind of issues, I'm honestly surprised they haven't figured this out already.

The tests we've done here show at the very least there is some kind of HTTP request inspection happening and traffic is being dropped once certain strings have been identified. As Internet users and/or caretakers, we should be against any form of Internet censorship. I leave you with these two articles hosted on the MCMC/SKMM website :

http://www.skmm.gov.my/Media/Press-Clippin...sur-fitnah.aspx
QUOTE
SKMM pantau, sekat blog ada unsur fitnah
03/03/2013, Berita Harian

Butterworth: Suruhanjaya Komunikasi dan Multimedia Malaysia (SKMM) akan memantau dan menyekat mana-mana blog yang didapati memuatkan kenyataan berunsur fitnah menjelang Pilihan Raya Umum Ke-13 (PRU-13).

Timbalan Menteri Penerangan, Komunikasi dan Kebudayaan, Senator Datuk Maglin Dennis D'Cruz, berkata kebanyakan blog yang disiasat SKMM kebanyakannya mempunyai agenda tersendiri dengan menulis kenyataan yang tidak betul dan cuba berbohong untuk menjatuhkan maruah seseorang.
“Oleh itu, sempena PRU-13, SKMM diminta memantau dan menyekat mana-mana blog yang cuba menjatuhkan seseorang dengan menulis perkara tidak benar dan mempunyai unsur fitnah, sama ada pada pihak pembangkang atau Barisan Nasional (BN). Kita mahu PRU-13 berjalan aman tanpa sebarang isu,” katanya.


Beliau berkata demikian selepas merasmikan Program Kenali dan Mesra Jiran Peringkat Negeri Pulau Pinang di Rumah Pangsa Taman Bagan, di sini semalam. Hadir sama, Ketua UMNO Bagan, Datuk Abdul Latiff Mirasa; Penyelaras BN Bagan Dalam, M Karuppanan dan Penyelaras BN Parlimen Bagan, David Chua Teik Siang.


http://www.skmm.gov.my/Media/Press-Clippin...edia-In-Ge.aspx
QUOTE
MCMC To Monitor, Control Use Of Social Media In General Election 13 To Prevent Abuse
02/03/2013, Bernama

BUTTERWORTH, March 2  (Bernama) -- The Malaysian Communications and Multimedia Commission (MCMC) is looking into suitable methods to monitor and control the use of social media in the 13th general election (GE13).

Deputy Information Communications and Culture Minister Datuk Maglin Dennis D'Cruz said this was to ensure that the social media would not be abused by irresponsible quarters to achieve their own political agenda.

Last week, Prime Minister Datuk Seri Najib Tun Razak said the GE13 would be the first 'social media election' in the country where internet would be widely used as a campaign tool.

The MCMC will monitor all users of social media, regardless of their political beliefs, to ensure peace and smooth running of the GE13, Maglin said after opening the 'Know Your Neighbours' programme organised by Penang Information Department at Taman Bagan flats here Saturday.

The deputy minister said the monitoring of the social media was vital as certain quarters were only good at making baseless allegations and spreading lies to gain political mileage, adding that he himself had once fallen victim to such lies and accusations.

Maglin said the culture of making baseless allegations and distorting facts among politicians was indeed unhealthy and would only confuse the public, especially the young generation.

"They should not be so selfish and lie just for the sake of gaining political mileage because what matters most in politics was to ensure that the people will live in peace and harmony.

"Therefore, the public, especially the young voters should be wise enough to do their parts in selecting the right government with vast experience in managing the country, so that their future will be secured.

"Don't believe the lies and accusations made by those whose aim is only to create disharmony among the people," he added.

user posted image

This post has been edited by rizvanrp: May 3 2013, 07:04 AM
Volvagia356
post May 1 2013, 10:45 AM

New Member
*
Newbie
3 posts

Joined: Oct 2010


Confirmed on my side. Doesn't work on UniFi, works perfectly via SSH tunnel. Also, I've noticed that if I WHOIS the IP address of the CDN server, it's a TMNet address.
JinXXX
post May 1 2013, 10:49 AM

Look at all my stars!!
*******
Senior Member
2,495 posts

Joined: Feb 2007
From: Uarla Umpur



maybe someone should report to youtube regarding this.. if "someone" is really messing with youtube's CDN

can we open a streaming session using https ?

im guessing they are detecting the video id .com/?v=xxxxxx and using that as a key block ?

best if we use other methods to download the same video .. reupload it .. and streaming it back...

im guessing there won't be any problem.. with that

This post has been edited by JinXXX: May 1 2013, 10:52 AM
SUSMNet
post May 1 2013, 11:10 AM

10k Club
********
All Stars
11,954 posts

Joined: May 2007



i can see the video no problem
TSrizvanrp
post May 1 2013, 11:14 AM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



@volvagia356
The local CDNs are hosted by TM

@jinxxx
Can't use HTTPS for streaming, I tried but Google's YT CDNs aren't configured for it. They return an invalid cert and a HTTP 5xx error. The DPI is inspecting the '/videoplayback?' request. I was able to bypass the block without using an encrypted tunnel by appending 1000 bytes of junk padding to the end of the '/videoplayback?' request.. I guess this causes their protocol classifier to screw up.

Based on the behavior, it seems the 90 second delay is because after they detect a blacklisted video stream, it starts dropping traffic from the source for 90 seconds. There's a small gap where 1-4KBs of data can slip through because I guess it takes some CPU cycles to update their source IP + TCP port blacklist. If you can still receive the retransmitted TCP ACK from YT's servers (after the 90 second block), your video will play normally.

This is still pretty scary IMO.. it's looking into all unencrypted protocols on all ports. Running 24/7 via a VPN now just to be safe.
JinXXX
post May 1 2013, 11:22 AM

Look at all my stars!!
*******
Senior Member
2,495 posts

Joined: Feb 2007
From: Uarla Umpur



QUOTE(rizvanrp @ May 1 2013, 11:14 AM)
This is still pretty scary IMO.. it's looking into all unencrypted protocols on all ports. Running 24/7 via a VPN now just to be safe.
*
yeah its in deed scary, possible to cross check the "tech" that they use to block ? or are they using sandvine to block it as its a DPI used on streamyx for bt traffic...

maybe we should monitor it a few more days.. you did the test located in which area ? maybe they starting to online/production the DPI systems one by one according to area...
Volvagia356
post May 1 2013, 12:11 PM

New Member
*
Newbie
3 posts

Joined: Oct 2010


I've tried blocking TM's CDN
CODE
iptables -A OUTPUT -d 58.27.108.142 -j DROP

and making it directly go to Google (173.194.38.132), but looks like it's still blocked.
lsding
post May 1 2013, 02:09 PM

New Member
*
Junior Member
12 posts

Joined: Mar 2013
I am using Celcom Broadband now and also cannot load the above two videos link. where is our freedom of information?
zaqplm
post May 1 2013, 04:13 PM

New Member
*
Junior Member
12 posts

Joined: Sep 2005


I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos.

You can also test the links below:

http://www.facebook.com/DAPMalaysia <-- Fails to open
https://www.facebook.com/DAPMalaysia <-- Opened OK
TSrizvanrp
post May 1 2013, 05:28 PM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



@zaqplm

Holy shit you're right :

CODE
echo -e 'GET /DAPMalaysia HTTP/1.1\r\nHost: www.facebook.com\r\n\r\n' | nc.traditional any.ip.address 80

.. fails after first ACK with TCP stream being dropped :
user posted image

Anything else :

CODE
echo -e 'GET /DAPMereisia HTTP/1.1\r\nHost: www.facebook.com\r\n\r\n' | nc.traditional any.ip.address 80

.. works without any issues :
user posted image

They're inspecting all HTTP request and blocking anything with 'Host: *facebook.com' with a GET request method for '/DAPMalaysia'..! Btw are you on Maxis fiber over TM infra or directly in a Maxis broadband area?

What kind of third world country is this

This post has been edited by rizvanrp: May 1 2013, 05:32 PM
zaqplm
post May 1 2013, 06:07 PM

New Member
*
Junior Member
12 posts

Joined: Sep 2005


QUOTE(rizvanrp @ May 1 2013, 05:28 PM)
@zaqplm

Holy shit you're right :

CODE
echo -e 'GET /DAPMalaysia HTTP/1.1\r\nHost: www.facebook.com\r\n\r\n' | nc.traditional any.ip.address 80

.. fails after first ACK with TCP stream being dropped :
user posted image

Anything else :

CODE
echo -e 'GET /DAPMereisia HTTP/1.1\r\nHost: www.facebook.com\r\n\r\n' | nc.traditional any.ip.address 80

.. works without any issues :
user posted image

They're inspecting all HTTP request and blocking anything with 'Host: *facebook.com' with a GET request method for '/DAPMalaysia'..! Btw are you on Maxis fiber over TM infra or directly in a Maxis broadband area?

What kind of third world country is this
*
I'm using normal 3G HSDPA broadband dongle with a Maxis sim card.
JinXXX
post May 1 2013, 08:55 PM

Look at all my stars!!
*******
Senior Member
2,495 posts

Joined: Feb 2007
From: Uarla Umpur



QUOTE(zaqplm @ May 1 2013, 04:13 PM)
umobile data plan
confirm can load... cause can also torrent smile.gif

This post has been edited by JinXXX: May 1 2013, 08:56 PM
andrew9292
post May 1 2013, 09:28 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


Had the same symptomps with u guys, now i know why everything else in 1080p is rocket fast. But 'rocket' videos are all 'crashing'
runsing
post May 1 2013, 09:44 PM

Casual
***
Junior Member
381 posts

Joined: Jan 2011
From: Alor Setar, Kedah


QUOTE(zaqplm @ May 1 2013, 04:13 PM)
I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos.

