Dns Scrambler
DNS Scrambler Plugin: What is the best way to do it? · Issue #5
Hi there,
I am very happy to announce you that the scrambler plugin is in development and will be available in the upcoming version 1. 4. 0. Its main goal is to make harder for the DNS server to know which sites you visit (in complement of the server rotation).
To make this in the best possible way, I need your help to have some feedbacks on how to proceed so the DNS server won’t be able to filter easily the Alexa 1 Million top websites. Actually, the scrambler download the Alexa 1 Million top websites and randomly emits DNS lookups (according to scrambleTimeBetweenRequestsMin and scrambleTimeBetweenRequestsMax options). No less, no more.
I have 3 ideas in mind:
Rent a big server to bruteforce (e. g. with subbrute) subdomains of all domains of the Alexa top
Pros: No disavantage for the user. The downloaded database will contains all the domains of the Alexa top + its subdomains.
Cons: It would take a while and will cost a lot of money.
Use Webkit engines (like PhantomJS) to follow links and render the page just like a normal browser
Pros: Real user interaction, very fast and only the Alexa database is required.
Cons: Limited to HTTPS-only websites so the ISP can’t see that the traffic differs from the user browser (? ). Also, what if the website is illegal in the user country? Should we visit it anyway?
Create a DNSCrypt server that log DNS queries anonymously and serve it as a database to RandomDNS users
Pros: Takes less time than the bruteforce technique and cheap to setup
Cons: Not recommended by @jedisct1. If the server gets compromised for X reason, the attacker could return an empty file or return domains that no one would ever visit (e. invalid ones), rendering the plugin useless. He could also start logging DNS queries with the IPs.
So which idea you prefer? Have you any other idea to prevent DNS servers from monitoring your activity effectively? Debates are open.
Finally, if Tor was a solution I would not have to create this plugin but unfortunately I have to.
Thanks for reading,
S
What is a DNS Hijacking | Redirection Attacks Explained | Imperva
What is a DNS hijacking / redirection attack
Domain Name Server (DNS) hijacking, also named DNS redirection, is a type of DNS attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communication.
DNS hijacking can be used for pharming (in this context, attackers typically display unwanted ads to generate revenue) or for phishing (displaying fake versions of sites users access and stealing data or credentials).
Many Internet Service Providers (ISPs) also use a type of DNS hijacking, to take over a user’s DNS requests, collect statistics and return ads when users access an unknown domain. Some governments use DNS hijacking for censorship, redirecting users to government-authorized sites.
DNS hijacking attack types
There are four basic types of DNS redirection:
Local DNS hijack — attackers install Trojan malware on a user’s computer, and change the local DNS settings to redirect the user to malicious sites.
Router DNS hijack — many routers have default passwords or firmware vulnerabilities. Attackers can take over a router and overwrite DNS settings, affecting all users connected to that router.
Man in the middle DNS attacks — attackers intercept communication between a user and a DNS server, and provide different destination IP addresses pointing to malicious sites.
Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect DNS requests to malicious sites.
Redirection vs. DNS spoofing attack
DNS spoofing is an attack in which traffic is redirected from a legitimate website such as, to a malicious website such as DNS spoofing can be achieved by DNS redirection. For example, attackers can compromise a DNS server, and in this way “spoof” legitimate websites and redirect users to malicious ones.
Cache poisoning is another way to achieve DNS spoofing, without relying on DNS hijacking (physically taking over the DNS settings). DNS servers, routers and computers cache DNS records. Attackers can “poison” the DNS cache by inserting a forged DNS entry, containing an alternative IP destination for the same domain name. The DNS server resolves the domain to the spoofed website, until the cache is refreshed.
Methods of mitigation
Mitigation for name servers and resolvers
A DNS name server is a highly sensitive infrastructure which requires strong security measures, as it can be hijacked and used by hackers to mount DDoS attacks on others:
Watch for resolvers on your network — unneeded DNS resolvers should be shut down. Legitimate resolvers should be placed behind a firewall with no access from outside the organization.
Severely restrict access to a name server — both physical security, multi-factor access, firewall and network security measures should be used.
