Time and Maxis started to hijack dns query

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

12 Pages « < 7 8 9 10 11 > » Bottom

Outline · [ Standard ] · Linear+

Time and Maxis started to hijack dns query

views

SUSKaya Butter Toast	Sep 6 2024, 09:44 PM Show posts by this member only \| Post #161
Casual Junior Member 325 posts Joined: Feb 2022	QUOTE(PRSXFENG @ Sep 6 2024, 03:43 PM) Spoke too soon, it's coming to TIME Email sent to business customers Image stolen from other places on the internet this message was written by chatGPT
Card PM	Report Top Like Quote Reply

TSaxxer	Sep 6 2024, 10:30 PM Show posts by this member only \| IPv6 \| Post #162
Banned Validating 1,822 posts Joined: Jul 2010 From: Yesterday, 01:25 AM	Welp its not a mere plaintext dns hijack anymore, tm started to https sni mitm and replacing endpoint cert with their bogus cert for google and cloudflare. A dangerous precedence if they could just happy go lucky mitm port 443 and redirect to whatever crap they deem necessary and mitm replace endpoint cert with their crap. Lucky most modern browser will whine about bogus cert in this type of shenanigan. » Click to show Spoiler - click again to hide... « Kaya Butter Toast, Epic_winner091, and 1 other liked this post
Card PM	Report Top Like Quote Reply

TSaxxer	Sep 6 2024, 10:55 PM Show posts by this member only \| Post #163
Banned Validating 1,822 posts Joined: Jul 2010 From: Yesterday, 01:25 AM	What these morons didn't know is that some android phone will auto set private dns setting to "Automatic", it'll be using dns.google by default. Not sure whether got fallback or not but if doesn't, in this situation then whole phone internet will be down since systemwide dns is failing since its not trusting the bogus cert it got. Being a telco cs this upcoming few days should be fun, dealing with cursing users angry about their downed internet. Talk about doing stupid shit without further thinking 🤦🤦 This post has been edited by axxer: Sep 6 2024, 10:56 PM Oltromen Ripot and PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

blackbox14	Sep 6 2024, 11:30 PM Show posts by this member only \| Post #164
Casual Junior Member 346 posts Joined: Jul 2012	QUOTE(axxer @ Sep 6 2024, 10:55 PM) What these morons didn't know is that some android phone will auto set private dns setting to "Automatic", it'll be using dns.google by default. Not sure whether got fallback or not but if doesn't, in this situation then whole phone internet will be down since systemwide dns is failing since its not trusting the bogus cert it got. Being a telco cs this upcoming few days should be fun, dealing with cursing users angry about their downed internet. Talk about doing stupid shit without further thinking 🤦🤦 They should really just limit it to redirecting plain text DNS the way they did it last month with Maxis and TIME. Leave all DoH and DoT alone. For the internet at this point in time, secure DNS is not something ISP should wrestle away from the user. It's part of so many security measures and as you said: even part of some devices' default settings. PRSXFENG and Epic_winner091 liked this post
Card PM	Report Top Like Quote Reply

sadlyfalways	Sep 6 2024, 11:37 PM Show posts by this member only \| Post #165
Regular Senior Member 1,185 posts Joined: Nov 2020	QUOTE(PRSXFENG @ Sep 6 2024, 04:50 PM) I'm guessing the bare minimum is blocking people from using other DNS servers and force usage of ISP servers Maxis gently nudge you in the direction to use DoH/DoT Time just "kindly request" you to change, not "demand" But based on Maxis thread, it seems like home users will not be treated so kindly, and DoH/DoT May be blocked So far on my side... Things are still ok. It remains to be seen how does time implement their block I’m on maxis and still able to doh and even normal google dns works on public ip
Card PM	Report Top Like Quote Reply

