Loki – How ICMP Really Can be Dangerous

Overall ICMP has been viewed as quite a harmless and perhaps even trivial protocol. However that all changed with the rather nasty Loki.  In case you didn’t know Loki is from Norse mythology and he was the god of trickery and mischief.  The Loki exploit is well named and seeks to exploit the hither to benign ICMP protocol.  ICMP is intended mainly to inform users of error conditions and to make very simple requests.  It’s one of the reasons intrusion analysts and malware students tended to ignore the protocol.  Of course it could be used in rather obvious denial of service attacks but they were easily tracked and blocked.

However Loki changed that situation as it used ICMP as a tunneling protocol as a covert channel. The definition of a covert channel in these circumstances is a transport method used in either a secret or unexpected way. The transport vehicle is ICMP but Loki acts much more like a client/server application.  Any compromised host that gets a Loki server instance installed can respond to traffic and requests from a Loki client.   Which would also work if the client was spoofing their IP address to watch something like Netflix for instance – see this.  So for instance a Loki server could respond to a request to display the password file to screen or file. That could then be possibly captured and cracked by the owener of the Loki client application.

Many intrusion detection analysts would have simply ignored ICMP traffic passing through their logs.  Mainly because it’s such a common protocol but also an such an innocuous one.  Of course well read analysts will know treat such traffic with heightened suspicion, Loki really has changed the game for protocols like ICMP.

For those of us who spend many hours watching traffic Loki was a real eye opener.  You had to check those logs a little more carefully especially to watch out for those strange protocols being used in a different context.  There’s some more information on these attacks hidden on this technology blog – http://www.iplayerabroad.com/using-a-proxy-to-watch-the-bbc/.  It can take some finding though !!

 

Introduction to Kerberos Authentication

It’s one of the most widely used methods of authentication and this post will briefly introduce you to the subject. As well as being implemented into many operating systems you will find Kerberos is available in many industrial products too. Kerberos hasn’t been tested or verified. Kerberos has many crucial benefits. Kerberos has a few main flaws that system administrators want to take into consideration. Kerberos is the most frequently used example of this sort of authentication technology.

Encryption couldn’t be enabled. The encryption key is subsequently created. Transport layer encryption isn’t necessary if SPNEGO is used, but the customer’s browser has to be properly configured. This authentication is automatic in the event the domains are in the exact same forest. This sort of authentication is rather simple to understand, since it only involves two systems. There are lots of things that could fail with Kerberos authentication. If you’re failing to utilize Kerberos authentication utilizing the LocalSystem account, you’re more than likely failing to utilize Kerberos authentication when users are going to go to the remote system. It’s not only used for authenticating users, when your iPad connects through it’s VPN to watch British Channels online using your AD network it’s Kerberos that authenticates the machine.

In the event the password is incorrect, then you won’t have the ability to decrypt the message. It is extremely important that you don’t forget this password. You might be surprised how many users utilize a password that is just like their user name.

Your password isn’t a fantastic option for a password. When employing those services or those clients, you might have to put in your password, which is subsequently sent to the server. It’s very probable that this user has set the exact same password for the two principals for reasons of convenience. Ideally, you should simply have to type your password into your private computer, once, at the start of the day.

You won’t be able to administrate your server in case you do not keep in mind the master password. In case the server cannot automatically register the SPN, the SPN has to be registered manually. Its normal in order for it to take some opportunity to begin the admin server so be patient. The specified server cannot carry out the requested operation. A digital server simply suggests that it’s not a component of dedicated host. The RPC Server isn’t actively listening.

Server refused to negotiate authentication, which is needed for encryption. Before deploying Kerberos, a server has to be selected to accept the use of KDC. The network location server is a site that is utilised to detect whether DirectAccess clients are situated in the corporate network.

The client may be using an old Kerberos V5 protocol that doesn’t support initial connection support. If he is unable to get the ticket then you should see an error similar to one below. In Kerberos protocol, he authenticates against the server and also the server authenticates itself against the client. The RPC Client will send the very first packet, called the SYN packet.

If each client should happen to require a special key for each and every service, and if each service should happen to require an exceptional key for each client, key distribution could quickly come to be a challenging problem to fix. My client is not going to send the job unless it receives the right response. The client can’t decrypt the service ticket because only servers can do so, but nevertheless, it can send it on. Later he can use this ticket to get additional tickets for SS using the same shared secret. Both client and server may also be called security principals.

