Topic Options
#3372 - 03/05/19 09:11 PM 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally
Joemaja Offline


Registered: 03/05/19
Posts: 5
So over the last year I have had this issue about a dozen times. It typically comes and goes. I use DNScrypt to prevent malicious DNS spoofing attacks. The last two days the servers I connect to have been blocked. I will connect to one, and it works fine, and within a few minutes it is blocked. Then I connect to another, it works fine... and after a few minutes it is blocked, and so on and so fourth. Eventually the blocks are removed, and everything works fine. The blocks I witnessed occurred in Amsterdam, Netherlands, and my current Country, Canada, by a data centre owned by my ISP not far from where I live [last image below]. I otherwise for months on end, surf without these problems. When this happens typically NTP server connections are blockd as well. All of this happened within a few short hours over the last two days. The blocks have since been lifted for now. This is extremely irritating, and all the more so, knowing these agencies can cause DoS of critical security systems necessary to prevent hacking and DNS tampering.

The only dnscrypt servers they didn't block were https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/ 5 eyes jurisdiction corporate DNS such as cloudflare and quad9. I guess the last hop before packet loss is where the facilities are located where they are able to attack users with DoS and possibly other avenues; unless this is possible in other ways. If you could explain to me more that would be greatly appreciated.


Image 1:




Image 2:



Image 3:




NOW within an hour r two, all of these are working fine, according to PingPlotterPro.


Edited by Joemaja (03/05/19 09:16 PM)

Top
#3373 - 03/06/19 12:44 PM Re: 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally [Re: Joemaja]
Hayla Offline
Pingman Staff


Registered: 10/16/17
Posts: 90
Hey Joemaja,

Thanks for getting in touch!

DNScrypt is a bit new to me - which one are you using? I attempted to download and there are a ton of different options; I would love to do some testing with this on my end to see what's up (I've been testing this morning but haven't gotten the same results). Furthermore, I see that you're running some pings alongside that 100% packet loss to your final destination - is that from the same machine?

Another thing you can try here is to move away from ICMP and try a different packet type. You can do so by following the directions here:

https://www.pingplotter.com/manual/packetoptions.html

I would recommend using TCP port 80 if you do this, or TCP port 443.
_________________________
Regards,
Hayla

Top
#3374 - 03/06/19 07:51 PM Re: 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally [Re: Hayla]
Joemaja Offline


Registered: 03/05/19
Posts: 5
You guys are *ing aw-some. I'm using this https://one on my AsusWRT Router with Merlin firmware, providing the whole residency with unspoofable criminal hack free DNS. I started off using Simple Dnscrypt; its probably the fastest way to implement and test it out;

So I have learned a bit more about this company that is blocking my internet connections in the EU; I just wrote the following write up for ripoffreport.com didz and stuff; hopefully they wont censor it.

Formerly known as "TeliaSonera." They collude with the intelligence services of various terrorist regimes such as here in Canada who also collude with Canadian ISP's either directly or in compartmentalized fashion. They initiate DoS attacks to weaken the cyber security of the internet and attempt to downgrade users online encryption using a unified threat intelligence system shared in realtime between the EU & Western Partners (possibly others), ostensibly the 14 eyes. Through this unified system, they are capable of denying users who oppose Al-Qaeda access to services in multiple locations around the globe simultaneously. When Telia blocked my security protections in the EU, my ISP also blocked my security connection in Canada to the same very specific DNSCrypt security services designed to prevent criminal hacking activity. Why? Perhaps but not necessarily limited to my warning to the Canadian government not to provide Al-Qaeda residency: https://www.youtube.com/watch?v=Vtv0VFv50O0

A little history on Telia:

Swedish Telcom Giant Teliasonera Caught Helping Authoritarian Regimes Spy on Their Citizens
Source: https://www.eff.org/deeplinks/2012/05/sw...regimes-spy-its

Mozilla Weighs Excommunication For Certificate Authority TeliaSonera
Source: https://www.darkreading.com/risk-managem.../d/d-id/1109591

"Acting U.S. Attorney Joon H. Kim said: “Today, we announce one of the largest criminal corporate bribery and corruption resolutions ever, with penalties totalling just under a billion dollars. Swedish telecom company Telia and its Uzbek subsidiary Coscom have admitted to paying, over many years, more than $331 million in bribes to an Uzbek government official." Source: https://www.justice.gov/usao-sdny/pr/glo...llion-penalties

Telia are a backbone for the internet which users are often forced to route through when surfing the web internationally. They engage in malicious denial of service attacks, and if their servers are malfunctioning and causing packet loss or other outages for the international community, and users tell them about it, staff members request you sign up and pay for Telia Sold Service ID before they are willing to investigate and rectify the problems, which I suspect is impossible unless you live in Sweden. This causes internet problems for the whole planet.

Absolutely unacceptable, garbage company of the lowest order. They don't care about anything but the money and even then, look what happened to them as a result. Boycott and divest from them, sue them, ethical h*ck, do whatever you can to keep them in line or out of sight.



(update for pingmandidz staffsnerfz: I hope my accusations are 100% accurate, I'm still curious if it could be my ISP or some criminal intelligence agency causing the problems strictly from within Canadian borders; I was told by IT staff at my ISP that it was almost certainly the aformentiound foreign states where the problems were occurring, according to traceroute, which I ran directly on my router didz.


Edited by Joemaja (03/06/19 08:07 PM)

Top
#3375 - 03/06/19 08:11 PM Re: 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally [Re: Hayla]
Joemaja Offline


Registered: 03/05/19
Posts: 5
Dear Hayla, I'm not sure which options you are referring to, if its os, pick the os one you use and enjoy the most; if you want a quality service, dnscrypt.nl is probably the best; they don't do upstream resolutions, use dnscrypt v2, don't log, rotate their keys daily, and I have not received any anomalous activity, like i did with cloudflare, cyptostorm and a few others services. (such as, strange sounds and popups on my nephews laptop when he was here and cloudflare was in use, or cyptostorm sending malformed dnssec packets which may indicate tampering with the results; though they do use upstream revolvers I believe, so it MAY have happened on a random basis to random users of their dnscrypt server via upstream spoofing) i was also receiving many https warnings using cryptostorm (ca-west)

" Furthermore, I see that you're running some pings alongside that 100% packet loss to your final destination - is that from the same machine?"


Oh i am sorry, I am running the pings from my router


Edited by Joemaja (03/06/19 10:38 PM)

Top
#3376 - 03/06/19 09:10 PM Re: 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally [Re: Joemaja]
Joemaja Offline


Registered: 03/05/19
Posts: 5
Not to go off topic, so I will post this here... https://www.youtube.com/watch?v=cNOIkFYfJqc&feature=youtu.be&t=298


Edited by Joemaja (03/06/19 09:43 PM)

Top
#3377 - 03/06/19 10:34 PM Re: 14 Eyes Blocking DNSCrypt Servers @ Certain Backbone Centers Internationally [Re: Joemaja]
Joemaja Offline


Registered: 03/05/19
Posts: 5
I am curious if a middlebox could not inject forged packets into my dncrypt transmissions, making it appear that it did not reach the destination but is merely a DoS spoof attack by rogue agencies. Middleboxes can also drop packets based on various policy. So a traceroute might appear that it is blocked in another country but how certain can we be these ICMP packets have not been spoofed and forged one way, and blocked the other way as well?


Edited by Joemaja (03/06/19 10:40 PM)

Top

Search

Who's Online
0 registered (), 15 Guests and 0 Spiders online.
Key: Admin, Global Mod, Mod