You can also test the links below:

http://www.facebook.com/DAPMalaysia  <-- Fails to open
https://www.facebook.com/DAPMalaysia  <-- Opened OK
*
i'm on tmnet's SDSL. fixed ip.
unable to open the 1st link. able to open the 2nd. sweat.gif

getting more and more desperate eh, good. savor the feeling. maybe you'll be good government in the far future, but coming may 5th, try play opposition for some time, BN

TSrizvanrp
post May 1 2013, 09:58 PM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



QUOTE(Volvagia356 @ May 1 2013, 12:11 PM)
I've tried blocking TM's CDN
CODE
iptables -A OUTPUT -d 58.27.108.142 -j DROP

and making it directly go to Google (173.194.38.132), but looks like it's still blocked.
*
This works for me :

CODE
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10

Fragmenting the blacklisted HTTP requests into smaller TCP segments bypasses the blocks. It seems they are analyzing traffic on a per TCP segment basis.
Maxieos
post May 1 2013, 10:10 PM

Look at all my stars!!
*******
Senior Member
3,584 posts

Joined: May 2008
Temp solution
http://www.proxfree.com/youtube-proxy.php

This post has been edited by Maxieos: May 1 2013, 10:16 PM
wKkaY
post May 1 2013, 10:14 PM

misutā supākoru
Group Icon
Admin
6,008 posts

Joined: Jan 2003
I tried the accessing the DAP facebook page and confirm that something is blocking it.

I also found a way to defeat their DPI. They are matching within a single packet instead of a stream. So if you make your HTTP request in two segments, one containing the URL and another containing the Host header, your request will not be filtered.

This (python code) will get stuck:
CODE
from socket import socket, IPPROTO_TCP, TCP_NODELAY
s = socket()
s.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
s.connect(("www.facebook.com", 80))
s.send("GET /DAPMalaysia HTTP/1.1\r\nHost: www.facebook.com\r\n\r\n")
print s.recv(65536)


While this one succeeds:
CODE
from socket import socket, IPPROTO_TCP, TCP_NODELAY
s = socket()
s.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
s.connect(("www.facebook.com", 80))
s.send("GET /DAPMalaysia HTTP/1.1\r\n")
s.send("Host: www.afacebook.com\r\n\r\n")
print s.recv(65536)

wKkaY
post May 1 2013, 10:15 PM

misutā supākoru
Group Icon
Admin
6,008 posts

Joined: Jan 2003
QUOTE(rizvanrp @ May 1 2013, 09:58 PM)
This works for me :

CODE
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10

Fragmenting the blacklisted HTTP requests into smaller TCP segments bypasses the blocks. It seems they are analyzing traffic on a per TCP segment basis.
*
Damn, you posted this 15 minutes before I did! tongue.gif
SUSmechanicalKB
post May 1 2013, 10:15 PM

On my way
****
Senior Member
577 posts

Joined: Apr 2012
Could be where they insert the elections video? You know the ones that you have to view ads before you can play your intended video?
cyberloner
post May 1 2013, 10:18 PM

Regular
******
Senior Member
1,551 posts

Joined: May 2005
From: Penang


shit nia block now............ lol too late..... we change goverment!
prasys
post May 1 2013, 10:19 PM

Heros Never Die
Group Icon
Staff
12,925 posts

Joined: Mar 2005
From: Kuala Lumpur
QUOTE(mechanicalKB @ May 1 2013, 10:15 PM)
Could be where they insert the elections video? You know the ones that you have to view ads before you can play your intended video?
*
If that was the case , you are able to access the facebook page. It is not that , as wkkay pointed out , they are analyzing packets. I am not sure what is their purpose yet
lwk523
post May 1 2013, 10:19 PM

Premium Q Trader
******
Senior Member
1,013 posts

Joined: Mar 2006


AFter this GE13 , We will have many new rules on internet if B end ...WIN ..
Then , We only can summon "anonymous" hacker to help us .. huhux .
TubeNRibbon
post May 1 2013, 10:24 PM

Getting Started
**
Junior Member
128 posts

Joined: May 2008
6-May-2013 i want to see this dude get lost from Malaysia and revamp MCMC

» Click to show Spoiler - click again to hide... «


This post has been edited by TubeNRibbon: May 1 2013, 10:27 PM
SUSmechanicalKB
post May 1 2013, 10:29 PM

On my way
****
Senior Member
577 posts

Joined: Apr 2012
QUOTE(prasys @ May 1 2013, 10:19 PM)
If that was the case , you are able to access the facebook page. It is not that , as wkkay pointed out , they are analyzing packets. I am not sure what is their purpose yet
*
It will not be a surprise if they (if you wish to attempt to define 'they') are actually monitoring certain website randomly of course, as part of the preparation for pre planned 'agenda' for post election, especially if the results are adversely favorable to the current people in power.
blacktubi
post May 1 2013, 10:35 PM

-
Group Icon
Elite
6,992 posts

Joined: Jul 2008

2 of the YT videos you posted can't load on both my Streamyx and Maxis WBB

Youtube peering : kul01s03 (Maxis), tm-pen1 (Streamyx)

http://www.facebook.com/DAPMalaysia
Failed on both Maxis 3G and Streamyx

This post has been edited by blacktubi: May 1 2013, 10:40 PM
WiLeKiyO
post May 1 2013, 10:51 PM

Look at all my stars!!
*******
Senior Member
5,144 posts

Joined: Oct 2009
YTL YES user here, all links can be opened.
cougar richard
post May 1 2013, 10:54 PM

I want money
******
Senior Member
1,007 posts

Joined: May 2007


Maxis Wired Broadband here. Unable to open links.
joshuatly
post May 1 2013, 10:56 PM

Enthusiast
*****
Senior Member
811 posts

Joined: Oct 2006


P1 fiber dont seems to having the problem. Now we know which ISP is on user's side.
gyver
post May 1 2013, 10:56 PM

Enthusiast
*****
Senior Member
976 posts

Joined: Mar 2005
wow the gov really is blocking selected youtube and facebook just before election... then why is this not on the news? hehehe...
stsh90
post May 1 2013, 10:57 PM

Enthusiast
*****
Senior Member
824 posts

Joined: Apr 2006
From: KL


On Maxis Fibre. The sample video included in TS' post won't load.
chongxm
post May 1 2013, 10:58 PM

Enthusiast
*****
Senior Member
724 posts

Joined: Nov 2010
QUOTE(stsh90 @ May 1 2013, 10:57 PM)
On Maxis Fibre. The sample video included in TS' post won't load.
*
u want?
i download it and reupload =DDDD
chongxm
post May 1 2013, 11:00 PM

Enthusiast
*****
Senior Member
724 posts

Joined: Nov 2010
QUOTE(prasys @ May 1 2013, 10:19 PM)
If that was the case , you are able to access the facebook page. It is not that , as wkkay pointed out , they are analyzing packets. I am not sure what is their purpose yet
*
Done by BN Elite =DD

This post has been edited by chongxm: May 1 2013, 11:01 PM
budingyun
post May 1 2013, 11:01 PM

Penjejak Awan
****
Senior Member
642 posts

Joined: Dec 2007
From: Kluang


Sometime can load, sometime cannot load.
zeluver94
post May 1 2013, 11:02 PM

Getting Started
**
Junior Member
72 posts

Joined: Apr 2009


QUOTE(blacktubi @ May 1 2013, 10:35 PM)
2 of the YT videos you posted can't load on both my Streamyx and Maxis WBB

Youtube peering : kul01s03 (Maxis), tm-pen1 (Streamyx)

http://www.facebook.com/DAPMalaysia
Failed on both Maxis 3G and Streamyx
*
I am using unifi and I cant open it too.

My internet these few days are TERRIBLY slow! is there any kaitan with the GE too?
wKkaY
post May 1 2013, 11:04 PM

misutā supākoru
Group Icon
Admin
6,008 posts

Joined: Jan 2003
Cross-posting: https://plus.google.com/1013966581485225280...sts/ak6opfbDxwa
paultantk
post May 1 2013, 11:05 PM

Casual
***
Junior Member
351 posts

Joined: Jan 2003


Thanks for the notification. Re-routing everything through my openvpn box in Singapore.
wira4ce
post May 1 2013, 11:07 PM

Getting Started
**
Junior Member
187 posts

Joined: May 2005
From: 𝔒𝔲𝔱𝔢𝔯𝔰𝔭𝔞𝔠𝔢



damn! busted! now I should worried and build up secure connection. makin bullsh*t lah ini kera-jaan.
blacktubi
post May 1 2013, 11:08 PM

-
Group Icon
Elite
6,992 posts

Joined: Jul 2008

QUOTE(paultantk @ May 1 2013, 11:05 PM)
Thanks for the notification. Re-routing everything through my openvpn box in Singapore.
*
Any nice SG VPS to recommend?
helload
post May 1 2013, 11:08 PM

Getting Started
**
Junior Member
66 posts

Joined: Mar 2009


*edited, post on wrong thread icon_rolleyes.gif

This post has been edited by helload: May 1 2013, 11:09 PM
Volvagia356
post May 1 2013, 11:10 PM

New Member
*
Newbie
3 posts

Joined: Oct 2010


Can someone try sending the request for the YouTube video to some random other server? I want to see if that gets blocked.

Also, time to tunnel everything via SSH to my VPS in Las Vegas.....
reijikageyama
post May 1 2013, 11:10 PM

whatthingamajigga
******
Senior Member
1,202 posts

Joined: May 2007
From: Penang


Can we circumvent this by mass downloading and reuploading with different youtube accounts?
imran
post May 1 2013, 11:10 PM

Casual
***
Junior Member
312 posts

Joined: Feb 2009
i cant load..bad..
budingyun
post May 1 2013, 11:11 PM

Penjejak Awan
****
Senior Member
642 posts

Joined: Dec 2007
From: Kluang


QUOTE(Volvagia356 @ May 1 2013, 11:10 PM)
Can someone try sending the request for the YouTube video to some random other server? I want to see if that gets blocked.