John Simmons
http://bbciplayerabroad.co.uk/uk-vpn-free-trial/

Filtering Authentication Credentials

When you use a proxy or VPN server there is a very important security consideration that you should be aware of that is sometimes overlooked.  Any connection should be very careful about how it handles any authentication credentials that are sent using that connection.  For example if you are using a proxy for all your web browsing, you will need to trust that server handling any user names and passwords that you supply to those websites.  Remember the proxy will forward all traffic to the origin server including those user credentials.

The other consideration is specific proxy server authentication credentials which also may be transmitted or passed on especially if the servers are chained.  It is common for proxy credentials to be forwarded as it’s reduces the need to authenticate multiple times against different servers.   In these situations the last proxy server in the chain should filter out the Proxy-Authorization: header if it is present.

One of the dangers is that a malicious server could intercept or capture these authentication credentials especially if they’re being passed in an insecure manner.    Any proxy involved in the route has the potential for intercepting usernames and passwords.  Many people forget this when using random free proxies they find online, they are implicitly trusting these servers and the unknown administrators with any personal details leaked whilst using these connections.  When you consider that often these free servers are merely misconfigured or ‘hacked’ servers it makes using them even more risky.

It is actually a difficult situation particularly with regards to proxies about how to deal with authentication details.  The situation with VPNs are slightly more straightforward, the details are protected during the majority of the transmission because most VPNs are encrypted.  However that last step to the target server will rely on any in built in security to the connection, although this can be effected as in this article – BBC block VPN connection.

Any server can filter out and protect authentication credentials but obviously those intended for the target can’t be removed.  It is a real risk and does highlight one of the important security considerations of using any intermediate server such as a proxy.    It is important that these servers are in themselves secure and do not introduce additional security risks into the connection.  Sending credentials particularly over a normal HTTP session are already potentially insecure without a badly configured or administered proxy server as well.

Most websites which accept usernames now at least use something like SSL to protect credentials.  However although VPN sessions will transport these connections effectively many proxies are unable to support the tunneling of SSL connections properly.  Man in the middle attacks are also common against these sort of protections and using a poorly configured proxy makes this much easier than a direct connection.  Ultimately there are several points where web security and protecting the data is a concern, it’s best to ensure that a VPN or proxy doesn’t introduce additional security risks into the connection though.

Additional Reading on UK VPN Trial

 

 

Video Proxy – How to Unlock the World’s Best Media Sites

When you read about the internet, it’s usually about how it’s constantly expanding and growing but that’s not strictly true.   Although new information is being added all the time, the reality is that much of this is often inaccessible in particular when you’re looking at videos website.

For instance take the example of one of the world’s most popular websites the BBC iPlayer. Even if you remove page titles , it contains thousands of programmes, videos and radio broadcasts and indeed is updated every single day.   It’s a wonderful resource which is continually refreshed, yet unfortunately the site is not accessible when you are located outside the United Kingdom unless you use something like a video proxy to help you. So why is so difficult to access these sites, why do people who happen to be away from home, perhaps in France Roubaix or a seaside town in Spain be constantly search for ways to unblock video pages on YouTube and the big media sites?

It’s an incredible situation, yet one that is becoming increasingly common – the internet is becoming compartmentalised, split into geographical sectors controlled by the internet’s big players.   The method used is something called geo-blocking or locking and the majority of large web sites use it to some extent. You’ll find that a particular site will remove objects based on your location, in fact some countries it’s almost impossible to watch videos on any of the major platforms.   Now the method has been criticised from all sorts of civil liberty organisations. Indeed the EU itself has made criticism which you can find here because it also undermines it’s concept of a Single Free Market.

The technology implemented varies slightly from site to site, yet it’s basically the same – record IP address and look up it’s location from a central database of addresses. So when you try and visit the BBC web site to watch a David Attenborough definition, if your IP address isn’t registered in the UK then you’ll get blocked.

