Escaping Region Locking from Media Sites

In the early years of the internet there were very few restrictions on what you could see and download. If you started a web browser in the US you’d get pretty much the same experience as someone who started in Cairo. Obviously there might be some variation in speed of course, but what you could see and do was almost identical.

That’s changed a lot now with the growing popularity of region locking and control. It started off fairly helpfully – your search engines would switch you to the appropriate location based on your IP address. This meant that if you were searching from London for electricians you wouldn’t get directed to results in Sydney which would obviously be useful. We’ve got used to this and it generally makes everyone’s life much easier.

However the use of region locking has extended greatly in the last few years, in fact any major web site will usually operate some level of control. Often it’s again beneficial, Amazon will make sure you go to the UK site, Costco will direct you to your local store and so on. However for many of the world’s biggest media sites it’s a much different story – region locking usually means region blocking.

Ever tried to access Pandora from outside the US? Well it doesn’t work, the wonderful music site is only accessible for those located in the US. Want to watch the BBC News, sorry if you’re outside the UK it’s not going to happen. Those are just two but the list is extensive, in fact it’s unlikely you’ll now find a large media site which doesn’t lock down access based on the location of your IP address.

It’s crazy when you think about it, a global communication medium deliberately trying to segregate and restrict our world. Worse too that in a time when many of us travel extensively, we are blocked and filtered at every turn when we’re online.

So What’s the Solution?
Well to take back control and stop being blocked you need to be able to control your IP address. Unfortunately for most of us that’s not possible, the IP address is assigned when you connect to the internet and there is no way of modifying it. You can of course modify your local address but that’s not important, region locking uses your external internet facing IP address.

However although you cannot modify your address, you can hide it by using VPN servers to protect your connection. If you connect to a UK VPN server for example, it will look as though your have a UK IP address and watching the BBC works without problems. You can use a US VPN to gain a US IP address for Netflix irrespective of where you actually are. Many firms have developed services to support this demand and the top VPN providers will allow access to a network of servers in different countries.

This means that although you cannot change your real IP address, you can hide it behind a VPN server. It gives you back control and neatly sidesteps the pervasive region locking and filtering which seems likely to keep expanding.

Further Reading – British VPN

Travellers Need a Fast US Proxy

Most of us now take some sort of internet enabled devices with us when we travel. Whether it is a smart phone, a tablet or laptop computer there’s usually room in our luggage for at least one of these electronic devices. Indeed many people will often have a variety of electronic gadgets with them at all times. Whether you’re travelling for business or pleasure having access to the internet can make life in an unfamiliar environment much simpler.

Booking hotels, tickets, making travel arrangements is so much simpler if you can research or even pay online. If you spend a lot of time abroad it can become even more vital, enabling you to keep in touch at home, organise your affairs and pay those household bills. Try arranging a direct debit with your bank over an international phone call from a hotel room, believe me it’s not as simple as you can imagine and doesn’t come close to the ease of most online banking systems.

However just as the internet was making life easier for the frequent travellers, many of the services we use are making it harder. You might find logging in to your banking site gets blocked when you’re abroad, accessing your AMC account to watch some TV will be banned to because of copyright issues. The list of US sites that can only be accessed from a US location grows ever week and frankly it’s a huge problem for many of us. To bypass these blocks there is a viable solution use a VPN or proxy server based in the US, if you connect via one of these you won;t get blocked by any region locking restrictions. Try this video – where the user gets an American IP address from outside the US.

As you can see without a VPN being connected, the service is inaccessible. However when you connect using a Fast USA proxy such as the one illustrated your physical location is immaterial. The website determines your location based on the IP address of the VPN server – if it’s in the USA then so you’ll appear to be there too. It’s crazy that we should require these sort of workarounds, the internet is by it’s very definition a global network and yet it’s being increasingly restricted and blocked. After all the most important time for me to use my online banking is when I can get to my physical bank. The time I want to use online entertainment services when I’m away from my home TV set and stuck in a foreign hotel.