dev/numb	Sep 6 2024, 11:52 PM Show posts by this member only \| Post #166
On my way Junior Member 691 posts Joined: Nov 2021	QUOTE(PRSXFENG @ Sep 6 2024, 05:21 PM) From the Unifi There is some mentioning of Cloudflare WARP being blocked Though some others don't have that problem Another post was someone having issues attempting to download and install NordVPN I see no signs of this, so far at least. Grabbed an older router with no encrypted DNS setting, set bareback legacy DNS (Cloudflare IPv4, didn’t bother with IPv6) and tested to ensure it was being redirected to TM’s std infested endpoints. Removed DoT condom on Android phone. Installed Warp from Play store. Enabled Warp+. Tested. Works. Removed DoH profile from MacOS. Visited NordVPN website. Not blocked by TM’s roadside hooker DNS. Successfully downloaded pkg file. Spun up a Ubuntu VM. Successfully ran the Nord Linux install.sh script. No Windows system in my home, so cannot test that. Also didn’t actually try to launch NordVPN (because I don’t use shithole VPNs) so cannot confirm if their VPN endpoints are blocked, but I doubt it. This post has been edited by dev/numb: Sep 6 2024, 11:53 PM PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

PRSXFENG	Sep 6 2024, 11:59 PM Show posts by this member only \| IPv6 \| Post #167
Look at all my stars!! Senior Member 2,608 posts Joined: Nov 2020	QUOTE(dev/numb @ Sep 6 2024, 11:52 PM) I see no signs of this, so far at least. Grabbed an older router with no encrypted DNS setting, set bareback legacy DNS (Cloudflare IPv4, didn’t bother with IPv6) and tested to ensure it was being redirected to TM’s std infested endpoints. Removed DoT condom on Android phone. Installed Warp from Play store. Enabled Warp+. Tested. Works. Removed DoH profile from MacOS. Visited NordVPN website. Not blocked by TM’s roadside hooker DNS. Successfully downloaded pkg file. Spun up a Ubuntu VM. Successfully ran the Nord Linux install.sh script. No Windows system in my home, so cannot test that. Also didn’t actually try to launch NordVPN (because I don’t use shithole VPNs) so cannot confirm if their VPN endpoints are blocked, but I doubt it. for now, it seems like the blocking has been paused for now
Card PM	Report Top Like Quote Reply

dev/numb	Sep 7 2024, 12:03 AM Show posts by this member only \| Post #168
On my way Junior Member 691 posts Joined: Nov 2021	QUOTE(axxer @ Sep 6 2024, 10:55 PM) What these morons didn't know is that some android phone will auto set private dns setting to "Automatic", it'll be using dns.google by default. Not sure whether got fallback or not but if doesn't, in this situation then whole phone internet will be down since systemwide dns is failing since its not trusting the bogus cert it got. Being a telco cs this upcoming few days should be fun, dealing with cursing users angry about their downed internet. Talk about doing stupid shit without further thinking 🤦🤦 If not mistaken, Android’s automatic setting in Private DNS a kind of opportunistic implementation (meaning not strict) and will fallback to legacy DNS whenever. Only the custom option where you input your preferred provider is strict. Very strict in fact. So strict that it will override your VPN’s DNS also, but thankfully the queries happen within the encrypted tunnel. This post has been edited by dev/numb: Sep 7 2024, 12:06 AM PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

dev/numb	Sep 7 2024, 12:17 AM Show posts by this member only \| Post #169
On my way Junior Member 691 posts Joined: Nov 2021	QUOTE(PRSXFENG @ Sep 6 2024, 11:59 PM) for now, it seems like the blocking has been paused for now Fwiw, I actually performed this test last night when I saw that Windows “unable to resolve” error screenshot, not just now after TM realized they screwed up by blocking that art website and unblocked everything. PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

BladeRider88	Sep 7 2024, 07:30 AM Show posts by this member only \| IPv6 \| Post #170
On my way Junior Member 554 posts Joined: Nov 2006	Now Time cannot access dns.google & 1.1.1.1 verify lol
Card PM	Report Top Like Quote Reply

mystvearn	Sep 7 2024, 07:32 AM Show posts by this member only \| Post #171
... Senior Member 6,639 posts Joined: Jan 2003 From: "New Castle"	QUOTE(BladeRider88 @ Sep 7 2024, 07:30 AM) Now Time cannot access dns.google & 1.1.1.1 verify lol So using 1.1.1.1 app also cannot? What is the solution you are planning to do?
Card PM	Report Top Like Quote Reply