Video proxy

Planet Earth Documentaries on BBC iPlayer

It’s extremely frustrating especially for someone from the UK, and so the workarounds were created.  Now I mentioned above the concept of a video proxy to bypass these and it does work to some extent.  You bounce your connection off an intermediate proxy server based in the location you need, which effectively hides your true IP address and location and will unblock video sites easily

However it’s important to remember that from 2016 onwards simple proxies no longer work on any of the major media sites.  Forget about the thousands of simply unblock sites that promise to bypass internet restrictions, they simply don’t work anymore. Unfortunately  without even simple ssl encrypted connections they can be detected easily and all the sites block them automatically. Some of them are still able to unblock Youtube videos but even those are fairly rare now. Many of them have been blocked at the server level and their hosting services have told them to remove scripts like Glype, Unfortunately the days of the free proxy sites and web proxies have now gone for good at least for being able to access videos sites and large multimedia companies who provide the top rated video production.

However the concept does still work just like the old video proxy method, it’s just you’ll need a securely configured VPN server which cannot be detected.   The encryption is useful giving you the insurance of anonymity whilst able to allow cookies to flow down the connection transparently too. This works in the same way hiding your real address and instead presenting the address of the VPN server.  So using this method, you can watch any media site from Hulu to Netflix and the BBC irrespective of your location.  Unfortunately most simple proxies are now blocked so even the best free proxy sites are useless for accessing media sites like these.

Here’s one in action using a proxy to watch video content from the BBC –


It’s a highly sophisticated program that will allow you to proxy video through a secure connection, also fast enough to allow you to watch video without buffering. It’s very easy to use to unblock video and you’ll find it can bypass internet filters too which are also commonly implemented. The demo version is available to test it out, it won’t function as a YouTube proxy unfortunately but you can at least use the free version to unblock Facebook.   The main program works on PCs and laptops but unlike simple unblock proxy sites you can use it as a video proxy mobile by establishing a VPN connection on your smartphone or tablet – it’s relatively simple to do.

There is one other method, I should mention which you can find discussed in this article here  , it’s called Smart DNS and is a simpler alternative to using a VPN service.

It’s what literally millions of people around the world are doing right now, relaxing in the sun whilst watching the News on the BBC or their favorite US entertainment channel.  There are a lot of these services available now, but only a few that work properly.  Our recommendation doesn’t look like a TV watching VPN at first glance simply because they keep that functionality low key.  Yet for over a decade it has supported all the major media channels in a variety of countries.

It’s called Identity Cloaker – You can try their 10 day trial here – Identity Cloaker

Irish Proxy for Watching RTE PLayer Live

RTE is the national broadcaster of the Republic of Ireland and has been involved in broadcasting TV channels since 1961.  It was actually an early adopter of radio broadcasting yet Ireland was relatively slow in getting involved in TV broadcasts – the BBC was involved in the 1920s for example.  There was some television broadcasting in Ireland through the Northern Ireland services run by the BBC although this was completely unofficial.

The Irish Government until the late 1950s considered TV to be a luxury which wasn’t a priority however it changed it’s opinion as the popularity rose.  A committee was formed to investigate how to set up an Irish broadcasting service (for the lowest possible outlay) and it’s initial form was something like the commercial services from the UK.

The first broadcast was on New Year’s Eve, 1961 at 19:00 hours and included a speech from the President who described what the service would be.   Many other messages were then broadcast from religious figures before a live concert was shown live from the Gresham Hotel in Dublin.

Irish proxy

Temple Bar, Dublin

The Irish people took to the new medium almost immediately particularly as a way to discuss topics and current affairs.   Suddenly topics like abortion, religion and contraception were discussed openly in chat shows and tv studios broadcast across Ireland.  The origin of many of these chat shows lies with the first and arguably the most famous one – The Late Late Show which began in July 1962 and which still runs today.

Although RTE was relatively late to the world of TV broadcasting, however it caught up quickly.  In 1962, RTE expanded it’s broadcasts to include 625 line transmissions several years ahead of the BBC for instance.  In 1969, RTE broadcast the Wimbledon finals in colour over the next few years more and more broadcasts were transmitted in colour.

Rte has expanded it’s channels over the last few years and also branched out into the world of internet broadcasting. RTE Player is the channels broadcasting application and it can be found at the following address – http://www.rte.ie/player/.