If you use these services, remember to try them out first. There are literally thousands of these VPN and proxy service available online but the vast majority of them are pretty hopeless. Without proper support and a decent infrastructure behind them you’ll find many are slow and unreliable. Particularly for accessing online movies and films speed will be essential otherwise it will be a painful experience!

John Simpson
www.anonymous-proxies.org

Is Anonymity Important Online?

There are many discussions across the world about using the internet and how it should be policed.  Many of the less democratic countries already have rather sweeping digital laws allowing content to be blocked, services closed down and users arrested.  These laws usually are phrased rather vaguely, using excuses like national interest or public safety.  They’re usually designed to be broad enough to cover whichever situation the authorities require without sounding unduly restrictive.  The reality is that in many countries the 140 characters of a Tweet is enough to get you hefty prison sentences.

People seek anonymity for different reasons depending on their location.  Of course in countries like Iran, China and lots of Far Eastern  you have to be very careful what  you say online, if you criticise leaders that can be enough to get you locked away for a very long time.  In 2015 a Thai man ‘liked’ and ‘shared’ a Facebook photograph which was critical of the Thai Royal family, he’s currently awaiting trial and faces 32 years in jail.  Needless to say Thailand is a country where you should be very careful about what you do online particularly if it involves the royal family.

In other more democratic and arguably civilized countries there are somewhat different concerns about privacy online.  You are unlikely to get arrested for being critical of Western leaders online, however don’t assume that your comments are not being monitored.  Most of the advanced countries, particularly in places like the US and UK, online activity is extensively logged.   In the UK legislation is being passed to legitimize this behaviour but it’s fairly certain to assume it’s already being going on for many years prior to this.

Much of the problems about privacy relate to the fact that it’s so easy to monitor people online.  The internet is simply not designed for privacy, it uses insecure clear text protocols like HTTP and email, whilst distributing our connections through a mesh of hardware owned by all sorts of people and corporations.   If you have access to a network hardware in a telecommunications company then there’s little you can’t access with the right resources.  Of course, the morality of this can be quite unclear but there are other areas where legality can be used as a perfectly justifiable excuse.

For example download a Bit Torrent client, join a swarm to download a pirated copy of the latest blockbuster movie and in your screen you’ll instantly see a page full of IP addresses of people illegally downloading copyrighted material.  It’s not hidden, not hard to find and only one step away from turning that into a list of names and addresses.   The people who use these programs are mostly unaware that they are not downloading torrents anonymously, in fact they’re doing it whilst actively broadcasting their identities.

The important factor to remember whatever you’re doing online, wherever you are and irrespective of who you are – you are probably being monitored to some extent.  Whether it’s merely being sucked up by one of the UK security services huge data trawls or more specifically by a media company seeking damages for copyright infringements – it could be happening.

John Herrod

Technology Author and Consultant

Searching for a VPN with Residential IP ?

So why would anyone be trying to find a VPN with a residential IP? Well, for the sake of clarity, there are certain distinct classifications of IP addresses which are becoming more and more important.  It refers to the actual categorisation of their use rather than any complicated technical property.  The fact is that there are only two of these categories –

  • Commercial IP Addresses – allocated to private companies and datacentres
  • Residential IP Addresses  – allocated to individuals usually through Internet Service Providers (ISPs)

There’s no technical distinction, no difference in structure or allocation – you can’t tell simply by looking at an IP address which is commercial and which is residential address.   In fact it’s entirely possible for addresses to switch between the two categories if they are reallocated.  However the classification is being used increasingly by web sites and services to distinguish between customers.

Is VPN Safe

Take for example a standard residential IP address assigned from a small ISP, any website can determine that this is likely to be a private individual likely to be surfing from their home computer.   The origin of a commercial IP address is much more difficult to determine –  it could be from a commercial organisation, from a wireless access point, directly from a server or bot or perhaps a standard user who is using a VPN or proxy server.   If you’re a website owner looking for customers for example, it’s the residential traffic that is going to interest you most not the commercial stuff.

