Time to go Pi-Hole.
I just switched to different DNS servers (just find yourself ) and things went well.

CloudFlare & Google site got routed into TM's web server, so I guess their implementation is impersonating those IP address with their server via routing.

This post has been edited by kingkingyyk: Sep 6 2024, 09:18 AM

Try DoH to not-so-well-known server

Just google. Who knows if someone is actively watching the address here and adding them into the list.

Once you got the address, try running the following in your cmd to test whether it is working or not.



They added routing for the the resolved IP so that the packet goes to their server.

This post has been edited by kingkingyyk: Sep 6 2024, 09:29 AM

Those are the addresses of this domain name (blocked by MCMC).

The connection flow for anything that sends request is:
- Ask DNS server for the IP address of the host/domain name (If name is provided)
- DNS server replies with the IP address
- Code packs the IP address into the packet header and sends it to router (default gateway)
- Router sends it to outside world if the IP address is not known to it and hoping there will be some response back.

What TM did here is :
- Routing rules on their side so that any packet that has destination of the known DNS server IP address will get routed into their server.
- Their server has generic web server that listens on 80/443 (The certificate error tells you that the server is not the real dns.google etc)
- The server also contains their copy of DNS server (Not sure) so any DNS request that went in will be responded by their server, not the real one. So your code will get the wrong IP (their server IP) and send request to their server instead!

This post has been edited by kingkingyyk: Sep 6 2024, 09:44 AM

Yeah. I have doubt if their server can handle the traffic. We have been reducing their DNS server load all these while.
This way is a serious security issue. Imagine if one day TM's server got hacked + now the site contains zero-day exploit, then we are all done.

This post has been edited by kingkingyyk: Sep 6 2024, 09:56 AM

It is not blocked, but your packet went into their server by their routing rule.

Assume you do DoH to 8.8.8.8, your router sends out the packet, then on TM side they just route the packet to their server.
So practically you are sending the request to their server, not the destination you expect.

Just don't use well known DNS server (DoH/DoT is optional). They routed all those to their server.

You just made them well known.
Yeah, I'm too considering running a tiny EC2 instance if hell break loose.

This post has been edited by kingkingyyk: Sep 6 2024, 10:39 AM

Many sites nowadays are running on dynamic IP + DDNS, not static IP.

Invalid cert = TM web server's certificate.

Think as every request to 1.1.1.1 will be sent to their impersonation server. It doesn't matter any protocol, the IP now "belongs" to TM.

It works. They are just sending your requests that are meant to reach well known DNS server (identified by IP address) to their server instead.

In AWS you will get dynamic IP address and they will not be able to ban since you can easily switch to different IP and life continues as usual, and this is just not practical for them to do for personal service.

This post has been edited by kingkingyyk: Sep 6 2024, 04:05 PM

Was talking about just the DNS resolve part.

And couldn't do it since impossible to get a dns.google cert.

In this case can we ask MCMC to block ads domains as well? They contain a lot of scams.

Not even need to be Facebook. All ads domains will be great.
Solve the root cause, not the middle-man.

---------

Seriously, instead of having these, government should just get some generous amount of ads credit from these ads providers and start competing with scammers by having similar content with them but the link will lead to their honeypot website for user education. This is the product of spoonfeed education and people have no critical thinking, time to train them up!

This post has been edited by kingkingyyk: Sep 8 2024, 08:44 AM

They lifted the stupid routing for now.
403 is forbidden, means you don't have right to access the resource from the web server. Nothing to do with TM.

I think we should see it from higher level. Will this be misused as an political tool? Be it current government or the next term guys down the road. MCMC just opened up the pandora box, a new forbidden idea for future politicians.

This post has been edited by kingkingyyk: Sep 8 2024, 10:59 AM

They are not from the industry and yet speaking as if they are sane. This will do only more harm than good. Why are they "legalizing" cyber attack?

The way moving forward is always user education, not the "protective barrier" imposed by someone who clearly didn't think of the hefty consequences as demonstrated in the past few days.

This post has been edited by kingkingyyk: Sep 8 2024, 11:12 AM

More like hitch riding the discontent.