Unfortunately the channel is not directly available over the internet outside Ireland although they can be accessed in certain areas. You can watch RTE player in UK but only from certain areas of Northern Ireland particularly near the border there is some overspill of the signal. Also the channels were made available over Sky although there has been some disputes over licensing so certain events usually sports shows are not available in Northern Ireland.

There is however a method where you can watch RTE Player from outside Ireland.   This involves hiding your location behind an intermediate server which means that you can appear to be from whatever country you require.  To do so you don’t need to teleport to Ireland you just need to get hold of an Irish IP address.  So to access RTE Player you would merely connect through to an Irish proxy server first there is also an explanation here – http://www.iplayerabroad.com/bbc-iplayer-ireland/. This actually means your location is irrelevant, by using an Ireland proxy online you can be anywhere, you can even watch Irish TV in Spain for example.

What happens is that the proxy acts as a buffer between the RTE web site and your computer.   When the website performs a lookup on the connecting IP address it will receive that of the server and not the client.  As long as that server is based in the Republic of Ireland then all of the RTE website will be accessible through an Ireland web proxy.

This method works for all geo-restricted sites although there are a few exceptions.   Remember though speed is important as using a slow server as a video proxy will be a frustrating experience.  Also many websites now are able to detect and block the use of proxies, and most users have switched to using VPN.  These encrypted and secure services are much more difficult to detect than simple proxy servers and can be used in the same way to hide a user’s physical location.

Although at the time of writing the Irish proxy still works, it is becoming unreliable. It is strongly suspected that the proxies will be blocked at some point and if you want to watch rte in UK you’ll need to invest in a VPN with an Irish IP address list. The VPN is almost impossible to detect and you can also use it on any device, it’s fairly easy to set up an Irish vpn for ipad or an Ireland vpn for Android devices for example.

If you’re looking for a mixture of high security and fast servers, then may we suggest trying out Identity Cloaker.   It’s an amazing program with servers in the US and most European countries including Ireland and UK.

Try the 10 day trial out here to see how good it is. 

Using a Proxy to Watch the BBC Iplayer in USA

You’d never hear the word ‘proxy’ outside of an IT department a few years ago, but now everyone uses them. This post is specifically how to use a proxy to watch the BBC iPlayer application in the USA. Now firstly a quick introduction to the problem, the internet is not open or unrestricted in fact it’s more compartmentalised than ever before. One of the reasons, is a technology called ‘region locking’ or ‘geo-targeting’ which have very similar meanings.

These technologies are basically designed to ensure that certain websites are only accessible from specific physical locations. It sounds crazy, but it’s true – where you are based physically has a huge impact on what you can access online. I’m not talking about the stupid filtering that paranoid governments do either, these restrictions are deployed by the web sites themselves. Mostly it’s to do with money, profit or copyright laws but they affect a huge proportion of the world’s best web sites.

I would certainly put the BBC and it’s application BBC iPLayer as one of the best web sites on the internet. You get access to all the BBC broadcasts live, something like six or seven 24 hour TV channels plus all the radio channels. You can also watch stuff for about six weeks after using the BBC iPlayer, all quality programmes with not an advert to be seen. Unfortunately it’s only accessible in the UK, if you try and access from the USA you’ll get blocked.

Which is where our friend the proxy comes in, a server that sits between you and the web site you visit basically hiding your real location. The trick is to use a proxy server that sits in the country you need access to, which for the BBC is of course the United Kingdom.

So here we go – How to watch the BBC iPlayer USA simply by using a proxy server.

As you can see this is on a computer, the software demonstrated is called Identity Cloaker and actively hides your true location when you visit any website. In this instance, the BBC sees the UK proxy server and assumes that is your location and as such everything works, you can even watch the BBC News.

Now a few years ago pretty much any proxy server would work, even the free ones you could find online. However this has now changed and there’s a few things you should bare in mind when looking for a way to watch the BBC iplayer in the USA.

Speed – it’s everything when streaming video, otherwise whatever you’re watching will buffer all the time.
Discretion – don’t sign up to a proxy/vpn service which openly advertises bypassing the BBC blocks and has it’s logos all over the site. They will get blocked or closed down.
Security – last year the BBC started actively blocking these connections from proxies. They need to be securely configured so as not to be detected.
Other Countries – If you want to access websites and TV stations in other countries, you’ll need access to proxies in those countries too.

