ElaKiri Community
Downloads
Go Back   ElaKiri Community > Motorcycles > Technical Help
Reload this Page SLT is intercepting our internet connections
Reply
 
Thread Tools
(#81)
Old
BLACKLIST_MEMBER's Avatar
BLACKLIST_MEMBER BLACKLIST_MEMBER is offline
Senior Member
BLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to all
 
Posts: 28,991
Join Date: Feb 2008
Location: There is no place like 127.0.0.1
Send a message via AIM to BLACKLIST_MEMBER Send a message via MSN to BLACKLIST_MEMBER Send a message via Yahoo to BLACKLIST_MEMBER Send a message via Skype™ to BLACKLIST_MEMBER
07-17-2017, 08:30 PM

Quote:
Originally Posted by ja2k17ja View Post
DNS hijack කරනව කියල හිතන්න අමාරුයි. එහෙම කරනව නම් ඔයාගේ DNS cache එක flush කරල බලන්න. flush කරාට පසුව ඔය සීන් එක වෙන්න ඕන.

Windows වල ඇඩ්මින් ගෙන් CMD එක රන්කරලා
ipconfig /flushdns

හරියට confirm කරගන්න ඕන . DNS hijack කිරීම illegal වැඩක්.
SLT connections unlimited නොවෙන නිසා SLT එකට විරුදව International ලෙවෙල් එකෙන් Action එකක් ගන්න පුළුවන්.
Cache Flush කරාම ඕක එන්න ඕන කියන එකේ තේරුම DNS Hijack කරනව කියන එක නෙමෙයි. උබේ හිතේ තියෙන ඔය 1st http request එකෙන් වෙනවයි කියන idea එක අල්ලලා දාපන්කෝ උබත් අර SLT customer care එකේ උන් වගේනේ කතා කරන්නෙ

මම DNS traceroute tool එක use කරලා කලේ port එකත් මාරු කරලා. VPN tunnel එකකුත් ඇතුලෙන් ගිහින්.
https://github.com/farrokhi/dnsdiag#dnstraceroute

විශ්වාස කරපන් ඒත් එනව!

උන් 1 query එකයි hijack කරන්නේ. ඊටපස්සේ හරි ලින්ක් එකට resolve වෙනව. එහෙම කරන්නේ redirect කරලා layer 7 වලින්. layer 3 පාවිච්චි කරන්නේ මුල් කෑල්ලේ විතරයි.
මුන් ඒක දාන්නේ රෑ 12 වගේ වෙලාවක schedule කරලා වගේ. එවලේ on කරලා තියෙන computers වලට එවලේම එනවා. අනික් උන්ට උදේ on කරාම එනවා, ඒ වගේම උන්ගේ . ආපහු දිගටම එන්නේ නැහැ.
එහෙම ඕන් කරපු ගමන් බඩු වැඩ කරාද කියලත් උන්ට රෙකෝඩ් වෙනවා මුන්ගේ සර්වර් එකේ ස්ක්‍රිප්ට් එකක මේකේ තියෙන url එක රන් උනාම මෙහෙම
http://announcement.slt.lk/advertise...bscriber_name=[methana uge gedaraphone numebr eka]&timestamp=[methana linux timestamp eka]Contet-length

ඕක රන් උනහම තමයි ඒ නොම්බරේට අයිති කෙනාගේ dns hijack කරන DPI කරන එක හරි උන්ගේ ජල්තරේ clean වෙන්නේ මම හිතන විදිහට. නැත්තන් ඔය මගුල ඒ user ට දිගටම එනව.
ඕකෙන් එහෙම clean කරන්න නම් උන්ගේ system එකට ඒ web server එක කනෙක්ට් කරලා තියෙන්නේ. එතකොට තමා dns hack එක නවතින්නේ.

cache උනානම් දිගටම ඕක එන්න ඕන. ඒ වගේම cache එක අපේ කම්පියුටර්එ වලත්කි හිටිනවා. (උබ ඔය කිව්වා විදියට flush කරනකන්)
නමුත් උන් layer 7 inspection හරි DPI (https://en.wikipedia.org/wiki/Deep_packet_inspection) කරනවා.