It’s a classification which is now being used by many websites to block traffic from specific sources.  You can see in this post about VPNs being blocked by Netflix that the media giant is using this classification to stop people bypassing the region blocks by using proxy type servers to hide their locations.  Netflix has simply decided that if you are originating from a commercial based IP address then you can’t access their service irrespective of whether you have a subscription or not.   Which is why people are becoming increasingly desperate to find a VPN with a residential IP address.

It’s not just the media companies who are starting this, other sites are increasingly looking to block all non-residential based addresses too.  There are advertising sites like Craigslist and Gumtree who want to isolate their services to specific local home markets and people using VPNs or commercial servers to access them globally aren’t in that category.   There are casualties of course, VPNs are important ways to maintain the security of your internet connection and privacy yet using one is likely to get you blocked from certain sites.  Additionally there are many countries where it’s not safe to post openly and a VPN is essential to use the internet securely.

There are a few VPN services which now offer residential IP addresses included, like this one at Identity Cloaker which routes Netflix traffic through residential address to avoid being blocked.  However they are quite rare simply because the addresses are very difficult to obtain and cost much more than standard commercial IP addresses available from a datacenter.

Domain Name System Packet Structure

The Domain Name System (DNS) is one of the most vital protocols used on the internet, it basically holds everything together. DNS links all the web friendly names to IP addresses without DNS you’d need to memorize the IP address of every server or resource you wanted to visit online.

DNS servers hold databases of resource records which contain the mappings that allow devices to resolve IP addresses to DNS names and vice versa. These databases are generally made accessible to any device that requests them or other DNS servers. If you’ve ever had anything to do with DNS you’ll know that although the basic principles of DNS are quite straight forward the overall architecture can be very complicated particularly with regards to the internet.

In this initial article we’re going to cover some of the basics of the DNS packet structure, which is in many ways very different to other protocols used to communicate online.

DNS Packet Structure

  • DNS ID – Associates DNS responses with corresponding queries.
  • (QR) Query/Response – Simply identifies whether packet is a query or response packet.
  • (AA) Authoritative Answers – When this value is set it indicates that the Name server is the ultimate authority for that domain.
  • (RD) Recursion Desired – DNS client requires a recursive query if answer not available.
  • (RA) Recursion Available – DNS Server supports recursive queries.
  • (RC) Response Code – Used to identify any errors
  • Questions Section – Variable section which contains all the queries to be resolved
  • Answers Section – Variable section which contains responses to queries.
  • Authority Section – Variable section which contains records pointing to authoritative name servers if required.

There are more components of the DNS packet but these are the important ones which contain the bulk of the information i.e. the query and answer. This is how a simple DNS query will be performed – a client wishes to know an IP address (or DNS Name) will send the query to a DNS server, the server will send the answer in it’s response.

The simplest DNS transaction will take place in just two packets i.e the query and the response. You can see it quite easily by using a packet capture program like wireshark and in fact DNS exchanges are a very good way to start packet analysis because the majority are relatively straight forward. There are exceptions of course, indeed we are increasingly seeing modified DNS services used to access US media sites like Netflix like this article – http://www.onlineanonymity.org/proxies/the-return-of-us-dns-netflix/ describes.

There are a few things to remember when studying and troubleshooting DNS traffic and one of the most important is that DNS relies on UDP as it’s transport mechanism. This is useful to know because if you do use something like Wireshark to analyse you’ll notice lots of UDP traffic and that it condenses the beginnings of the packet into a single flags section which can be difficult to follow initially.

Remember though the vast majority of DNS traffic is very simple, consisting of a query and a response. There is more information in the packet but essentially it’s a question and an answer – if you need to see all the data and resource record types they are here – DNS Resource Parameters.

Changing Your IP Address Quickly

For those who work or spend a lot of time online, having one IP address is always enough. The problem is that the way the internet has developed the single address which is assigned to your internet connection is often at best inconvenient but often extremely limiting. The problem is that you have absolutely no control over the address which is assigned to you, yet it is used to control your access to many of the world’s biggest websites.

cyberspace-1757801_640

Take for example YouTube, when someone uploads a video they have the option to control which countries it is accessible from. So major publishers will often release in specific countries and deny access to others, your IP address is used to enforce these controls. Ever wanted to check the news or a TV show broadcast from a TV station based in a different country? Well most of the time you can’t because the vast majority of media streaming on these sites is restricted to the country they are based in. Want to watch the French News on a Parisian TV channel to improve your language skills? Sounds a sensible use of the internet, yet you’ll get blocked unless you get on a plane and take your laptop to France, crazy huh!

