因為家陣啲嘢咩都係雲端處理,公司個 firewall service 一 update 個 rule/blacklist,所有嘢即刻 apply。我之前個 DNS over HTTPS 都即刻被廢咗武功。WFH 的時候,唯有一部公司一部私人咁用。之於喺 office,就用電話睇私人嘢囉。都啱o既,無謂俾公司有口實。
唯有,攞個藍芽 keyboard,可以快速咁 switch between 電話同電腦,加強電話o既使用體驗。正所謂:路不轉,人轉。
Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts
Wednesday, October 07, 2020
Friday, May 22, 2020
Enable DNS over HTTPS in Firefox 避開公司監控
話說小弟由公司分配部電腦突然喺 firefox load 唔到任何網頁,十分惶恐。只因我一直都用開 DNS over HTTPS 去規避 default settings。即係公司部電腦即使喺無用 VPN 返公司嗰情況下依然會連將所有 DNS query 飛返去公司嗰 server。咁佢就可以好輕易咁 block 咗你 access 一啲佢唔想你喺公司電腦度 access o既網址。即係咩 google drive, IM 網站都無一幸免,仲要俾人知道晒你o既踪影。
當然,呢個規避方法都只係增加公司 locate 你可疑 internet usage o既難度,唔等如佢唔知,因為你一 connect 去公司個 network 去上一啲已經喺 DNS query 層面被禁o既網站,喺公司個 firewall 層面都一樣可以見到你個 IP 或者 MAC Address 成日連去一啲網站。如果流量不大,應該無咁易 trigger 到相關o既搗截。即係用得一時得一時。
好喇,入正題。新版 Firefox 己經好開放咗個 function,只要去 Options -> Network Settings -> Settings 之後,再 enable 最下邊個 'Enable DNS over HTTPS'. 咁就應該會用到。
但我做完之後,仍然係去唔到任何網頁,所以我就要用更進階o既方法,就係喺網址度打入 'about:config',然後 search 'trr':
network.trr.bootstrapAddress 打入 1.1.1.1
network.trr.mode 打入 3
trr.mode 個 setting 數字o既意思如下:
跟住,我就即時上翻晒網。
當然,呢個規避方法都只係增加公司 locate 你可疑 internet usage o既難度,唔等如佢唔知,因為你一 connect 去公司個 network 去上一啲已經喺 DNS query 層面被禁o既網站,喺公司個 firewall 層面都一樣可以見到你個 IP 或者 MAC Address 成日連去一啲網站。如果流量不大,應該無咁易 trigger 到相關o既搗截。即係用得一時得一時。
好喇,入正題。新版 Firefox 己經好開放咗個 function,只要去 Options -> Network Settings -> Settings 之後,再 enable 最下邊個 'Enable DNS over HTTPS'. 咁就應該會用到。
但我做完之後,仍然係去唔到任何網頁,所以我就要用更進階o既方法,就係喺網址度打入 'about:config',然後 search 'trr':
network.trr.bootstrapAddress 打入 1.1.1.1
network.trr.mode 打入 3
trr.mode 個 setting 數字o既意思如下:
- 0 - Default value in standard Firefox installations
- 1 - DoH is enabled, but Firefox picks if it uses DoH or regular DNS based on which returns faster query responses
- 2 - DoH is enabled, and regular DNS works as a backup
- 3 - DoH is enabled, and regular DNS is disabled
- 5 - DoH is disabled
跟住,我就即時上翻晒網。
Tuesday, February 24, 2015
OpenWRT 的 DNS Amplification attack, dnsmasq setting 漏洞
真係 there is something happened always! 呢次我自己覺得都幾嚴重,所以希望有緣人睇到呢篇文並修正問題,避免問題惡化並做咗幫凶都唔知。
話說小弟家有一台 tp-link 的 router,型號係 wrt1043nd,其實我幾鐘意呢個 router,一、性價比高。二、可以安裝 3rd party firmware。幾年前我係安裝 ddwrt,但後來唔知點解佢做唔到我想要o既嘢,但家陣唔記得係咩 function,就膽粗粗自己走去裝個 openwrt,呀,點知又 work 喎。以我半桶水o既性格,用得都不亦樂乎。
既然用得 openwrt,就梗係調下 wifi settings、做下小小 firewall、port forwarding、起下 vpn pptp server、開埋 ddns service to update ddns 之類。。。