මේ ආටිකල් එකේ තියෙන විදිහට කිට්ටු දෙයක් කරන්නේ ඔතන මුන්.
https://labs.ripe.net/Members/babak_...ur-dns-traffic

Quote:
Originally Posted by ja2k17ja View Post
DNS hijack කරනවනම් අපි router එකට 8.8.8.8 හෝ 8.8.4.4 දැම්ම කියල වැඩක් වෙන්නෑ. හොර තක්කඩි ISP කාරයො කරන්නෙ UDP 53 ට යන taffic ටික එයාලගෙ DNS වලට යොමු කරනව. එනම් router එකෙන් 8.8.8.8 වල UDP 53 ට යැවුවත් මගදී හරවනව එයාලගෙ DNS වලට.
මට තාම sure නෑ මෙයාල DNS hijack කරනව කියල.
ඔව් 53 ට නෙමෙයි වෙන port එකකට ගැහුවත් උන්ට request එක අඳුරගෙන ඒක වෙනස් කරනව.

එක කරන එක වලක්වන්න dns encrypt කරනවා හැරෙන්න වෙන ක්‍රමයක් නැහැ මට තේරෙන විදිහට (මේ වගේ service එකකින් dnscrypt.org)
අනික් තියෙන එකම ක්‍රමය උන්ට හොඳ කුණු හරුප ටිකක් එක්ක hotline එකට කෝල් කරලා බනින එක.

Last edited by BLACKLIST_MEMBER; 07-17-2017 at 08:40 PM.
Reply With Quote
(#82)
Old
kosandpol kosandpol is offline
Senior Member
kosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of lightkosandpol is a glorious beacon of light
 
Posts: 44,191
Join Date: Jun 2008
07-17-2017, 08:35 PM

if you're getting this when connecting via a VPN tunnel, change your VPN provider as its clearly not encrypting the traffic.

I've seen this banner and personally, I dont care about it since it comes up quite rarely for me. I dont know about the legal status of DNS Hijacking but I doubt there's any legislation for that in SL.
Reply With Quote
(#83)
Old
LOL_SEEN's Avatar
LOL_SEEN LOL_SEEN is offline
Senior Member
LOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of light
 
Posts: 6,569
Join Date: Jul 2016
07-17-2017, 08:38 PM

Quote:
Originally Posted by kosandpol View Post
if you're getting this when connecting via a VPN tunnel, change your VPN provider as its clearly not encrypting the traffic.

I've seen this banner and personally, I dont care about it since it comes up quite rarely for me. I dont know about the legal status of DNS Hijacking but I doubt there's any legislation for that in SL.
Hi,
what is the best way to verify my VPN is properly encrypting the traffic?
Reply With Quote
(#84)
Old
BLACKLIST_MEMBER's Avatar
BLACKLIST_MEMBER BLACKLIST_MEMBER is offline
Senior Member
BLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to all
 
Posts: 28,991
Join Date: Feb 2008
Location: There is no place like 127.0.0.1
Send a message via AIM to BLACKLIST_MEMBER Send a message via MSN to BLACKLIST_MEMBER Send a message via Yahoo to BLACKLIST_MEMBER Send a message via Skype™ to BLACKLIST_MEMBER
07-17-2017, 08:43 PM

Quote:
Originally Posted by LOL_SEEN View Post
Hi,
what is the best way to verify my VPN is properly encrypting the traffic?
Solarwinds or wireshark වගේ එකකින් analyze කරලා බලන්න පේනවද කියල http වලින් post කරන data
Reply With Quote
(#85)
Old
LOL_SEEN's Avatar
LOL_SEEN LOL_SEEN is offline
Senior Member
LOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of light
 
Posts: 6,569
Join Date: Jul 2016
07-17-2017, 08:44 PM

Quote:
Originally Posted by BLACKLIST_MEMBER View Post
Solarwinds or wireshark වගේ එකකින් analyze කරලා බලන්න පේනවද කියල http වලින් post කරන data
thanks
Reply With Quote
(#86)
Old
LOL_SEEN's Avatar
LOL_SEEN LOL_SEEN is offline
Senior Member
LOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of light
 
Posts: 6,569
Join Date: Jul 2016
07-17-2017, 08:45 PM

Quote:
Originally Posted by BLACKLIST_MEMBER View Post
g)
අනික් තියෙන එකම ක්‍රමය උන්ට හොඳ කුණු හරුප ටිකක් එක්ක hotline එකට කෝල් කරලා බනින එක.
ask supervisor or someone in high rank. otherwise pls don't & useless
Reply With Quote
(#87)
Old
BLACKLIST_MEMBER's Avatar
BLACKLIST_MEMBER BLACKLIST_MEMBER is offline
Senior Member
BLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to all
 