Also, time to tunnel everything via SSH to my VPS in Las Vegas.....
*
BuyVM? biggrin.gif
xxmetalhead86xx
post May 1 2013, 11:11 PM

Getting Started
**
Junior Member
219 posts

Joined: Feb 2008
From: Sunway/Kuching


guys i can see ler https://www.facebook.com/DAPMalaysia

using unifi btw

This post has been edited by xxmetalhead86xx: May 1 2013, 11:11 PM
joshuatly
post May 1 2013, 11:12 PM

Enthusiast
*****
Senior Member
811 posts

Joined: Oct 2006


Video and facebook page load fine at my mobile connection UMobile.
For those looking for proxy, you can build your own free proxy using Google apps using this script:
https://code.google.com/p/goagent/
With limited bandwidth of course.
HeHeHunter
post May 1 2013, 11:12 PM

On my way
****
Senior Member
664 posts

Joined: Dec 2006
QUOTE(xxmetalhead86xx @ May 1 2013, 11:11 PM)
guys i can see ler https://www.facebook.com/DAPMalaysia

using unifi btw
*
try http, not https.
ReWeR
post May 1 2013, 11:13 PM

Foreveralone
******
Senior Member
1,715 posts

Joined: Sep 2004
From: KL


QUOTE(xxmetalhead86xx @ May 1 2013, 11:11 PM)
guys i can see ler https://www.facebook.com/DAPMalaysia

using unifi btw
*
"https" can see, "http" cannot see.
Volvagia356
post May 1 2013, 11:13 PM

New Member
*
Newbie
3 posts

Joined: Oct 2010


QUOTE(budingyun @ May 1 2013, 11:11 PM)
BuyVM? biggrin.gif
*
Yup, is Las Vegas enough to tip you off on that?
teehk_tee
post May 1 2013, 11:14 PM

ไม่เป็นไร Mai Bpen Rai
*******
Senior Member
5,346 posts

Joined: Apr 2005
From: KUL-BKK

QUOTE(HeHeHunter @ May 1 2013, 11:12 PM)
try http, not https.
*
holy

unable to load via http

v1n0d
post May 1 2013, 11:14 PM

Another roof, another proof.
*******
Senior Member
3,193 posts

Joined: Mar 2007
From: Kuala Lumpur, Malaysia


I'm having the same problem here.
Enigmatic
post May 1 2013, 11:14 PM

Tralala?
*******
Senior Member
3,288 posts

Joined: Jan 2005
From: Nowhere Everywhere
QUOTE(HeHeHunter @ May 1 2013, 11:12 PM)
try http, not https.
*
For HTTPS channels, would there be anything which the ISPs can do to prevent access? Perhaps wKkay/prasys/rizvanrp may shed some light on this?
sI Taufu
post May 1 2013, 11:15 PM

getting higher and higher
******
Senior Member
1,597 posts

Joined: Aug 2010
From: Taufu Kingdom


UNIFI user here.
BOTH youtube video CANNOT LOAD at all.
budingyun
post May 1 2013, 11:15 PM

Penjejak Awan
****
Senior Member
642 posts

Joined: Dec 2007
From: Kluang


QUOTE(Volvagia356 @ May 1 2013, 11:13 PM)
Yup, is Las Vegas enough to tip you off on that?
*
Yes. smile.gif
super_evil_alien
post May 1 2013, 11:15 PM

Slumber Mode
*******
Senior Member
5,105 posts

Joined: Mar 2007
From: In front of my desktop/laptop/phone



This act maybe unlawful but I have to say that the filtering method seems to be very interesting.

I think it's time for me to subscribe to a VPN.
CZero
post May 1 2013, 11:16 PM

Something For Nothing
*****
Senior Member
823 posts

Joined: Jun 2005
From: 0:0:0:0:0:0:7f00:1
tried. came to this.

user posted image
budingyun
post May 1 2013, 11:16 PM

Penjejak Awan
****
Senior Member
642 posts

Joined: Dec 2007
From: Kluang


I'm in the middle of writing how to setup openvpn server on vps. biggrin.gif
iXora.ix
post May 1 2013, 11:16 PM

scoot scoot
******
Senior Member
1,473 posts

Joined: Jan 2007
From: Pandan Jaya



i can access the fb page both http and https
theberry
post May 1 2013, 11:17 PM

OK!
*******
Senior Member
3,409 posts

Joined: Oct 2011

no wonders YT slow streaming these day.
DoomGuard
post May 1 2013, 11:17 PM

Casual
***
Junior Member
331 posts

Joined: Apr 2007
QUOTE(CZero @ May 1 2013, 11:16 PM)
tried. came to this.

user posted image
*
LOL
khelben
post May 1 2013, 11:18 PM

I love my mum & dad
*******
Senior Member
5,993 posts

Joined: Jan 2003
From: Suldanessellar



QUOTE(iXora.ix @ May 1 2013, 11:16 PM)
i can access the fb page both http and https
*
Unifi?
paultantk
post May 1 2013, 11:18 PM

Casual
***
Junior Member
351 posts

Joined: Jan 2003


QUOTE(blacktubi @ May 1 2013, 11:08 PM)
Any nice SG VPS to recommend?
*
I am using oneasiahost.com, affordable and got good route to malaysia.
MuhammadFird
post May 1 2013, 11:18 PM

Casual
***
Junior Member
397 posts

Joined: Aug 2009
From: Yong Peng


nope, cant stream the video.
hellfire8888
post May 1 2013, 11:18 PM

Look at all my stars!!
*******
Senior Member
3,196 posts

Joined: Feb 2006
QUOTE(budingyun @ May 2 2013, 12:16 AM)
I'm in the middle of writing how to setup openvpn server on vps. biggrin.gif
*
please do then I share it out so that ppl can view the stuff
Dothan
post May 1 2013, 11:18 PM

Dingle Berries
*****
Senior Member
962 posts

Joined: Jan 2003


No problem on TIME. Hopefully they will not start censoring.
SomeoneElse
post May 1 2013, 11:19 PM

Enthusiast
*****
Senior Member
824 posts

Joined: Aug 2011


QUOTE(CZero @ May 1 2013, 11:16 PM)
tried. came to this.

user posted image
*
I don't mean to post un-useful stuff here but this one is just laugh.gif


JinXXX
post May 1 2013, 11:19 PM

Look at all my stars!!
*******
Senior Member
2,495 posts

Joined: Feb 2007
From: Uarla Umpur



those who can view the video.. download and reupload it ?

then the video is has changed and ppl can access it back

This post has been edited by JinXXX: May 1 2013, 11:19 PM
satayboy2003
post May 1 2013, 11:19 PM

L.O.V.E
****
Senior Member
635 posts

Joined: Mar 2006
From: HoStEl , MaLaYsIa StAtUs:QuItiNg
someone is doing something sneaky there....... that is a bad stuff.. very bad
khelben
post May 1 2013, 11:19 PM

I love my mum & dad
*******
Senior Member
5,993 posts

Joined: Jan 2003
From: Suldanessellar



QUOTE(Dothan @ May 1 2013, 11:18 PM)
No problem on TIME. Hopefully they will not start censoring.
*
It is already happening to TM and Maxis users so, censoring has already started.

We're turning into China laugh.gif
ryuken26
post May 1 2013, 11:19 PM

New Member
*
Newbie
0 posts

Joined: Apr 2013


i also got problem to open BN facebook page.
super_evil_alien
post May 1 2013, 11:20 PM

Slumber Mode
*******
Senior Member
5,105 posts

Joined: Mar 2007
From: In front of my desktop/laptop/phone



QUOTE(Enigmatic @ May 1 2013, 11:14 PM)
For HTTPS channels, would there be anything which the ISPs can do to prevent access? Perhaps wKkay/prasys/rizvanrp may shed some light on this?
*
I'm not a pro but from what I'm seeing the ISP can only filter plaintext based request.
SUSendau02
post May 1 2013, 11:20 PM

Look at all my stars!!
*******
Senior Member
3,180 posts

Joined: Jun 2009
From: Borlänge


digi 3G looks fine for now
budingyun
post May 1 2013, 11:20 PM

Penjejak Awan
****
Senior Member
642 posts

Joined: Dec 2007
From: Kluang


QUOTE(paultantk @ May 1 2013, 11:18 PM)
I am using oneasiahost.com, affordable and got good route to malaysia.
*
Recommended too. Kenshin is nice guy. biggrin.gif
TSrizvanrp
post May 1 2013, 11:20 PM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



QUOTE(wKkaY @ May 1 2013, 10:15 PM)
Damn, you posted this 15 minutes before I did! tongue.gif
*
Ha, I modified tinyproxy to test padding attacks and those worked as well (as long as you push the HTTP/1.x/r/n protocol trailer into the next segment).

QUOTE(Enigmatic @ May 1 2013, 11:14 PM)
For HTTPS channels, would there be anything which the ISPs can do to prevent access? Perhaps wKkay/prasys/rizvanrp may shed some light on this?
*
They could completely block TCP port 443 on the networks or have a local CA issue some forged HTTPS certs for popular websites. I don't think their DPI tech is at a level that can intercept HTTPS yet though (since fragmentation and padding attacks are getting through).. but they could block HTTPS easily if they wanted to.

Another possibility would be to MITM DNS requests so you wouldn't be able to get around DNS blocks by switching to OpenDNS/Google DNS.

This post has been edited by rizvanrp: May 1 2013, 11:21 PM
Volvagia356
post May 1 2013, 11:22 PM

New Member
*
Newbie
3 posts

Joined: Oct 2010


QUOTE(Enigmatic @ May 1 2013, 11:14 PM)
For HTTPS channels, would there be anything which the ISPs can do to prevent access? Perhaps wKkay/prasys/rizvanrp may shed some light on this?
*
From what I know, there's really no way to block specific content if it's going over HTTPS. You could block specific IPs, or even every site, but you can't block specific pages of an IP, or see what's being transmitted.