BladeRider88	Sep 7 2024, 07:39 AM Show posts by this member only \| IPv6 \| Post #172
On my way Junior Member 554 posts Joined: Nov 2006	QUOTE(mystvearn @ Sep 7 2024, 07:32 AM) So using 1.1.1.1 app also cannot? What is the solution you are planning to do? I did not use the 1.1.1.1 app, i am using a paid private dns Sorry gonna lay low to avoid spy
Card PM	Report Top Like Quote Reply

PRSXFENG	Sep 7 2024, 07:39 AM Show posts by this member only \| IPv6 \| Post #173
Look at all my stars!! Senior Member 2,608 posts Joined: Nov 2020	QUOTE(BladeRider88 @ Sep 7 2024, 07:30 AM) Now Time cannot access dns.google & 1.1.1.1 verify lol hmm still works on my side what's your setup
Card PM	Report Top Like Quote Reply

BladeRider88	Sep 7 2024, 07:41 AM Show posts by this member only \| IPv6 \| Post #174
On my way Junior Member 554 posts Joined: Nov 2006	QUOTE(PRSXFENG @ Sep 7 2024, 07:39 AM) hmm still works on my side what's your setup The usual cf, google, Adguard free dns Suddenly cannot visit 1.1.1.1/help or cf website, and dns.google I am using Adguard Home thou
Card PM	Report Top Like Quote Reply

PRSXFENG	Sep 7 2024, 07:42 AM Show posts by this member only \| IPv6 \| Post #175
Look at all my stars!! Senior Member 2,608 posts Joined: Nov 2020	QUOTE(BladeRider88 @ Sep 7 2024, 07:41 AM) The usual cf, google, Adguard free dns Suddenly cannot visit 1.1.1.1/help or cf website, and dns.google I am using Adguard Home thou check that none of your lists block attempts to visit those, I know i myself have dns.google intentionally blocked to avoid bypasses
Card PM	Report Top Like Quote Reply

BladeRider88	Sep 7 2024, 07:44 AM Show posts by this member only \| IPv6 \| Post #176
On my way Junior Member 554 posts Joined: Nov 2006	QUOTE(PRSXFENG @ Sep 7 2024, 07:42 AM) check that none of your lists block attempts to visit those, I know i myself have dns.google intentionally blocked to avoid bypasses Sadly no 😭 I did not block those sites Anyway, just an alert to you all PRSXFENG liked this post
Card PM	Report Top Like Quote Reply

kwss	Sep 7 2024, 07:48 AM Show posts by this member only \| Post #177
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(BladeRider88 @ Sep 7 2024, 07:44 AM) Sadly no 😭 I did not block those sites Anyway, just an alert to you all Care to post of output of the command: CODE nmap -sCV -Pn -p 53,443,853 dns.google
Card PM	Report Top Like Quote Reply

BladeRider88	Sep 7 2024, 07:50 AM Show posts by this member only \| IPv6 \| Post #178
On my way Junior Member 554 posts Joined: Nov 2006	QUOTE(kwss @ Sep 7 2024, 07:48 AM) Care to post of output of the command: CODE nmap -sCV -Pn -p 53,443,853 dns.google Let me install nmap in that pc first
Card PM	Report Top Like Quote Reply