Take measures against cache poisoning — use a random source port, randomize query ID, and randomize upper/lower case in domain names.
Immediately patch known vulnerabilities — hackers actively search for vulnerable DNS servers.
Separate authoritative name server from resolver — don’t run both on the same server, so a DDoS attack on either component won’t take down the other one.
Restrict zone transfers — slave name servers can request a zone transfer, which is a partial copy of your DNS records. Zone records contain information that is valuable to attackers.
Mitigation for end users
End users can protect themselves against DNS hijacking by changing router passwords, installing antivirus, and using an encrypted VPN channel. If the user’s ISP is hijacking their DNS, they can use a free, alternative DNS service such as Google Public DNS, Google DNS over HTTPS, and Cisco OpenDNS.
Mitigation for site owners
Site owners who use a Domain Name Registrar can take steps to avoid DNS redirection of their DNS records:
Secure access — use two-factor authentication when accessing the DNS registrar, to avoid compromise. If possible, define a whitelist of IP addresses that are allowed to access DNS settings.
Client lock — check if your DNS registrar supports client lock (also known as change lock), which prevents changes to your DNS records without approval from a specific named individual.
DNSSEC — use a DNS registrar that supports DNSSEC, and enable it. DNSSEC digitally signs DNS communication, making it more difficult (but not impossible) for hackers to intercept and spoof.
Use Imperva’s Name Server Protection — a service providing a network of secure DNS proxies, based on Imperva’s global CDN. Each DNS zone receives alternative name server hostnames, so that all DNS queries are redirected to the Imperva network. The service will not only prevent DNS hijacking and poisoning, but also protect from distributed denial of service attacks (DDoS attacks) against your DNS infrastructure.
How To Bypass ISP Blocking Of The Pirate Bay And Other Torrent Sites …
In 2016, the Federal Court ordered ISPs to block five popular torrent websites including The Pirate Bay, TorrentHound and IsoHunt within 15 business days. Since then, a swathe of additional sites have been added to the block list in a bid to eradicate piracy.
Torrenting itself is completely legal of course, and it’s not all that difficult to circumvent ISP blocking of torrent websites. For instance, you can do it through a VPN, which often requires a monthly subscription fee. Here are some ways to gain access to blocked torrent sites for free.
Is It Legal To Access ISP-Blocked Websites?
Last week, the Federal Court of Australia ordered internet service providers (ISPs) to block access to five major torrent websites. This was a result of court action taken by rights holders Foxtel and Village Roadshow in their desperate fight against piracy. But here’s the thing. it’s incredibly easy to bypass any site-blocking implemented by ISPs. So is it legal for Australians to access the blocked websites locally? Let’s find out.
Read more
It’s not illegal to use a VPN to access the blocked sites but the Village Roadshow co-chief executive Graham Burke doesn’t seem too concerned about that. He thinks most people wouldn’t want to fork out money for a VPN.
And he may be right. VPNs aren’t that expensive (some cost less than $US10 a month), but that’s still money you didn’t need to spend before.
Luckily, there are ways to bypass the ISP blocking of the five torrent sites for free.
If It Is Just Simple DNS-Level Blocking
ISPs can use DNS blocking, IP address blocking, URL blocking or any other technical method (so long as the rights holders are happy with it) to block access to the torrent websites. DNS-level blocks are extremely easy to bypass; you can do it in a pinch.
As far as we know, Telstra, which started using this method to restrict access to The Pirate Bay on December 20. Maybe the telco is deliberately using this method so that users can easily bypass it.
One of the easiest ways to bypass DNS-level blocking of a website is by using Google Public DNS. All you need to do is go into your network settings and change your DNS server address to the Google Public DNS address.
On Windows 10 PCs:
Go to Control Panel > Network and Internet > Network and Sharing Center. On the left hand panel, click Change adapter settings
Right-Click on the connection type (could be Ethernet or Wi-Fi) of your choosing and go to Properties
Scroll down the list of items to find Internet Protocol Version 4 (TCP/IPv4). Click on it once to select it and then click Properties.