AFAIK, there's only one way of monitoring the contents of an HTTPS connection, and if they did that, it would throw up a security warning on everyone's computers, unless there's some massive conspiracy to stick their SSL certificate on every PC.
k2_wei
post May 1 2013, 11:23 PM

New Member
*
Junior Member
39 posts

Joined: Jun 2011
cann't stream both of the youtube video using celcom broadband.
karhoe
post May 1 2013, 11:26 PM

Look at all my stars!!
*******
Senior Member
6,236 posts

Joined: Sep 2005
From: Kuala Lumpur


same, cant access here on maxis home
unknown_2
post May 1 2013, 11:26 PM

Casual
***
Junior Member
397 posts

Joined: Mar 2012


i use https also cannot load those video.

unifi here.
Enigmatic
post May 1 2013, 11:27 PM

Tralala?
*******
Senior Member
3,288 posts

Joined: Jan 2005
From: Nowhere Everywhere
QUOTE(super_evil_alien @ May 1 2013, 11:20 PM)
QUOTE(rizvanrp @ May 1 2013, 11:20 PM)
QUOTE(Volvagia356 @ May 1 2013, 11:22 PM)
Thanks for the reassurance guys. Embarrassing to say that I did not take networking knowledge seriously back then in uni, so I could only understand parts and bits (especially the post from rizvanrp).

Will check up on a few VPN providers.
TOROBO
post May 1 2013, 11:28 PM

Casual
***
Junior Member
379 posts

Joined: Feb 2010
From: house above a tree


QUOTE(budingyun @ May 1 2013, 11:16 PM)
I'm in the middle of writing how to setup openvpn server on vps. biggrin.gif
*
yes please flex.gif
patienceGNR
post May 1 2013, 11:29 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.


rizvanrp wkkay I hope these two re ups can help you guys with anything. hmm.gif

This post has been edited by patienceGNR: May 1 2013, 11:32 PM
blacktubi
post May 1 2013, 11:29 PM

-
Group Icon
Elite
6,992 posts

Joined: Jul 2008

rizvanrp How to solve this on OpenWRT based router

Using this command through SSH the router don't seem to work

CODE
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10

xxmetalhead86xx
post May 1 2013, 11:30 PM

Getting Started
**
Junior Member
219 posts

Joined: Feb 2008
From: Sunway/Kuching


QUOTE(HeHeHunter @ May 1 2013, 11:12 PM)
try http, not https.
*
QUOTE(ReWeR @ May 1 2013, 11:13 PM)
"https" can see, "http" cannot see.
*
yea i know.. why didnt block https also?
JustForFun
post May 1 2013, 11:30 PM

Seeker
******
Senior Member
1,265 posts

Joined: Sep 2008



QUOTE(patienceGNR @ May 1 2013, 11:29 PM)
I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.
*
Instant stream
patienceGNR
post May 1 2013, 11:30 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




QUOTE(JustForFun @ May 1 2013, 11:30 PM)
Instant stream
*
Go download, reupload tongue.gif let them keep filtering.
MuhammadFird
post May 1 2013, 11:30 PM

Casual
***
Junior Member
397 posts

Joined: Aug 2009
From: Yong Peng


QUOTE(patienceGNR @ May 1 2013, 11:29 PM)
I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.
*
i can stream it with full speed download.
IamNOT
post May 1 2013, 11:30 PM

Getting Started
**
Junior Member
253 posts

Joined: Aug 2008
From: Malacca


QUOTE(patienceGNR @ May 1 2013, 11:29 PM)
I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.
*
Yes
Mie131085
post May 1 2013, 11:31 PM

Getting Started
**
Junior Member
136 posts

Joined: Apr 2010
From: Melaka <-- -> Kuala Lumpur


QUOTE(zaqplm @ May 1 2013, 04:13 PM)
I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos.

You can also test the links below:

http://www.facebook.com/DAPMalaysia  <-- Fails to open
https://www.facebook.com/DAPMalaysia  <-- Opened OK
*
BN also cannot be accessed tongue.gif but for the video truthfully am also not able to viewing the video, am on celcom broadband :
http://www.facebook.com/pages/Barisan-Nasional/219708793830

https://www.facebook.com/pages/Barisan-Nasional/219708793830
DjiNn
post May 1 2013, 11:31 PM

~||Noob Game Console Advisor||~
*******
Store Representative
7,931 posts

Joined: Jan 2003
From: PJ, Malaysia



Can't stream the youtube video . But after using a US VPN seems to stream fine.
SUSAnnoynimous
post May 1 2013, 11:31 PM

Casual
***
Junior Member
335 posts

Joined: Apr 2012


QUOTE(patienceGNR @ May 1 2013, 11:29 PM)
I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.
*
Can stream. Thanks.
chuahcs79
post May 1 2013, 11:32 PM

Look at all my stars!!
Group Icon
Elite
6,930 posts

Joined: Apr 2011
From: Bolehland for sure ^_^


QUOTE(patienceGNR @ May 1 2013, 11:29 PM)
I have re uploaded the videos here.

http://www.youtube.com/watch?v=HBUwbcNqvZE

http://www.youtube.com/watch?v=Bpwm3FfhaLk

Let me know if the videos are unable to stream.
*
can stream, thanks thumbup.gif
TSrizvanrp
post May 1 2013, 11:33 PM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



QUOTE(blacktubi @ May 1 2013, 11:29 PM)
rizvanrp How to solve this on OpenWRT based router

Using this command through SSH the router don't seem to work

CODE
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 10

*
I'm not so sure, I was also having issues implementing it on my Mikrotik. Apparently you can't do TCP MSS clamping on the prerouting chain.. but it works fine on my Linux box running kernel 3.2.0-37. Other option would be to do it at layer 7 with a fragmenting/padding HTTP proxy.. but at this point it would be safer to just switch to a VPN or SSH tunnel rather than trying to obfuscate the requests.
DjiNn
post May 1 2013, 11:33 PM

~||Noob Game Console Advisor||~
*******
Store Representative
7,931 posts

Joined: Jan 2003
From: PJ, Malaysia



of course. New links works fine with unifi. biggrin.gif
Hornet
post May 1 2013, 11:35 PM

What?
*******
Senior Member
4,250 posts

Joined: Jan 2003
From: Malacca, Malaysia, Earth


So, seems both DAP and BN facebook page cannot open.

Who could benefit from this?
Jackie-Cham
post May 1 2013, 11:36 PM

Getting Started
**
Junior Member
187 posts

Joined: Jan 2006


QUOTE(zaqplm @ May 1 2013, 04:13 PM)
I can confirm using Maxis broadband, I can't open the above videos. After the advertisement, youtube just shows "an error has occurred". Not even 1 sec of the video is shown. This is very similar to "HTTP-Video" block we applied on our Fortigate device in our office, but I've tested this without any firewall device. So TM is really applying Deep Packet Inspection to certain youtube videos.

You can also test the links below:

http://www.facebook.com/DAPMalaysia  <-- Fails to open
https://www.facebook.com/DAPMalaysia  <-- Opened OK
*
Tried with my mobile.
Both sites are unable to open.

I'll try again later.
Using DiGi btw.
chapree
post May 1 2013, 11:36 PM

I write stuff for LYN Editorial and troll at LYN Forums
Group Icon
Elite
2,046 posts

Joined: Jan 2003
From: On a chair, facing the screen



Tested using UniFi Biz and Celcom LTE, both videos that TS linked only load after a while. DAP's FB page doesn't load with normal HTTP but works fine for HTTPS.

All of them work without any hitch on Yes 4G.

Hmm. hmm.gif
Volvagia356
post May 1 2013, 11:38 PM

New Member
*
Newbie
3 posts

Joined: Oct 2010


QUOTE(xxmetalhead86xx @ May 1 2013, 11:30 PM)
yea i know.. why didnt block https also?
*
Because you can't block just one page with HTTPS, you either block the whole site, or block nothing.
SUSGoldenHorn
post May 1 2013, 11:38 PM

Getting Started
**
Junior Member
274 posts

Joined: Nov 2012
I'm trying to open video by patienceGNR, but only first 2 sec can load.

This what I got.

user posted image

This post has been edited by GoldenHorn: May 1 2013, 11:42 PM
SUSvuetnam
post May 1 2013, 11:41 PM

Regular
******
Senior Member
1,259 posts

Joined: May 2012
From: Kaoshiung, Taiwan and Kuala Lumpur


QUOTE(ryuken26 @ May 1 2013, 11:19 PM)
i also got problem to open BN facebook page.
*
why BN wan block on fb page doh.gif
blacklizard90
post May 1 2013, 11:42 PM

On my way
****
Senior Member
657 posts

Joined: Jun 2009
From: KL, Ampang, Desa Pandan


from Sinar Project

https://plus.google.com/1013966581485225280...sts/ak6opfbDxwa
Prince of Andalus
post May 1 2013, 11:42 PM

Casual
***
Junior Member
365 posts

Joined: Dec 2006
QUOTE(xxmetalhead86xx @ May 1 2013, 11:30 PM)
yea i know.. why didnt block https also?
*
Go study MITM and SSL cert first.

This post has been edited by Prince of Andalus: May 1 2013, 11:43 PM
ruffstuff
post May 1 2013, 11:43 PM

Look at all my stars!!
*******
Senior Member
3,345 posts

Joined: Jan 2003
QUOTE(Hornet @ May 1 2013, 11:35 PM)
So, seems both DAP and BN facebook page cannot open.

Who could benefit from this?
*
Which BN facebook?
Hornet
post May 1 2013, 11:44 PM

What?
*******
Senior Member
4,250 posts

Joined: Jan 2003
From: Malacca, Malaysia, Earth


QUOTE(ruffstuff @ May 1 2013, 11:43 PM)
Which BN facebook?
*
The link someone posted earlier stating that the page also cannot open

(of course I tried it too)
patienceGNR
post May 1 2013, 11:46 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




Reuploaded the 2nd link as the first seem to have failed. http://www.youtube.com/watch?v=91xVxIj9cLA
FrozerLaxegon
post May 1 2013, 11:47 PM

New Member
*
Junior Member
20 posts

Joined: Mar 2010


This post has been overwritten by a script.