Sam Leong	Sep 7 2024, 07:53 AM Show posts by this member only \| IPv6 \| Post #179
On my way Junior Member 673 posts Joined: Mar 2016	QUOTE(kwss @ Sep 7 2024, 07:48 AM) Care to post of output of the command: CODE nmap -sCV -Pn -p 53,443,853 dns.google TIME Residential CODE nmap scan report for dns.google (8.8.4.4) Host is up (0.0038s latency). Other addresses for dns.google (not scanned): 2001:4860:4860::8844 PORT STATE SERVICE VERSION 53/tcp open tcpwrapped 443/tcp open ssl/https HTTP server (unknown) \|_http-title: Google Public DNS \| ssl-cert: Subject: commonName=dns.google \| Subject Alternative Name: DNS:dns.google, DNS:dns.google.com, DNS:.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64 \| Not valid before: 2024-08-12T07:19:55 \|_Not valid after: 2024-11-04T07:19:54 \| fingerprint-strings: \| FourOhFourRequest: \| HTTP/1.0 302 Found \| X-Content-Type-Options: nosniff \| Access-Control-Allow-Origin: \| Location: https://dns.google/nice%20ports%2C/Trinity.txt.bak \| Date: Fri, 06 Sep 2024 23:50:49 GMT \| Content-Type: text/html; charset=UTF-8 \| Server: HTTP server (unknown) \| Content-Length: 247 \| X-XSS-Protection: 0 \| X-Frame-Options: SAMEORIGIN \| Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 \| <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> \| <TITLE>302 Moved</TITLE></HEAD><BODY> \| <H1>302 Moved</H1> \| document has moved \| HREF="https://dns.google/nice%20ports%2C/Trinity.txt.bak">here</A>. \| </BODY></HTML> \| GetRequest: \| HTTP/1.0 302 Found \| X-Content-Type-Options: nosniff \| Access-Control-Allow-Origin: * \| Location: https://dns.google/ \| Date: Fri, 06 Sep 2024 23:50:49 GMT \| Content-Type: text/html; charset=UTF-8 \| Server: HTTP server (unknown) \| Content-Length: 216 \| X-XSS-Protection: 0 \| X-Frame-Options: SAMEORIGIN \| Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 \| <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> \| <TITLE>302 Moved</TITLE></HEAD><BODY> \| <H1>302 Moved</H1> \| document has moved \| HREF="https://dns.google/">here</A>. \| </BODY></HTML> \| HTTPOptions: \| HTTP/1.0 302 Found \| X-Content-Type-Options: nosniff \| Location: https://dns.google/ \| Date: Fri, 06 Sep 2024 23:50:49 GMT \| Content-Type: text/html; charset=UTF-8 \| Server: HTTP server (unknown) \| Content-Length: 216 \| X-XSS-Protection: 0 \| X-Frame-Options: SAMEORIGIN \| Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 \| <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> \| <TITLE>302 Moved</TITLE></HEAD><BODY> \| <H1>302 Moved</H1> \| document has moved \| HREF="https://dns.google/">here</A>. \|_ </BODY></HTML> \|_ssl-date: TLS randomness does not represent time \| http-server-header: \| HTTP server (unknown) \|_ scaffolding on HTTPServer2 853/tcp open ssl/domain (generic dns response: SERVFAIL) \|_ssl-date: TLS randomness does not represent time \| fingerprint-strings: \| DNSVersionBindReqTCP: \| version \|_ bind \|_dns-nsid: ERROR: Script execution failed (use -d to debug) \| ssl-cert: Subject: commonName=dns.google \| Subject Alternative Name: DNS:dns.google, DNS:dns.google.com, DNS:.