Identity Cloaker is our recommendation because of it’s speed and security, plus it’s very reasonably priced.   Try the 10 day trial first to make sure it works well for you.  Although the core program is software to run on your computer/laptop you can also connect through from a tablet or smartphone by creating the connection manually.  It’s easy to do and there’s a guide here.

How to use a US IP Proxy Server

There used to be a time when configuring and using a US IP proxy server was only for the technologically advanced. However times have changed and now millions of people with limited technical knowledge use IP proxies every day for many mundane situations.

One of the most common uses for an IP proxy is to access content that is restricted by region locking. For instance if you try and access any of the mainstream US media sites like ABC, NBC or Hulu from outside the USA then you’ll find that the majority of the site is inaccessible. The sames goes for lots of other media sites across the world – all inaccessible outside their domestic market.

It kind of makes a mockery of the global communication medium that we call the internet. It certainly wasn’t designed to restrict and block access based on your physical location however that is how it has turned out. Which is why for a US citizen travelling or living abroad a US IP proxy server is so useful.

Using a US IP Proxy Server

The fact is that most of these websites determine your location by looking at your IP address and where it’s registered to. This will of course determine your physical location, however if you connect through a proxy server then the IP address of the server will be revealed and not your own. Therefore someone on holiday in Europe who connected to the internet through a US IP proxy server would appear to be in the US. Here’s a quick video which demonstrates this in action:

As you can see in the demonstration, the software is used to connect to a network of different proxies. In this particular example a US proxy is selected in order to access the film and movie site Hulu. Without using the proxy then the site won’t be accessible as the content is only licensed for US based users. However you can see that there are many different countries available in the software which can be used to watch or access web sites in other countries.

Connecting through a Canadian proxy would give you access to all the Canadian websites, using a French proxy would give you a French IP address and the ability to watch sites like M6 Replay.

As you can see from the video there is no real technical knowledge required as it’s all taken care of by the software. There are a whole host of these programs available now which you can install easily and then change your IP address to whichever you need. It is worth remembering though that when your connection is routed through a specific country then your browsing will be tailored to that country.

Someone connected through a US IP proxy will for example get the US version of Google complete with US related search results. It is obviously not a major issue but it can be confusing if you forget!

How to Switch IP Address Quickly

Many of us now use VPNs and proxy servers routinely to hide our real IP addresses. The reasons are many however for most us it’s either to bypass the thousands of region locks which exist online or simply to hide our real location and identity. Investing in a VPN solution is usually a wise move, providing protection for when you’re online either at home or using an insecure wifi connection in a cafe or hotel for example. When you connect through a VPN or proxy your real ip address is hidden and the website you visit has no way of logging your location.

How to Change IP Address Quickly

The problem is that for region locking uses, having a single additional IP address is rarely enough. The problem is that all these regional filters are based on different locations, so you often require addresses based in a variety of countries and being able to change address quickly is essential. Here’s a quick demonstration of some software called Identity Cloaker which facilitates this:

You can see that the software that controls the connection sits in the task bar and you can enable the VPN or switch it to use another server whenever you like. So for example if you where trying to watch the BBC you’d need a UK IP proxy but to watch ABC or CNN live streams you’d need a US proxy and IP address. All you need to do is open the control panel and switch to the appropriate country.

A few of the biggest VPN providers now provide multiple servers across different countries so you can switch like this. It makes sense to use one of these rather than the companies who charge additional for each country you sign up for. Using these companies you’ll find information on how to change IP address quickly as the subscription covers all their servers. Most of the sites cover countries like USA, Canada, UK, France and Germany whereas for other countries you might need to search around.

One of the difficult countries to get a proxy or VPN in is Australia, simply because the internet costs tend to be much higher there and it’s expensive to include Australian servers in their infrastructure. There are a few around though and you can find a few around, but remember to watch BBC iPlayer in Australia you need a UK proxy not an Australian one. Although any one based in Australia would be advised to use a local proxy when they’re not trying to bypass region locks simply because of the speed.

There is another reason why you should regularly rotate and change your IP address and that’s to keep the fact that you’re using a secure connection private. If you don’t switch addresses and just use a static video proxy, any ISP logs will show the use of a proxy as all requests will be routed through the one specific IP address. Switching this address periodically makes it much more difficult to detect.