This post has been edited by FrozerLaxegon: Jul 20 2017, 11:10 PM
patienceGNR
post May 1 2013, 11:48 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




QUOTE(FrozerLaxegon @ May 1 2013, 11:47 PM)
2nd video u removed adi is it?
*
Read above. Currently I am re-uploading it.
nyemah_mulya
post May 1 2013, 11:49 PM

Getting Started
**
Junior Member
164 posts

Joined: Sep 2004
From: USJ


I can't open the page "Kami Boikot Buletin Utama" too. Can anyone else check if it is just me?

www.facebook.com/boikotutusan
patienceGNR
post May 1 2013, 11:49 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




QUOTE(nyemah_mulya @ May 1 2013, 11:49 PM)
I can't open the page "Kami Boikot Buletin Utama" too. Can anyone else check if it is just me?

www.facebook.com/boikotutusan
*
Please use HTTPS://fb.com/boikotutusan
ruffstuff
post May 1 2013, 11:52 PM

Look at all my stars!!
*******
Senior Member
3,345 posts

Joined: Jan 2003
QUOTE(Hornet @ May 1 2013, 11:44 PM)
The link someone posted earlier stating that the page also cannot open

(of course I tried it too)
*
Not sure how it works though, but probably if the page have heavy content linked or string with the filtered keyword.
hasan_sas
post May 1 2013, 11:52 PM

New Member
*
Junior Member
19 posts

Joined: Jun 2008
From: Nova Scotia


QUOTE(patienceGNR @ May 1 2013, 11:49 PM)
page not found

chapree
post May 1 2013, 11:52 PM

I write stuff for LYN Editorial and troll at LYN Forums
Group Icon
Elite
2,046 posts

Joined: Jan 2003
From: On a chair, facing the screen



QUOTE(Mie131085 @ May 1 2013, 11:31 PM)
BN also cannot be accessed  tongue.gif but for the video truthfully am also not able to viewing the video, am on celcom broadband :
http://www.facebook.com/pages/Barisan-Nasional/219708793830

https://www.facebook.com/pages/Barisan-Nasional/219708793830
*
I tested URL too on Unifi Biz and true enough the non-secure HTTP can't load. How about your test on these URLs,rizvanrp wkkay?

TSrizvanrp
post May 1 2013, 11:52 PM

Getting Started
Group Icon
Elite
190 posts

Joined: Sep 2006



QUOTE(nyemah_mulya @ May 1 2013, 11:49 PM)
I can't open the page "Kami Boikot Buletin Utama" too. Can anyone else check if it is just me?

www.facebook.com/boikotutusan
*
Confirming a block for facebook GET requests to /boikotutusan as well (on Unifi). I also notice that if I append any data to /boikotutusan such as /boikotutusan1 or whatever, the plaintext HTTP request is blocked as well as they're filtering for the 'boikotutusan' string.
kaibathelegacy
post May 1 2013, 11:52 PM

Getting Started
**
Junior Member
176 posts

Joined: Oct 2007
https everywhere maybe a good help to bypass this filter

https://www.eff.org/https-everywhere
ragu91
post May 1 2013, 11:53 PM

Casual
***
Junior Member
336 posts

Joined: Jan 2009
From: behind you


QUOTE(nyemah_mulya @ May 1 2013, 11:49 PM)
I can't open the page "Kami Boikot Buletin Utama" too. Can anyone else check if it is just me?

www.facebook.com/boikotutusan
*
my godness ,this issue is getting serious,

as for the HTTPS://

its troublesome retype the HTTPS:// , is there any other method to avoid this censoring / blocking ?


shmiad
post May 1 2013, 11:54 PM

Getting Started
**
Junior Member
115 posts

Joined: Apr 2010



QUOTE(hasan_sas @ May 1 2013, 11:52 PM)
page not found
*
try this https://www.facebook.com/boikotutusan
NAQD
post May 1 2013, 11:54 PM

Getting Started
**
Junior Member
77 posts

Joined: Nov 2006
From: Bandar Sungai Long


are ISP the only people that can do this thing or hacker with proper tool & knowledge can do it too?
xernix
post May 1 2013, 11:55 PM

Getting Started
**
Junior Member
95 posts

Joined: Sep 2008
I'm now rerouting my traffic through my cheap 3 euro/year server in Netherlands

This post has been edited by xernix: May 1 2013, 11:55 PM
patienceGNR
post May 1 2013, 11:55 PM

♥ Ride All Day ♥
******
Senior Member
1,942 posts

Joined: Mar 2011
From: Today: 9:03 AM




QUOTE(hasan_sas @ May 1 2013, 11:52 PM)
page not found
*
sorry it's https://www.fb.com/boikotutusan

QUOTE(ragu91 @ May 1 2013, 11:53 PM)
my godness ,this issue is getting serious,

as for the HTTPS://

its troublesome retype the HTTPS:// , is there any other method to avoid this censoring / blocking ?
*
You can turn it on automatically at Facebook > Privacy Settings > Security Settings > Secure browsing
Prince of Andalus
post May 1 2013, 11:55 PM

Casual
***
Junior Member
365 posts

Joined: Dec 2006
QUOTE(Hornet @ May 1 2013, 11:44 PM)
The link someone posted earlier stating that the page also cannot open

(of course I tried it too)
*
which link bro?


i know someone who worked with Cyber Security. He worked under secret department in cyber security. I forgot the department name. He worked from his house in Perlis. He is the one who found that Raja Petra was in UK before. His job was doing DDOS on malaysiakini and other pro PR website during elections. After doing his haji, he resigned. His department boss persuaded him not to resign. He still received the salary 1 year after he resigned. Hahaha
danielcmugen
post May 1 2013, 11:56 PM

Look at all my stars!!
*******
Senior Member
5,444 posts

Joined: Apr 2011



QUOTE(Jackie-Cham @ May 1 2013, 11:25 PM)
I just posted this on my FB.
Anyone that can share this will be greatly appreciated.
*
All can work unsure.gif
nyemah_mulya
post May 1 2013, 11:57 PM

Getting Started
**
Junior Member
164 posts

Joined: Sep 2004
From: USJ


QUOTE(rizvanrp @ May 1 2013, 11:52 PM)
Confirming a block for facebook GET requests to /boikotutusan as well (on Unifi). I also notice that if I append any data to /boikotutusan such as /boikotutusan1 or whatever, the plaintext HTTP request is blocked as well as they're filtering for the 'boikotutusan' string.
*
man this is bad.
blacktubi
post May 2 2013, 12:00 AM

-
Group Icon
Elite
6,992 posts

Joined: Jul 2008

Found out something, those 2 video loaded fine on my iOS device through the native YouTube App smile.gif
Hornet
post May 2 2013, 12:01 AM

What?
*******
Senior Member
4,250 posts

Joined: Jan 2003
From: Malacca, Malaysia, Earth


QUOTE(Prince of Andalus @ May 1 2013, 11:55 PM)
which link bro?
i know someone who worked with Cyber Security. He worked under secret department in cyber security. I forgot the department name. He worked from his house in Perlis. He is the one who found that Raja Petra was in UK before. His job was doing DDOS on malaysiakini and other pro PR website during elections. After doing his haji, he resigned. His department boss  persuaded him not to resign. He still received the salary 1 year after he resigned. Hahaha
*
This one here
http://www.facebook.com/pages/Barisan-Nasional/219708793830

Not saying BN is innocent of course. Just curious why BN page also affected, lol

Sadly, these days it's good to have VPN to ensure our internet is not being filtered
sI Taufu
post May 2 2013, 12:02 AM

getting higher and higher
******
Senior Member
1,597 posts

Joined: Aug 2010
From: Taufu Kingdom


seriously what can we do on this?
Send them "fake" string back to crash the censoring server?
shmiad
post May 2 2013, 12:04 AM

Getting Started
**
Junior Member
115 posts

Joined: Apr 2010



QUOTE(Hornet @ May 2 2013, 12:01 AM)
This one here
http://www.facebook.com/pages/Barisan-Nasional/219708793830

Not saying BN is innocent of course. Just curious why BN page also affected, lol

Sadly, these days it's good to have VPN to ensure our internet is not being filtered
*
that is not BN official page
SUSvuetnam
post May 2 2013, 12:04 AM

Regular
******
Senior Member
1,259 posts

Joined: May 2012
From: Kaoshiung, Taiwan and Kuala Lumpur


haihhh this getting worst doh.gif
rao_05
post May 2 2013, 12:06 AM

New Member
*
Junior Member
14 posts

Joined: Jun 2007
p1 no problem yet can see both http n https for dap website




from wat i get to know ytl n p1 only no problem... rest filter kau kau

This post has been edited by rao_05: May 2 2013, 12:08 AM
zarakiken
post May 2 2013, 12:07 AM

Getting Started
**
Junior Member
56 posts

Joined: Jul 2009
From: Somewhere in Nendoroidian land...
oh lol... we are becoming like china... we will be the next best China... www...
dOtcO[m]
post May 2 2013, 12:08 AM

Getting Started
**
Junior Member
247 posts

Joined: Aug 2007
using p1 4g.. looks ok
danielcmugen
post May 2 2013, 12:10 AM

Look at all my stars!!
*******
Senior Member
5,444 posts

Joined: Apr 2011



QUOTE(Hornet @ May 2 2013, 12:01 AM)
This one here
http://www.facebook.com/pages/Barisan-Nasional/219708793830

Not saying BN is innocent of course. Just curious why BN page also affected, lol

Sadly, these days it's good to have VPN to ensure our internet is not being filtered
*
Mobile version running fine. Using maxis.
nyemah_mulya
post May 2 2013, 12:13 AM

Getting Started
**
Junior Member
164 posts

Joined: Sep 2004
From: USJ


Is this something that can be done by hackers or only ISPs?
rao_05
post May 2 2013, 12:14 AM

New Member
*
Junior Member
14 posts

Joined: Jun 2007
In this current stage its not the matter of our internet being filtered but the worst is that they will try to get the list of ppl who frequently access all anti gov sites...
yipguseng
post May 2 2013, 12:14 AM

New Member
*
Junior Member
24 posts

Joined: Aug 2009
can't access to the said link : http://www.facebook.com/pages/Barisan-Nasional/219708793830
lwk523
post May 2 2013, 12:15 AM

Premium Q Trader
******
Senior Member
1,013 posts

Joined: Mar 2006


QUOTE(blacktubi @ May 1 2013, 10:35 PM)
2 of the YT videos you posted can't load on both my Streamyx and Maxis WBB

Youtube peering : kul01s03 (Maxis), tm-pen1 (Streamyx)

http://www.facebook.com/DAPMalaysia
Failed on both Maxis 3G and Streamyx
*
Hiaz... so sad to our malaysia ISP and I think many rules will coming out after GE13 rclxub.gif rclxub.gif .
Anyway, we still can use HTTPS instead of HTTP to go FB DAPMALAYSIA ..