So that’s it the reality is that region locking alone will effectively block huge parts of the internet from every single one of us. I think my most frustrating experience of this was when I tried to listen to the cricket on holiday, I thought that I would be able to watch BBC iPlayer outside the UK yet alas I was very wrong – you can only watch/listen to the BBC online from the UK.

Which is why people are starting to get fed up of this, after all the internet wasn’t designed to be segmented and blocked on all these levels. The solution is actually very simple, you just need the ability to switch your internet address when required – a quick IP changer to bypass the thousands of blocks and filters applied across the web.

How does This Work? Well it’s actually quite simple although you cannot change your real IP address, unless you happen to own an ISP – you can effectively hide your address by using proxies or VPN servers. All you do is to connect to a VPN server in a different country and then browse the internet as normal. Instead of seeing your real address the only visible IP address will be that of the VPN server, so by using a network of these servers across the world you can view any website you wish and effectively bypass any blocks based on location.

Realistically this could be a very difficult procedure continually reconnecting to different VPN servers but many companies have made this much simpler. They have implemented simple software programs which allow you to point and click to switch servers and effectively changing your IP address

Classification of IP Addresses

If you’re looking for a VPN or proxy solution to switch your IP address, then there’s certain information you should be aware of regarding the classification of these addresses.   Most people who use VPNs to change their addresses are normally concerned with only one factor – the country that the IP address is registered too.

This is because many of these services are used specifically to bypass the growing trend of region locking operated media sites.  Sites like Hulu, BBC, NBC and in reality most of the major entertainment sites usually restrict access to their home countries – so for example you would have to be in the UK to watch all the British TV channels, whereas the US stations like ABC are only accessible to American IP addresses.   So people will use a US VPN to watch US sites, and UK ones to watch UK channels and so on.   In fact this is so important that most services provide servers located in most larger countries to allow their users the most flexibility in their web browsing.   Not all companies do this, but if you want to access a particular website you should determine that they have a server in the same country if you want to access it.

The above video demonstrates some of the options available and how region locking can be accessed, but it has recently become even more complicated. The problem lies not in the location of the IP address but in the classification. Most IP addresses are listed as either being commercial or residential. Commercial ones are used mostly by companies and run from datacentres or corporate networks whereas residential addresses are assigned usually from ISPs to home computers. Increasingly media sites are choosing to block all access from commercial IP addresses primarily to try and enforce their region locking attempts.

Netflix where the latest company to do this, and overnight nearly all commercial VPN services stopped working with this website much to the annoyance of thousands of users who access Netflix with a VPN. Now you need to use a residential VPN to access any of the Netflix global sites. That is the IP address assigned to the VPN server you connect to must be classified as a residential one or it simply won’t work.

A few of the VPN services have adapted to this change and offer residential IP addresses although they are more expensive to obtain that the more plentiful commercial addresses. If you want to access something like Netflix though it is essential they have these classified addresses or they just won’t work.

Network Analysis Using TCPDump

Should you need to observe any IPv6 traffic in your capture it’s possible to select IPv4 only. You’re able to specify networks also. There are lots of network monitoring utilities accessible to debug networked applications. It’s a widely-known program that provides an assortment of choices to gather just the details you want from the network. Unfortunately mastering this tool completely isn’t a simple task. These tools are especially vital for technical staff. Originally written by Van Jacobsen to analyze TCP performance issues, it’s still an adequate tool for this job, but a lot of features are added since then.