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64 \| Not valid before: 2024-08-12T07:19:55 \|_Not valid after: 2024-11-04T07:19:54 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port443-TCP:V=7.94SVN%T=SSL%I=7%D=9/7%Time=66DB9559%P=x86_64-pc-linux-g SF:nu%r(GetRequest,23A,"HTTP/1\.0\x20302\x20Found\r\nX-Content-Type-Option SF:s:\x20nosniff\r\nAccess-Control-Allow-Origin:\x20\\r\nLocation:\x20htt SF:ps://dns\.google/\r\nDate:\x20Fri,\x2006\x20Sep\x202024\x2023:50:49\x20 SF:GMT\r\nContent-Type:\x20text/html;\x20charset=UTF-8\r\nServer:\x20HTTP\ SF:x20server\x20\(unknown\)\r\nContent-Length:\x20216\r\nX-XSS-Protection: SF:\x200\r\nX-Frame-Options:\x20SAMEORIGIN\r\nAlt-Svc:\x20h3=\":443\";\x20 SF:ma=2592000,h3-29=\":443\";\x20ma=2592000\r\n\r\n<HTML><HEAD><meta\x20ht SF:tp-equiv=\"content-type\"\x20content=\"text/html;charset=utf-8\">\n<TIT SF:LE>302\x20Moved</TITLE></HEAD><BODY>\n<H1>302\x20Moved</H1>\nThe\x20doc SF:ument\x20has\x20moved\n<A\x20HREF=\"https://dns\.google/\">here</A>\.\r SF:\n</BODY></HTML>\r\n")%r(HTTPOptions,21A,"HTTP/1\.0\x20302\x20Found\r\n SF:X-Content-Type-Options:\x20nosniff\r\nLocation:\x20https://dns\.google/ SF:\r\nDate:\x20Fri,\x2006\x20Sep\x202024\x2023:50:49\x20GMT\r\nContent-Ty SF:pe:\x20text/html;\x20charset=UTF-8\r\nServer:\x20HTTP\x20server\x20\(un SF:known\)\r\nContent-Length:\x20216\r\nX-XSS-Protection:\x200\r\nX-Frame- SF:Options:\x20SAMEORIGIN\r\nAlt-Svc:\x20h3=\":443\";\x20ma=2592000,h3-29= SF:\":443\";\x20ma=2592000\r\n\r\n<HTML><HEAD><meta\x20http-equiv=\"conten SF:t-type\"\x20content=\"text/html;charset=utf-8\">\n<TITLE>302\x20Moved</ SF:TITLE></HEAD><BODY>\n<H1>302\x20Moved</H1>\nThe\x20document\x20has\x20m SF:oved\n<A\x20HREF=\"https://dns\.google/\">here</A>\.\r\n</BODY></HTML>\ SF:r\n")%r(FourOhFourRequest,278,"HTTP/1\.0\x20302\x20Found\r\nX-Content-T SF:ype-Options:\x20nosniff\r\nAccess-Control-Allow-Origin:\x20\*\r\nLocati SF:on:\x20https://dns\.google/nice%20ports%2C/Trinity\.txt\.bak\r\nDate:\x SF:20Fri,\x2006\x20Sep\x202024\x2023:50:49\x20GMT\r\nContent-Type:\x20text SF:/html;\x20charset=UTF-8\r\nServer:\x20HTTP\x20server\x20\(unknown\)\r\n SF:Content-Length:\x20247\r\nX-XSS-Protection:\x200\r\nX-Frame-Options:\x2 SF:0SAMEORIGIN\r\nAlt-Svc:\x20h3=\":443\";\x20ma=2592000,h3-29=\":443\";\x SF:20ma=2592000\r\n\r\n<HTML><HEAD><meta\x20http-equiv=\"content-type\"\x2 SF:0content=\"text/html;charset=utf-8\">\n<TITLE>302\x20Moved</TITLE></HEA SF:D><BODY>\n<H1>302\x20Moved</H1>\nThe\x20document\x20has\x20moved\n<A\x2 SF:0HREF=\"https://dns\.google/nice%20ports%2C/Trinity\.txt\.bak\">here</A SF:>\.\r\n</BODY></HTML>\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port853-TCP:V=7.94SVN%T=SSL%I=7%D=9/7%Time=66DB955E%P=x86_64-pc-linux-g SF:nu%r(DNSVersionBindReqTCP,20,"\0\x1e\0\x06\x81\x82\0\x01\0\0\0\0\0\0\x0 SF:7version\x04bind\0\0\x10\0\x03");
Card PM	Report Top Like Quote Reply

Sam Leong	Sep 7 2024, 07:56 AM Show posts by this member only \| IPv6 \| Post #180
On my way Junior Member 673 posts Joined: Mar 2016	Also , from my side TIME didn't even implement DNS plaintext hijack not sure why
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

12 Pages « < 7 8 9 10 11 > » Top

Add Reply Options

Change to:

0.0234sec

0.62

6 queries

GZIP Disabled
Time is now: 5th December 2025 - 04:15 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.