Posts: 28,991
Join Date: Feb 2008
Location: There is no place like 127.0.0.1
Send a message via AIM to BLACKLIST_MEMBER Send a message via MSN to BLACKLIST_MEMBER Send a message via Yahoo to BLACKLIST_MEMBER Send a message via Skype™ to BLACKLIST_MEMBER
07-17-2017, 08:49 PM

Quote:
Originally Posted by ja2k17ja View Post
කාටහරි Wireshark වලින් capture කරල pcap file එක mediafire එකට upload කරන්න පුලුවන්ද? වැඩේ කරන්න පුලුවන්නම් නිට්ටාවටම ලෙඩේ සුව කරන්න පුළුවන්.
දුක කියන්නේ මුන් ඒක random කරන්නේ.

මට කරුමෙට එක පාරක් අතට අහු උනා දවසක් රැකගෙන ඉඳල දෙන්නන් ජම්බු කියල.

ආයේ ට්‍රයි කරා අහුවෙන්නේ නැහැ. හැමදාම එන්නේ නැද්ද කොහෙද. මම විතරක් නෙමෙයි නෙට්වර්ක් එක පාවිච්චි කරන්නේ. share කරලා තියෙන්නේ. අනික් උන් මට කලින් ad එක බලනවද දන්නේ නැහැ
Reply With Quote
(#88)
Old
BLACKLIST_MEMBER's Avatar
BLACKLIST_MEMBER BLACKLIST_MEMBER is offline
Senior Member
BLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to all
 
Posts: 28,991
Join Date: Feb 2008
Location: There is no place like 127.0.0.1
Send a message via AIM to BLACKLIST_MEMBER Send a message via MSN to BLACKLIST_MEMBER Send a message via Yahoo to BLACKLIST_MEMBER Send a message via Skype™ to BLACKLIST_MEMBER
07-17-2017, 08:51 PM

Quote:
Originally Posted by LOL_SEEN View Post
ask supervisor or someone in high rank. otherwise pls don't & useless
they always record the conversations so they will send it to someone in high rank
Reply With Quote
(#89)
Old
LOL_SEEN's Avatar
LOL_SEEN LOL_SEEN is offline
Senior Member
LOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of lightLOL_SEEN is a glorious beacon of light
 
Posts: 6,569
Join Date: Jul 2016
07-17-2017, 08:59 PM

Quote:
Originally Posted by BLACKLIST_MEMBER View Post
they always record the conversations so they will send it to someone in high rank
actually, they don't care at all.
Reply With Quote
(#90)
Old
BLACKLIST_MEMBER's Avatar
BLACKLIST_MEMBER BLACKLIST_MEMBER is offline
Senior Member
BLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to allBLACKLIST_MEMBER is a name known to all
 
Posts: 28,991
Join Date: Feb 2008
Location: There is no place like 127.0.0.1
Send a message via AIM to BLACKLIST_MEMBER Send a message via MSN to BLACKLIST_MEMBER Send a message via Yahoo to BLACKLIST_MEMBER Send a message via Skype™ to BLACKLIST_MEMBER
07-17-2017, 08:59 PM

Quote:
Originally Posted by ja2k17ja View Post
ඕයා ඕක කිව්වම මට මතක් වුනේ. ඔය ලෙඩේ තියෙන අය මේ browser එක use කරල බලල කමෙන්ට් එකක් දන්න. https://browser.yandex.com/desktop/main/
මේකෙ Linux version එකනම් use කරන්නෙ එයාලගෙම DNS.
මේක මගිනුත් ඇඩ් එකට යනවනම්. ඇඩ් සීන් එක එන්නෙ DNS වලින් නෙවි.
thanks මේක එල

Last edited by BLACKLIST_MEMBER; 07-17-2017 at 09:00 PM.
Reply With Quote
Reply

Bookmarks

Tags
security, slt

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Copyright © 2006 - 2011 ElaKiri™ Beta2.Evo vBulletin, vBa iBproArcade Subdreamer I-Magic MKv

Page generated in 0.03099 seconds with 12 queries