Escaping Region Locking from Media Sites

In the early years of the internet there were very few restrictions on what you could see and download. If you started a web browser in the US you’d get pretty much the same experience as someone who started in Cairo. Obviously there might be some variation in speed of course, but what you could see and do was almost identical.

That’s changed a lot now with the growing popularity of region locking and control. It started off fairly helpfully – your search engines would switch you to the appropriate location based on your IP address. This meant that if you were searching from London for electricians you wouldn’t get directed to results in Sydney which would obviously be useful. We’ve got used to this and it generally makes everyone’s life much easier.

However the use of region locking has extended greatly in the last few years, in fact any major web site will usually operate some level of control. Often it’s again beneficial, Amazon will make sure you go to the UK site, Costco will direct you to your local store and so on. However for many of the world’s biggest media sites it’s a much different story – region locking usually means region blocking.

Ever tried to access Pandora from outside the US? Well it doesn’t work, the wonderful music site is only accessible for those located in the US. Want to watch the BBC News, sorry if you’re outside the UK it’s not going to happen. Those are just two but the list is extensive, in fact it’s unlikely you’ll now find a large media site which doesn’t lock down access based on the location of your IP address.

It’s crazy when you think about it, a global communication medium deliberately trying to segregate and restrict our world. Worse too that in a time when many of us travel extensively, we are blocked and filtered at every turn when we’re online.

So What’s the Solution?
Well to take back control and stop being blocked you need to be able to control your IP address. Unfortunately for most of us that’s not possible, the IP address is assigned when you connect to the internet and there is no way of modifying it. You can of course modify your local address but that’s not important, region locking uses your external internet facing IP address.

However although you cannot modify your address, you can hide it by using VPN servers to protect your connection. If you connect to a UK VPN server for example, it will look as though your have a UK IP address and watching the BBC works without problems. You can use a US VPN to gain a US IP address for Netflix irrespective of where you actually are. Many firms have developed services to support this demand and the top VPN providers will allow access to a network of servers in different countries.

This means that although you cannot change your real IP address, you can hide it behind a VPN server. It gives you back control and neatly sidesteps the pervasive region locking and filtering which seems likely to keep expanding.

Further Reading – British VPN

Travellers Need a Fast US Proxy

Most of us now take some sort of internet enabled devices with us when we travel. Whether it is a smart phone, a tablet or laptop computer there’s usually room in our luggage for at least one of these electronic devices. Indeed many people will often have a variety of electronic gadgets with them at all times. Whether you’re travelling for business or pleasure having access to the internet can make life in an unfamiliar environment much simpler.

Booking hotels, tickets, making travel arrangements is so much simpler if you can research or even pay online. If you spend a lot of time abroad it can become even more vital, enabling you to keep in touch at home, organise your affairs and pay those household bills. Try arranging a direct debit with your bank over an international phone call from a hotel room, believe me it’s not as simple as you can imagine and doesn’t come close to the ease of most online banking systems.

However just as the internet was making life easier for the frequent travellers, many of the services we use are making it harder. You might find logging in to your banking site gets blocked when you’re abroad, accessing your AMC account to watch some TV will be banned to because of copyright issues. The list of US sites that can only be accessed from a US location grows ever week and frankly it’s a huge problem for many of us. To bypass these blocks there is a viable solution use a VPN or proxy server based in the US, if you connect via one of these you won;t get blocked by any region locking restrictions. Try this video – where the user gets an American IP address from outside the US.

As you can see without a VPN being connected, the service is inaccessible. However when you connect using a Fast USA proxy such as the one illustrated your physical location is immaterial. The website determines your location based on the IP address of the VPN server – if it’s in the USA then so you’ll appear to be there too. It’s crazy that we should require these sort of workarounds, the internet is by it’s very definition a global network and yet it’s being increasingly restricted and blocked. After all the most important time for me to use my online banking is when I can get to my physical bank. The time I want to use online entertainment services when I’m away from my home TV set and stuck in a foreign hotel.

If you use these services, remember to try them out first. There are literally thousands of these VPN and proxy service available online but the vast majority of them are pretty hopeless. Without proper support and a decent infrastructure behind them you’ll find many are slow and unreliable. Particularly for accessing online movies and films speed will be essential otherwise it will be a painful experience!

John Simpson
www.anonymous-proxies.org