A fast hack might be the subsequent. Just like all things Linux, there are lots of tactics to get this done. Should you be using Solaris, you may use snoop to locate the CDP packets, but it doesn’t format the data nicely. It can be used with tcpdump (with regard to usage and options). Tcpdump gives a review of the form of protocol related at a certain time to ping peaks. Finally, it prints some information about the packet. TCPDUMP even demonstrate these sequence numbers.

monitor-1307227_640-1

Generally you will require root permission in order to capture packets on an interface. You can imagine this as something very similar to if statements. Typically, if the expression comprises shell metacharacters, it’s simpler to pass it like a simple, quoted argument. In practice, if it contains shell metacharacters, it is easier to pass it as a single, quoted argument. If no expression is provided, all packets on the web is going to be dumped. The expression includes one or more primitives. In fact, negating an expression a part of complex expressions syntax and we’re going to discuss complex expressions a modest later. Remember always get as near as the host as possible, rather than through a switch or hub not directly connected. Trying to use TCPDump over an encrypted tunnel can be confusing, as I discovered trying to use it to resolve the Netflix VPN ban as in this post.

You may also copy and paste the proper command into the terminal application to prevent typing mistakes. The whole path to the device name isn’t required. Simply take another look at the headers and see whether you may determine the field which has the VLAN tag info. You would be right about this, except for a single problem. Establishing the identity, you can’t be certain whether the issue lies with the customer or the server. The issue is it attempts to resolve every single IP address it meets. There are two methods to work out this issue. It is fantastic for tracking down network troubles or monitoring activity.

You may tell to quit capturing after a specific range of packets using the flag followed by the quantity of packets to capture. It is also possible to specify Ethernet addresses. At length, if you prefer to make absolutely certain you find the most possible information that’s being captured use the verbosity alternatives. A number of the info printed by tcpdump is a little cryptic, especially since the format differs for each protocol. It is simple to get information regarding packets of a specific protocol with the aid of tcpdump. It also includes a self-explaining help page.

You may capture packets from at the most 5 objects at once. Using should capture so much as the biggest RIP packets. You are able to get the packets depending on the protocol type. It doesn’t understand various protocols. The fundamental interfaces for each of these modules is the very same.  You can even specify a source or destination port utilizing similar commands. Additionally, it sets output to line-buffered so that I am able to observe packets once they arrive (). It doesn’t, however, produce any output. The verbose switch is useful especially if you’re trying to determine the location perhaps of a remote French IP address, see this.

The filter parameter is put on at the end of the command line. An extremely practical tcpdump filter is the capability to filter on various protocols. Unix shell has special comprehension of what brackets employed for. On the opposite hand, loosing valuable part of packets may be very critical. It is possible to use two standard kinds of network specifications. The format is designed to be self-explanatory. Occasionally, you might stumble upon an edition of tcpdump that needs an exceptional flag to be set to be able to enable promiscuous mode, but typically, tcpdump will make an effort to enable it by default.

Port Scanning – Information Security Skills

In the realm of information security, port scanning is a critical part. It is a network technique that allows the attacker to gain information about the remote host it is seeking to attack. It refers to computer networking ports, rather than an actual piece of computer hardware used to connect wires. Port scanning can likewise be employed to fix the kinds of hosts in the network which are in use through pinging them. It is the well known reconnaissance technique that is usually used by hackers. Using HPing as a method for scanning stipulates a decrease level example for how idle scanning is done. Syn scanning is faster since it doesn’t establish a complete TCP handshake.

Although not as important during legitimate penetration testing, it is vital to be aware when analysing real attacks that the originating IP address is likely to be false.  Any competent attacker would spoof their IP address, perhaps to a different country so a Russian attack would appear to originate from a British IP address for example.

code-1568556_640

Clearly, there are quite a few other techniques to detect port scans. There are a number of other different kinds of scans that may be done with a port scanner apart from the kinds that are mentioned inside this post. It is necessary to be aware that this scanner is only a connector and won’t read the codes and display the info by itself. Port scanners deliver basic views of the way the network is laid out.

You can proceed and see the exact same implementation of port scanning within this project. Not to mention that you might want to scan various protocols (UDP, TCP, ICMP, etc.). Additionally it is feasible to string packets with each other to monitor a full transaction. If no packet is received whatsoever, the port is deemed open. In case the packet isn’t encrypted it’s possible to read the info within it.