Do note ya ..
keretapir
post May 2 2013, 12:16 AM

rampant public indecency
******
Senior Member
1,143 posts

Joined: Aug 2006
From: not everywhere..but somewhere..


my fb was set to auto https when any pages were opened..
so, cant see what is the actual difference..
nevertheless, i feel insecure already, since they can just pry into my http packets...
Prince of Andalus
post May 2 2013, 12:19 AM

Casual
***
Junior Member
365 posts

Joined: Dec 2006
QUOTE(Prince of Andalus @ May 1 2013, 11:55 PM)
which link bro?
i know someone who worked with Cyber Security. He worked under secret department in cyber security. I forgot the department name. He worked from his house in Perlis. He is the one who found that Raja Petra was in UK before. His job was doing DDOS on malaysiakini and other pro PR website during elections. After doing his haji, he resigned. His department boss  persuaded him not to resign. He still received the salary 1 year after he resigned. Hahaha
*
If some one here know this nickname sy**on, he is the one. This nick name is quite famous in IRC chatting around late 90's.


QUOTE(Hornet @ May 2 2013, 12:01 AM)
This one here
http://www.facebook.com/pages/Barisan-Nasional/219708793830

Not saying BN is innocent of course. Just curious why BN page also affected, lol

Sadly, these days it's good to have VPN to ensure our internet is not being filtered
*
I can browse this link using umobile. Any unifi user to test?
prince_katana
post May 2 2013, 12:27 AM

New Member
*
Junior Member
28 posts

Joined: Apr 2013



QUOTE(keretapir @ May 2 2013, 12:16 AM)
my fb was set to auto https when any pages were opened..
so, cant see what is the actual difference..
nevertheless, i feel insecure already, since they can just pry into my http packets...
*
i thought if im using https + vpn we still can secure our packets?? am i right??
andrew9292
post May 2 2013, 12:27 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(rao_05 @ May 2 2013, 12:14 AM)
In this current stage its not the matter of our internet being filtered but the worst is that they will try to get the list of ppl who frequently access all anti gov sites...
*
That is my concern too..

Then again Personal Data Protection Act 2010says:

Non-application
3.
(1) This Act shall not apply to the Federal Government and
State Governments.

(2) This Act shall not apply to any personal data processed outside Malaysia unless that personal data is intended to be further processed in Malaysia.

There you have it, this is all 'LEGAL'
SUSGoldenHorn
post May 2 2013, 12:28 AM

Getting Started
**
Junior Member
274 posts

Joined: Nov 2012
QUOTE(rao_05 @ May 2 2013, 12:14 AM)
In this current stage its not the matter of our internet being filtered but the worst is that they will try to get the list of ppl who frequently access all anti gov sites...
*
if they found out ppl who frequently go to antigov website..they can play tricks with you oh.

probably make it harder for u to deal with govt agencies, or anything related with govt..
flagged
post May 2 2013, 12:30 AM

New Member
*
Junior Member
6 posts

Joined: Mar 2011
Iran and China approves.. tongue.gif
-oc-gassa
post May 2 2013, 12:32 AM

Enthusiast
*****
Senior Member
926 posts

Joined: Jan 2003
From: setapak
yup..HTTPS work not HTTP..on unifi
Mercykiller
post May 2 2013, 12:34 AM

Getting Started
**
Junior Member
66 posts

Joined: Mar 2013
QUOTE(GoldenHorn @ May 2 2013, 12:28 AM)
if they found out ppl who frequently go to antigov website..they can play tricks with you oh.

probably make it harder for u to deal with govt agencies, or anything related with govt..
*
Correction NOT govt: Only BN

If government change to PR? rclxm9.gif
kyLL
post May 2 2013, 12:36 AM

-=-
******
Senior Member
1,627 posts

Joined: Jan 2003
From: Subang Jaya


lol. what makes u think new government wont use these dirty tricks later too?
fix24311
post May 2 2013, 12:39 AM

Getting Started
**
Junior Member
139 posts

Joined: Jan 2008
From: Shah Alam, Selangor
QUOTE(JinXXX @ May 1 2013, 08:55 PM)
umobile data plan
confirm can load... cause can also torrent smile.gif
*
i thought u mobile use celcom backbone? unsure.gif
how come umobile can pass when celcom was blocked?
fix24311
post May 2 2013, 12:41 AM

Getting Started
**
Junior Member
139 posts

Joined: Jan 2008
From: Shah Alam, Selangor
QUOTE(kyLL @ May 2 2013, 12:36 AM)
lol. what makes u think new government wont use these dirty tricks later too?
*
if they oso use same tactic, then needs to apply "tak suka u keluar" rule la like that tongue.gif
techies_kid
post May 2 2013, 12:41 AM

Casual
***
Junior Member
341 posts

Joined: Sep 2008


QUOTE(Prince of Andalus @ May 2 2013, 12:19 AM)
If some one here know this nickname sy**on, he is the one. This nick name is quite famous in IRC chatting around late 90's.
I can browse this link using umobile. Any unifi user to test?
*
Is it syiron?
rao_05
post May 2 2013, 12:43 AM

New Member
*
Junior Member
14 posts

Joined: Jun 2007
QUOTE(fix24311 @ May 2 2013, 12:39 AM)
i thought u mobile use celcom backbone? unsure.gif
how come umobile can pass when celcom was blocked?
*
cause celcom if filtering at isp level kot... like u going in a highway... one lane got polis check other lane ppl free to go..
DValentine
post May 2 2013, 12:44 AM

On my way
****
Junior Member
594 posts

Joined: Dec 2010
From: isudahinsap.flac


QUOTE(fix24311 @ May 2 2013, 12:39 AM)
i thought u mobile use celcom backbone? unsure.gif
how come umobile can pass when celcom was blocked?
*
use maxis backbone
SUSGoldenHorn
post May 2 2013, 12:45 AM

Getting Started
**
Junior Member
274 posts

Joined: Nov 2012
QUOTE(Mercykiller @ May 2 2013, 12:34 AM)
Correction NOT govt: Only BN

If government change to PR?  rclxm9.gif
*
ayam think they will continue it...
fix24311
post May 2 2013, 12:47 AM

Getting Started
**
Junior Member
139 posts

Joined: Jan 2008
From: Shah Alam, Selangor
QUOTE(DValentine @ May 2 2013, 12:44 AM)
use maxis backbone
*
but maxis also blocked, and maxis is actually using TM backbone. anyone who worked with TM can attest to this rclxub.gif
prince_katana
post May 2 2013, 12:49 AM

New Member
*
Junior Member
28 posts

Joined: Apr 2013



http://youtu.be/EDaqTgY-AzQ

who can open this video???
fred_durt
post May 2 2013, 12:54 AM

New Member
*
Junior Member
24 posts

Joined: Jul 2009
QUOTE(prince_katana @ May 2 2013, 12:49 AM)
http://youtu.be/EDaqTgY-AzQ

who can open this video???
*
i can. using maxis
xXAgent47Xx
post May 2 2013, 12:55 AM

New Member
*
Junior Member
15 posts

Joined: May 2009
From: Honolulu, Hawai'i


QUOTE(fred_durt @ May 2 2013, 12:54 AM)
i can. using maxis
*
Currently using unifi. proxy it around and hope for the best, Change location to worldwide for it and DNS is set to google's
dororo
post May 2 2013, 12:56 AM

Getting Started
**
Junior Member
88 posts

Joined: Dec 2008
has anyone tested pro-BN websites are also having the same weird connection behaviours?
is it because the tricks is used to track this?
http://www.google.com/elections/ed/my/trends
bara bara api
post May 2 2013, 12:56 AM

Getting Started
**
Junior Member
63 posts

Joined: Jul 2010
I'm using VPN. I can see the videos you guys mentioned. Is it supposed to be blocked if I'm using normal internet?
ragu91
post May 2 2013, 12:56 AM

Casual
***
Junior Member
336 posts

Joined: Jan 2009
From: behind you


QUOTE(prince_katana @ May 2 2013, 12:49 AM)
http://youtu.be/EDaqTgY-AzQ

who can open this video???
*
It loads for some few seconds, and then it will stop loading. Like freeze.
andrew9292
post May 2 2013, 01:02 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(ragu91 @ May 2 2013, 12:56 AM)
It loads for some few seconds, and then it will stop loading. Like freeze.
*
Just tried to watch this about a day back, it loads and freeze too. When seek further into video it will load, then freeze again.