Near the bottom of the box is “Use the following DNS server addresses”. Select that option and type in 8. 8. 8 and/or 8. 4. 4
Click OK and you’re done.
The process is very similar on Windows 7/8/8. 1 and even Mac computers as well. You just locate the Network settings and change the DNS server address.
We don’t know what type of blocking method other ISPs will use but the following options should be enough to bypass a number of site-blocking techniques.
Use The Tor Network
ISPs are only required to block the torrent websites that host the. torrent files. These. torrent files contain the file metadata and tracker addresses that let your chosen torrenting software know the multiple sources it can get a particular file from, be it a movie, a TV show, a recent Linux distro or a piece of open-source software. When you torrent a file, it comes in dribs and drabs from users around the world who are seeding the file.
The key point here is the torrent websites themselves don’t host any actual content – they just host the. torrent files that tell you where you can get it. For this reason, you just need to bypass the site-blocking far enough to get to the. torrent files.
The Onion Router (Tor) can get you there. It’s a global network of servers that is generally used by people who want to browse the internet anonymously. When you use the Tor browser software, you’re moving your traffic across Tor servers which makes it hard to track your IP address, and more importantly, hard to block you.
The Tor network has a lot of similarities to BitTorrent but it can be a bit slow and isn’t suitable for file sharing. Good thing that web browsing is all we need to do here. Tor acts as the middle man who can fetch the. torrent file and covertly deliver it to you.
Tor can be a bit intimidating for people to get into. The good news is there an easy way to connect to the network using a software package called Tails. It works on Windows, Linux and Mac OS and lets you connect to Tor without going through any tricky browser configuration processes.
You can get Tails here.
It’s worth noting there was recently a critical security flaw that was found in Tor browser that has since been patched.
VPN Through Amazon Web Services (AWS)
For those who don’t mind a more technical option, you can always set up a VPN on AWS and tunnel the traffic to the torrent sites through it.
The AWS Free Tier lets you try out some services on the public cloud platform over a 12-month period for free. You’ll need to deploy the OpenVPN Amazon Machine Image (AMI) in EC2, which is free on the AWS Marketplace as a Community AMI. It can be a laborious process but here’s the full instructions from OpenVPN to help you through it: Click here. Make sure you choose to deploy it in a location outside Australia.
You’ll eventually end up with a working OpenVPN virtual server. From there you’ll need to get the OpenVPN client software, also free, onto your computer to connect to your very own VPN.
The AWS Free Tier has an outgoing traffic limit of 15GB per month but, again, we’re only interested in getting the. torrent files from the blocked websites, and they’re only a few kilobytes each. Just turn off the VPN once you start torrenting the actual file.
Just remember that the AWS service will continue to run even after the trial period has ended and will start charging you once the 12 months is up.
Off-The-Shelf VPN Service
Just want a quick and easy solution that will work straight away? Here is a list of VPN services that you can sign up for.
It’s not a comprehensive list and everybody has their own preferences. But if you’ve never used a VPN before and just want to see some of the options available, it’s a good place to start.
Why I Refuse To Feel Guilty For Torrenting Game Of Thrones
One year ago my brother in-law and I made a decision. We wanted to do the right thing. We wanted to try and pay to watch Game of Thrones season 5. Analyse that sentence for a second. I’ll add some italics for emphasis. “We wanted to try and pay to watch Game of Thrones. ”
Read more
Frequently Asked Questions about dns scrambler
Can you hack a DNS?
Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect DNS requests to malicious sites.
How do I bypass DNS?
One of the easiest ways to bypass DNS-level blocking of a website is by using Google Public DNS. All you need to do is go into your network settings and change your DNS server address to the Google Public DNS address. On Windows 10 PCs: Go to Control Panel > Network and Internet > Network and Sharing Center.Jun 19, 2018
Is OpenNIC DNS safe?
OpenNIC. The OpenNIC project is most well-known for its user-owned and controlled top-level Network Information Center. It offers an alternative to typical top-level domain (TLD) registries such as ICANN. However, the firm also provides some of the most secure free DNS servers.