There are a large variety of tools offered for network sniffing. It’s possible for you to discover these easily by utilizing war dialer software such as ToneLoc. Among the most recognized port scanning tools is NMAP. The FORScan software is distributed beneath a freeware license that you have blatantly breached in many ways. After you connect both computers, after that you can run PCMover. Utilize system restore in Windows when you’ve got a problem that you can’t easily fix. It attempts to discover the operating system by utilizing some TCP header fields, yet this technique cannot tell the precise linux distro for example.

As a way to learn how to guard your network from threats through open ports, you first have to comprehend precisely what ports do and the reason why they’re important. The port may be stealthed, or closed. This port is known as the DLC (data hyperlink connector). USB ports are going to be in existence for a while to come so I recommend that sort of very long range wireless adapter. Specified ports on someone’s personal computer are open continually for example if they’re using a service like watching the BBC News live in the background, making them a target for absolutely any possible hacker who’s searching for people to victimize.

With a firewall, you’ll be able to lock down all your ports and help it become impossible to communicate at any system, or you may open ports to certain uses and numbers. The main reason why you would conduct a port scan is dependent on your viewpoint. The initial 1024 TCP ports are known as the Well-Known Ports and are connected with standard services like FTP, HTTP, SMTP or DNS.

Understanding ICMP and UDP

Otherwise, then the UDP encapsulation isn’t employed. This layer gives end-to-end delivery of information between two nodes. Hence, every data frame could be impacted by the box. There are a number of distinctive rule sets offered for various attacks.

binary-1327503_640

When a data packet would like to reach a specific destination, it must traverse through these networks. You don’t have to understand about each and every protocol ever conceived. Although SIP implementations still haven’t been widely deployed, the item portfolio is expanding rapidly. You don’t require bandwidth administration. This system is frequently used to connect a couple of LANs, and to supply high-speed Internet connections. This allows the computer to attain faster transfer speeds.

An ethical hacker needs to have a detailed comprehension of all of the above phases to maintain a check on system security. When the attacker has an accessibility to your system, he attempts to keep the accessibility to himself. It is typically accomplished by searching about the target utilizing internet. This IS the most important target of bandwidth administration. It’s an advantage over wireless router regarding security. This type is utilized at homes or little small business setups and is readily available at any regional electronic shop.

At times it’s helpful to capture no more than the very first 68-bytes of the packet in case you don’t will need to observe the payload. When using IPSec, there are a number of permutations to allow a specific feature collection. Usually, split-tunneling is thought to be a security risk although some use it as an innovative method of hiding VPN locations because of Netflix blocking them – here.
Let’s consider how you go about having a look at the various attacks. It’s possible to look at numerous problems that have been alerted on. You’re going to be capable of seeing where you’re alerting. If you’re not certain what you’re looking for leave this blank. Transport mode isn’t a VPN. There’s nothing to re-order. They could possibly be configured differently but the concept is the exact same.

The more filters you may be relevant to your capture the easier it’s going to be to discover what you’re searching for. The data conversion happens at this layer. It’s likewise known as transmission rate. For those who have zero congestion, you don’t have an issues. The bigger The window, the more congestion you’ve got. Should you won’t wish to find any IPv6 traffic in your capture you’re able to select IPv4 only. This is exceedingly valuable especially in situations where you need to investigate an unusual source perhaps from a remote VPN or a residential IP which would look very suspicious in any commercial network.

A wireless router generally has an antenna to keep connectivity within a specific array. This is the way your usual router or switch functions. Regardless of what you use your network for, the actual objective is nearly always exactly the same. There are lots of tactics to prepare a virtual private network. This type is utilized to construct connectivity within a tiny geographic place. Although, this may lead to a slow web connection on account of the shared existing bandwidth. It enables them to have simple to understand services which are simple to provide with minimal staff.
Most goods on the market don’t properly window shape to lessen congestion. Both these methods are utilised to acquire useful information regarding the target. You are able to receive more in depth information on just what the issue actually is.