Welcome Guest ( Log In | Register )

Forum Announcement

Please keep your account's email current. http://lowy.at/chgEmail

Outline · [ Standard ] · Linear+

> YouTube Deep Packet Inspection, All HTTP connections being MITMed

views
     
andrew9292
post May 1 2013, 09:28 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


Had the same symptomps with u guys, now i know why everything else in 1080p is rocket fast. But 'rocket' videos are all 'crashing'
andrew9292
post May 2 2013, 12:27 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(rao_05 @ May 2 2013, 12:14 AM)
In this current stage its not the matter of our internet being filtered but the worst is that they will try to get the list of ppl who frequently access all anti gov sites...
*
That is my concern too..

Then again Personal Data Protection Act 2010says:

Non-application
3.
(1) This Act shall not apply to the Federal Government and
State Governments.

(2) This Act shall not apply to any personal data processed outside Malaysia unless that personal data is intended to be further processed in Malaysia.

There you have it, this is all 'LEGAL'
andrew9292
post May 2 2013, 01:02 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(ragu91 @ May 2 2013, 12:56 AM)
It loads for some few seconds, and then it will stop loading. Like freeze.
*
Just tried to watch this about a day back, it loads and freeze too. When seek further into video it will load, then freeze again.

As of now no problem. I did restart my router twice today due to some configuration updates
andrew9292
post May 2 2013, 01:27 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(raptar_eric @ May 2 2013, 01:20 AM)
even on HTTPs traffic, they can actually filter and block the traffic.. some say SSL/443 can only filter by IP and specific hostname, but no, they can do more in-depth filtering like DLP filtering (data loss prevention) which uses certain keywords as well as criterias...

they could easily forge up a recognized CA cert and put it in their core, and traffic going through would not prompt any cert unrecognized, etc.

all the video titles, video keywords and comments, can be filtered on HTTPs, UNLESS the videos do not have any related information so that filtering cant be done.. they can actually do video filtering also, but i don't think our ISP is at that level yet... some solutions like actiance (facetime) can do video filtering based on speech recognition algorithms..
*
Question is, is it possible for us to find out if there is a system in place that logs down the IP address or the details of those who are accessing such online media? Can we find out if there is a classification system in place that would link such access to our internet accounts by which we register our Name as per IC Number? Eg, getting the IP address or MAC address of the system and tracing it back to it's manufacturer and model so we know what roughly what and how is it being done? If there is such things and if they get into the wrong hands assuming they are not already in wrong hands, the consequences of it is just....

This post has been edited by andrew9292: May 2 2013, 01:28 AM
andrew9292
post May 2 2013, 01:44 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(raptar_eric @ May 2 2013, 01:38 AM)
not really bro... all these devices/appliances are placed on the top of the network hierarchy not at the bottom... the ISP can easily trace our IP, even we are on dynamic IP, back to who is viewing,etc. all our information registered to unifi/digi n bla bla bla...

even if you run a traceroute, how do you know which IP or which hop is the main device? and most of these device do not honor ICMP nor any traceroute... they normally block it to deny any DDoS attack on it... being in the ISP level, they have sufficient budget and also knowledge to secure their network, unless any attack is being done by using very low-level attacks... maybe anonymous can do it lol tongue.gif

adding on, most of these devices is running on transparent mode, just like a transparent proxy, where no physical IP nor virtual IP is needed.. data just pass through, and filtering is done...
*
Okay... sad.gif Thanks for the information! Hope riz or someone can dig out more if it's possible. But personal safety recomended first of course...
doh.gif
andrew9292
post May 2 2013, 02:30 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(IwanAGP @ May 2 2013, 02:16 AM)
http://www.youtube.com/watch?v=uVWxB4AWOxc

Confirmed with this video. It just starts loading after around 2 mins of leaving it idle.

What's wrong? laugh.gif Failed!!!
*
hah! kantoi... another one... cant load at all..
basic crowd will refresh/close vid after 30secs of waiting. hence, can say this video is affectively unavailable.
andrew9292
post May 2 2013, 02:41 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(rizvanrp @ May 1 2013, 04:00 AM)
UPDATE :

I performed a simultaneous packet capture on both my client + remote server while encapsulating the HTTP connection via plaintext SOCKS. All the video payload packets were dropped en route back to my SOCKS client :

Dafuq?

UPDATE 2 :

Confirming all plaintext HTTP connections on Unifi (and maybe Celcom + Maxis) are being man-in-the-middle'd and dropped if they contain blacklisted data.

UPDATE 3 :

Other sources confirming this .. (thanks wkkay):

https://plus.google.com/1013966581485225280...sts/ak6opfbDxwa
*
Just for debunking purposes bro, could these be anti-DDoS/trafic control methods assuming that the accessed media is high in demand, is it? Or is it pure MITM that only serves the purpose of a blockade?

This post has been edited by andrew9292: May 2 2013, 02:41 AM
andrew9292
post May 2 2013, 03:59 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(xDragonZ @ May 2 2013, 03:12 AM)
There's some others media is higher demand than the politic video and loads fine.
*
QUOTE(yclian @ May 2 2013, 03:18 AM)
Not aware that they blocked PSY's MTV.
*
Thats my logic too... notworthy.gif But better for sifu to confirm mar, to protect his intrest, our interest and everyone's interest 'justice/claim'.

Manatau later BN spin spin say our dear ISP put those measure in place cuz of DDoS for 'fair interest'... u know la, the usual crap...
andrew9292
post May 2 2013, 08:55 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(xen0 @ May 2 2013, 08:49 PM)
why LYN set on https?..in settings, i set mine 'NO'.
*
for you, and the LYN's community's safety
andrew9292
post May 2 2013, 08:59 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(IwanAGP @ May 2 2013, 08:47 PM)
Why they didn't block it 100%? Weird  laugh.gif
*
So najis can say 'Youtube server error'.lol nod.gif

This post has been edited by andrew9292: May 2 2013, 09:00 PM
andrew9292
post May 2 2013, 11:53 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


wtf la now they want to put kroni into VPN business also is it...
andrew9292
post May 3 2013, 01:23 AM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


QUOTE(mingxhin @ May 3 2013, 12:50 AM)
Spin is starting rclxm9.gif
*
heh. already predicted this long time ago. spin sampai headache for years until numb edi
are they saying that our TS Riz, whom uncovered a huge security loophole in UniFi's router n infra years ago, does not know what he is talking about?

Altho it is uncivilized sometimes i hope this BN would just leave us forever after going to bed tonight. faster mampus in hell la gosh.

so sked to lose everything cuz they unfairly posses everything

This post has been edited by andrew9292: May 3 2013, 01:29 AM
andrew9292
post May 3 2013, 08:13 PM

-/Livin' On A Prayer/-
*****
Senior Member
953 posts

Joined: Sep 2008
From: Petaling Jaya


Those who want to watch, follow these steps (works as of 8.00pm on UniFi)

1. Go to proxfree.com/youtube-proxy.php

2. Copy paste link/address of this youtube video into the box

3. Set server location: United States West (WA/Washington)

4. Set IP address location United States (Texas 3 Fastest)

This is currently the fastest configuration i have for my UniFi now. Do share or update for other methods if this one gets blocked by beloved Babi Negara.


 

Change to:
| Lo-Fi Version
0.0283sec    0.55    6 queries    GZIP Disabled
Time is now: 6th December 2021 - 01:47 AM