As of now no problem. I did restart my router twice today due to some configuration updates
wKkaY
post May 2 2013, 01:07 AM

misutā supākoru
Group Icon
Admin
6,008 posts

Joined: Jan 2003
Cross-posting from Webcamp KL:
QUOTE
Asohan Aryaduray: DNA will be discussing this on Tech Talks on BFM, 12 noon (May 2, which is later today); Premesh Chandran of Mkini is probably joining us.

ectt
post May 2 2013, 01:07 AM

Regular
******
Senior Member
1,049 posts

Joined: Apr 2012


that's a bad move

so any vpn allow or get backup servers around / scattered around the nations to avoid further disruption or on-purpose delay for certain media transfer?


nyemah_mulya
post May 2 2013, 01:10 AM

Getting Started
**
Junior Member
164 posts

Joined: Sep 2004
From: USJ


I can't load this page too: www.facebook.com/JkkFc Pro PR page "JKKK Fan Club".
nasiayam
post May 2 2013, 01:11 AM

On my way
****
Senior Member
572 posts

Joined: Jan 2006
using unifi, can't load both vid on youtube, but can use flash video downloader to download it using firefox

will upload to youtube it to keep the truth alive!
bara bara api
post May 2 2013, 01:13 AM

Getting Started
**
Junior Member
63 posts

Joined: Jul 2010
QUOTE(nasiayam @ May 2 2013, 01:11 AM)
using unifi, can't load both vid on youtube, but can use flash video downloader to download it using firefox

will upload to youtube it to keep the truth alive!
*
From what I understand, the block is due to an interview video right? Not because general politics, kan?
ebernie
post May 2 2013, 01:13 AM

On my way
****
Senior Member
540 posts

Joined: Dec 2004
From: Kuala Lumpur


TS, hope you please share how to enable secure browsing on Facebook. This will enforce HTTPS for all Facebook links and will allow browsing of pro-opposition URLs.

Go to: https://www.facebook.com/settings?tab=security (Account Settings -> Security -> Enable Secure Browsing).
m4djack
post May 2 2013, 01:15 AM

Getting Started
**
Junior Member
93 posts

Joined: Nov 2004
From: chicken coop
or try installing addons. Both available for Chrome and FireFox :

https://www.eff.org/https-everywhere
ebernie
post May 2 2013, 01:17 AM

On my way
****
Senior Member
540 posts

Joined: Dec 2004
From: Kuala Lumpur


QUOTE(m4djack @ May 2 2013, 01:15 AM)
or try installing addons. Both available for Chrome and FireFox :

https://www.eff.org/https-everywhere
*
Thanks!
raptar_eric
post May 2 2013, 01:20 AM

Live life to the fullest!
******
Senior Member
1,328 posts

Joined: Jan 2006
From: Kuala Lumpur



even on HTTPs traffic, they can actually filter and block the traffic.. some say SSL/443 can only filter by IP and specific hostname, but no, they can do more in-depth filtering like DLP filtering (data loss prevention) which uses certain keywords as well as criterias...

they could easily forge up a recognized CA cert and put it in their core, and traffic going through would not prompt any cert unrecognized, etc.

all the video titles, video keywords and comments, can be filtered on HTTPs, UNLESS the videos do not have any related information so that filtering cant be done.. they can actually do video filtering also, but i don't think our ISP is at that level yet... some solutions like actiance (facetime) can do video filtering based on speech recognition algorithms..
ebernie
post May 2 2013, 01:25 AM

On my way
****
Senior Member
540 posts

Joined: Dec 2004
From: Kuala Lumpur


Well for now, at least going the HTTPs route works. And it's the simplest way to get access to the blocked URLs (good luck convincing everyone to setup a proxy/VPN)
andrew9292
post May 2 2013, 01:27 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(raptar_eric @ May 2 2013, 01:20 AM)
even on HTTPs traffic, they can actually filter and block the traffic.. some say SSL/443 can only filter by IP and specific hostname, but no, they can do more in-depth filtering like DLP filtering (data loss prevention) which uses certain keywords as well as criterias...

they could easily forge up a recognized CA cert and put it in their core, and traffic going through would not prompt any cert unrecognized, etc.

all the video titles, video keywords and comments, can be filtered on HTTPs, UNLESS the videos do not have any related information so that filtering cant be done.. they can actually do video filtering also, but i don't think our ISP is at that level yet... some solutions like actiance (facetime) can do video filtering based on speech recognition algorithms..
*
Question is, is it possible for us to find out if there is a system in place that logs down the IP address or the details of those who are accessing such online media? Can we find out if there is a classification system in place that would link such access to our internet accounts by which we register our Name as per IC Number? Eg, getting the IP address or MAC address of the system and tracing it back to it's manufacturer and model so we know what roughly what and how is it being done? If there is such things and if they get into the wrong hands assuming they are not already in wrong hands, the consequences of it is just....

This post has been edited by andrew9292: May 2 2013, 01:28 AM
Gurvin Abruzzi
post May 2 2013, 01:28 AM

Am G Man yo
*******
Senior Member
5,478 posts

Joined: Aug 2011
From: Repairs mobile tabs smartwatch



Digi user.

Dap http ko
Dap https ok.


Btw set https long ago to prevent sniffing
Hornet
post May 2 2013, 01:31 AM

What?
*******
Senior Member
4,250 posts

Joined: Jan 2003
From: Malacca, Malaysia, Earth


QUOTE(kyLL @ May 2 2013, 12:36 AM)
lol. what makes u think new government wont use these dirty tricks later too?
*
Every government will do the same given the opportunity.

It's up to the people to voice out against it, and remind them that we have IT literate people here in Malaysia, we can tell when they do bullsh*t like this, and we will not put up with it.

Of course, in the future the will try other technique, it's up to us to keep up. It's a never ending game of lies and deceit, but that's politics for you. tongue.gif
tedbundyjr
post May 2 2013, 01:32 AM

New Member
*
Junior Member
17 posts

Joined: Jan 2003
make sure to enable "Browse Facebook on a secure connection (https) when possible" in facebook security setting to enable https by default.

click on https://www.facebook.com/settings?tab=secur...n=browsing&view
ebernie
post May 2 2013, 01:33 AM

On my way
****
Senior Member
540 posts

Joined: Dec 2004
From: Kuala Lumpur


QUOTE(kyLL @ May 2 2013, 12:36 AM)
lol. what makes u think new government wont use these dirty tricks later too?
*
I don't, neither do you.

But confirm current government is doing it right now.
raptar_eric
post May 2 2013, 01:38 AM

Live life to the fullest!
******
Senior Member
1,328 posts

Joined: Jan 2006
From: Kuala Lumpur



QUOTE(andrew9292 @ May 2 2013, 01:27 AM)
Question is, is it possible for us to find out if there is a system in place that logs down the IP address or the details of those who are accessing such online media? Can we find out if there is a classification system in place that would link such access to our internet accounts by which we register our Name as per IC Number? Eg, getting the IP address or MAC address of the system and tracing it back to it's manufacturer and model so we know what roughly what and how is it being done? If there is such things and if they get into the wrong hands assuming they are not already in wrong hands, the consequences of it is just....
*
not really bro... all these devices/appliances are placed on the top of the network hierarchy not at the bottom... the ISP can easily trace our IP, even we are on dynamic IP, back to who is viewing,etc. all our information registered to unifi/digi n bla bla bla...

even if you run a traceroute, how do you know which IP or which hop is the main device? and most of these device do not honor ICMP nor any traceroute... they normally block it to deny any DDoS attack on it... being in the ISP level, they have sufficient budget and also knowledge to secure their network, unless any attack is being done by using very low-level attacks... maybe anonymous can do it lol tongue.gif

adding on, most of these devices is running on transparent mode, just like a transparent proxy, where no physical IP nor virtual IP is needed.. data just pass through, and filtering is done...

This post has been edited by raptar_eric: May 2 2013, 01:38 AM
carbonfibre
post May 2 2013, 01:38 AM

PSN ID : ericgohsw
*****
Senior Member
944 posts

Joined: Aug 2008
From: Planet Earth

http://www.youtube.com/watch?v=8L4TQ2FJhiI&feature=share
wordtalks
post May 2 2013, 01:41 AM

ɾıɥƃɟǝpɔqɐŕ�
*****
Senior Member
718 posts

Joined: Mar 2011
From: 2 holes
Wow, they took over the TV, newspaper, radio.... and now soon the internet. Almost the whole media?

Feels like living in North Korea already. Alot thing promote for themselves only, others censor. Want to brainwash us..

Admin can ban those dirty pricks from being our gov? Oh wai... this is internet world..
Blast_Cyrus
post May 2 2013, 01:43 AM

On my way
****
Senior Member
612 posts

Joined: Jan 2006


QUOTE(raptar_eric @ May 2 2013, 01:38 AM)
not really bro... all these devices/appliances are placed on the top of the network hierarchy not at the bottom... the ISP can easily trace our IP, even we are on dynamic IP, back to who is viewing,etc. all our information registered to unifi/digi n bla bla bla...

even if you run a traceroute, how do you know which IP or which hop is the main device? and most of these device do not honor ICMP nor any traceroute... they normally block it to deny any DDoS attack on it... being in the ISP level, they have sufficient budget and also knowledge to secure their network, unless any attack is being done by using very low-level attacks... maybe anonymous can do it lol tongue.gif

adding on, most of these devices is running on transparent mode, just like a transparent proxy, where no physical IP nor virtual IP is needed.. data just pass through, and filtering is done...
*
Agree bro, with Dynamic Routing running in the cloud it's almost impossible to tell. Well, unless we are the "Anonymous" level
andrew9292
post May 2 2013, 01:44 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(raptar_eric @ May 2 2013, 01:38 AM)
not really bro... all these devices/appliances are placed on the top of the network hierarchy not at the bottom... the ISP can easily trace our IP, even we are on dynamic IP, back to who is viewing,etc. all our information registered to unifi/digi n bla bla bla...

even if you run a traceroute, how do you know which IP or which hop is the main device? and most of these device do not honor ICMP nor any traceroute... they normally block it to deny any DDoS attack on it... being in the ISP level, they have sufficient budget and also knowledge to secure their network, unless any attack is being done by using very low-level attacks... maybe anonymous can do it lol tongue.gif

adding on, most of these devices is running on transparent mode, just like a transparent proxy, where no physical IP nor virtual IP is needed.. data just pass through, and filtering is done...
*
Okay... sad.gif Thanks for the information! Hope riz or someone can dig out more if it's possible. But personal safety recomended first of course...
doh.gif
raptar_eric
post May 2 2013, 01:45 AM

Live life to the fullest!
******
Senior Member
1,328 posts

Joined: Jan 2006
From: Kuala Lumpur



bro you got me wrong.. they CAN tell even on dynamic IP.. we end users do not know or do not have the "power" or ability to do it, but ISP level confirm can.. look at singapore, how do you think they can filter those downloading pirated animes and fine them, even they are on dynamic IP? in the Internet, nothing is temporary, everything is PERMANENT... traces are everywhere, caches are everywhere... google alone is like the world...

anyway shouldnt explain so much or say so much, later dont know what happen sad.gif

This post has been edited by raptar_eric: May 2 2013, 01:45 AM
Kidz1995
post May 2 2013, 01:46 AM

Elite
******
Senior Member
1,539 posts

Joined: Aug 2008
From: Coexist

now its time to use fully VPN 24/7 rclxms.gif
doiwl
post May 2 2013, 01:47 AM

New Member
*
Junior Member
14 posts

Joined: Jan 2007
Facebook blocking list at the moment, discovered since Apr 27.

http://www.facebook.com/DAPMalaysia (421k)
http://www.facebook.com/supportprdap (357k Likes)
http://www.facebook.com/wewantochange (138k)
http://www.facebook.com/zzkuaixun (137k Likes)
http://www.facebook.com/DAPMalaysia.zh (97k)
raptar_eric
post May 2 2013, 01:48 AM

Live life to the fullest!
******
Senior Member
1,328 posts

Joined: Jan 2006
From: Kuala Lumpur



QUOTE(andrew9292 @ May 2 2013, 01:44 AM)
Okay... sad.gif  Thanks for the information! Hope riz or someone can dig out more if it's possible. But personal safety recomended first of course...
doh.gif
*
at this point of time, what i can think of, is a client side VPN is the best solution
Blast_Cyrus
post May 2 2013, 01:49 AM

On my way
****
Senior Member
612 posts

Joined: Jan 2006


QUOTE(raptar_eric @ May 2 2013, 01:45 AM)
bro you got me wrong.. they CAN tell even on dynamic IP.. we end users do not know or do not have the "power" or ability to do it, but ISP level confirm can.. look at singapore, how do you think they can filter those downloading pirated animes and fine them, even they are on dynamic IP? in the Internet, nothing is temporary, everything is PERMANENT... traces are everywhere, caches are everywhere... google alone is like the world...

anyway shouldnt explain so much or say so much, later dont know what happen sad.gif
*
Yea, it very easy for them to see on their level not ours. Dynamic Routing that I am referring to is the ISP level router. Ordinary traceroute will literally useless, and like u said using transparent proxy or any transparent security device will be able to do this easily
raptar_eric
post May 2 2013, 01:52 AM

Live life to the fullest!
******
Senior Member
1,328 posts

Joined: Jan 2006
From: Kuala Lumpur



they do not really use dynamic IP for their devices at such high level of the network.. most of their addresses are normally NAT address, which are directed to the firewall port... destination IP is the firewall IP, NAT to their internal device be it DNS server, any filtering appliance, etc.
Shah_Etd
post May 2 2013, 01:53 AM

Getting Started
**
Junior Member
141 posts

Joined: Oct 2006


try reading on common ISP/network security policy and standards , router logs capability etc... if you want to know better.

as for the video, i can't play it on browser but my downloader could detect it after few minutes...

This post has been edited by Shah_Etd: May 2 2013, 01:59 AM
Blast_Cyrus
post May 2 2013, 02:08 AM

On my way
****
Senior Member
612 posts

Joined: Jan 2006


Backbone wise is probably Static IP connecting to the border but the routing in between is confirmed to by dynamic hop so that there's no single point of failure and also possibility of security devices performing all sort of filtering.

Le sigh and dissapointed with all these..
akagidemon
post May 2 2013, 02:08 AM

Casual
***
Junior Member
452 posts

Joined: Nov 2007
From: Between Reality and Fantasy


umobile can view the videos.
johnlth93
post May 2 2013, 02:08 AM

Regular
******
Senior Member
1,151 posts

Joined: Feb 2010
From: 127.0.0.1


hmm
China-style perhaps?
M-GFW blush.gif
frequency
post May 2 2013, 02:09 AM

我要挑战十个!
*******
Senior Member
2,513 posts

Joined: Jan 2003


using maxis..cant view the video as well
IwanAGP
post May 2 2013, 02:13 AM

Nothing is Possible!
*******
Senior Member
9,587 posts

Joined: Jan 2008
From: S'wak||KL||SG


http://www.youtube.com/watch?v=hHTz22bTBRw

I can actually get this video to load on my UniFi VIP 5 after leaving the tab there for a couple of min. Sound just come out suddenly and I finished whole video.

Not network enthusiast here, I'm not even using Google DNS laugh.gif

But it loads only after a few mins. Anyone can try? laugh.gif
IwanAGP
post May 2 2013, 02:16 AM

Nothing is Possible!
*******
Senior Member
9,587 posts

Joined: Jan 2008
From: S'wak||KL||SG


http://www.youtube.com/watch?v=uVWxB4AWOxc

Confirmed with this video. It just starts loading after around 2 mins of leaving it idle.

What's wrong? laugh.gif Failed!!!
kurangak
post May 2 2013, 02:23 AM

certified /k addict
******
Senior Member
1,055 posts

Joined: Apr 2011
From: Deus Vult



p1 can play both vid...blocked only by tmnet?
xDragonZ
post May 2 2013, 02:26 AM

On my way
****
Senior Member
545 posts

Joined: Jul 2008
From: Just behide you !

QUOTE(IwanAGP @ May 2 2013, 02:16 AM)
http://www.youtube.com/watch?v=uVWxB4AWOxc

Confirmed with this video. It just starts loading after around 2 mins of leaving it idle.

What's wrong? laugh.gif Failed!!!
*
Tried load with Streamyx (with Google DNS), won't load at all and try with VPN and it loads well. mad.gif

edit:
tested to load non https facebook politic page also cannot load.

This post has been edited by xDragonZ: May 2 2013, 02:56 AM
andrew9292
post May 2 2013, 02:30 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(IwanAGP @ May 2 2013, 02:16 AM)
http://www.youtube.com/watch?v=uVWxB4AWOxc

Confirmed with this video. It just starts loading after around 2 mins of leaving it idle.

What's wrong? laugh.gif Failed!!!
*
hah! kantoi... another one... cant load at all..
basic crowd will refresh/close vid after 30secs of waiting. hence, can say this video is affectively unavailable.
andrew9292
post May 2 2013, 02:41 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(rizvanrp @ May 1 2013, 04:00 AM)
UPDATE :

I performed a simultaneous packet capture on both my client + remote server while encapsulating the HTTP connection via plaintext SOCKS. All the video payload packets were dropped en route back to my SOCKS client :

Dafuq?

UPDATE 2 :

Confirming all plaintext HTTP connections on Unifi (and maybe Celcom + Maxis) are being man-in-the-middle'd and dropped if they contain blacklisted data.

UPDATE 3 :

Other sources confirming this .. (thanks wkkay):

https://plus.google.com/1013966581485225280...sts/ak6opfbDxwa
*
Just for debunking purposes bro, could these be anti-DDoS/trafic control methods assuming that the accessed media is high in demand, is it? Or is it pure MITM that only serves the purpose of a blockade?

This post has been edited by andrew9292: May 2 2013, 02:41 AM
xDragonZ
post May 2 2013, 03:12 AM

On my way
****
Senior Member
545 posts

Joined: Jul 2008
From: Just behide you !

QUOTE(andrew9292 @ May 2 2013, 02:41 AM)
Just for debunking purposes bro, could these be anti-DDoS/trafic control methods assuming that the accessed media is high in demand, is it? Or is it pure MITM that only serves the purpose of a blockade?
*
There's some others media is higher demand than the politic video and loads fine.
yclian
post May 2 2013, 03:18 AM

Getting Started
**
Junior Member
247 posts

Joined: Apr 2007


QUOTE(andrew9292 @ May 2 2013, 03:41 AM)
Just for debunking purposes bro, could these be anti-DDoS/trafic control methods assuming that the accessed media is high in demand, is it? Or is it pure MITM that only serves the purpose of a blockade?
*
Not aware that they blocked PSY's MTV.

andrew9292
post May 2 2013, 03:59 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(xDragonZ @ May 2 2013, 03:12 AM)
There's some others media is higher demand than the politic video and loads fine.
*
QUOTE(yclian @ May 2 2013, 03:18 AM)
Not aware that they blocked PSY's MTV.
*
Thats my logic too... notworthy.gif But better for sifu to confirm mar, to protect his intrest, our interest and everyone's interest 'justice/claim'.

Manatau later BN spin spin say our dear ISP put those measure in place cuz of DDoS for 'fair interest'... u know la, the usual crap...
Meek
post May 2 2013, 04:54 AM

Getting Started
**
Junior Member
58 posts

Joined: Apr 2013


Completely unrelated, but since 5 minutes ago I'm getting "Lowyat forum is busy blablabla" every few clicks. Everything else works fine, downloading and uploading as usual.

What are the odds Lowyat server is that busy at almost 5am in Malaysia?


KVReninem
post May 2 2013, 04:58 AM

IX
*******
Senior Member
5,369 posts

Joined: Jan 2003
QUOTE(Meek @ May 2 2013, 07:54 AM)
Completely unrelated, but since 5 minutes ago I'm getting "Lowyat forum is busy blablabla" every few clicks. Everything else works fine, downloading and uploading as usual.

What are the odds Lowyat server is that busy at almost 5am in Malaysia?
*
nope. ddos firing. icon_idea.gif

need advance server to fire back the line coming.
if someone could just hijack those firing and divert back to where the source, it will be awesome.

This post has been edited by KVReninem: May 2 2013, 05:00 AM
SUSzaini900
post May 2 2013, 05:03 AM