早幾日,細妹投訴話屋企上網好慢,有時仲 load 唔到網頁,youtube 又睇唔到,甚至 smartone 個勁慢o既無限 3G plan 都快過用 wifi 連去 netvigator 200M。有咩可能?小弟又要出動去 check 下咩事。。。
唔 check 好地地,一 check 就覺得怪怪地:
Tue Feb 24 10:31:01 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:12 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:24 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:30 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
一開頭唔識睇,心諗,屋企最多二台 desktop,一台 NAS,三部手提電話,計落都係 6 台 device,有咩理由會打爆 150 limit。咁我咪 click 入去 dhcp and dns setting 去睇下。依然無頭緒。咁咪逐個 setting 睇下囉,點知又俾我咁啱 click 咗:
Write received DNS requests to syslog
咁我返轉頭再睇下個 system log,嘩,不得了,俾啲 log 嚇傻咗:
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 70.234.253.75
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.239.253.115
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 109.108.209.151
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.239.253.115
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 109.108.209.151
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.240.130.123
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 70.234.253.75
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
無端端係咁 query url,一睇個網址就知古怪喇,第一時間我以為係有嘢中毒,或者係 NAS 中咗招,咁我二話不說就 remote power off 台 HP N40L。點知 check log 都係一樣。咁我咪試下改個 dns port 做其他,咦,即係無事喎,無晒啲無聊 query。咁以為自己搞掂喇,點知打番屋企一問,屋企人投訴上唔到網就知出事,估計係改咗 dns port 連 lan 內o既 device/PC 都 lookup 唔到 dns,咁即係改 port 方法行唔通。咁唯有上網搵料。上網一查原來呢個係叫做 dns amplification attack,即係不斷咁問 dns server 去解個網址,俾人係咁問,唔識就 forward 去自己個 dns server,再 reply 去目標電腦,jam 到目標無晒反應,做到 DoS,唔係 Disk Operation System,係 denial of service。
搵咗一大輪,又話要 set firewall,加句 iptables 咩咩咩咁,又要係 specify 係 drop 咩網址o既 packet 又成,搞到頭都大,加上呢個攻擊應該係 update 咗,上網都唔多搵到呢個 fkfkfkfz.guru o既資訊,類近網址就搵到o的。最終都係唔成功,礙於第二日要早起返工,唯有暫時放棄唔整住,但個心都係好唔安樂。
第二日,返工嗰時有時間都繼續搵下料。俾我搵到小小線索:原來係 OpenWRT 有個小問題,就係佢個 dnsmasq service default 係會 listen 所有 interface,即係 lan 同 wan o既 dns query 都會應機。頂,有無咁痴線呀,街外 dns query 關你鬼事咩,多餘。咁咪睇下有咩 setting 要整。
/etc/config/dhcp
under
config dnsmasq
加句
list notinterface 'wan'
意思係唔再 listen 來自 wan o既 dns query。叫做成功解決咗問題,router loading 由 3x% 跌番去 less than 10%。好彩 netvigator 無 blacklist 我咋,做咗'助攻'成兩個幾月都唔知道。最衰都係 OpenWRT,佢 dnsmasq default 應該要 list notinterface 'wan'喇,仲要 gui 無得俾人 set,下下要 telnet 入去改 config 檔,大老呀,真係唔係個個識整。故寫下此文,希望有緣人能 search 到,幫到手、用得著。
所以話,久唔久要睇下 log,真係好緊要。同埋,唔好隨便開 server 俾街入到嚟,唔係中咗招都唔知咩事。
話說小弟家有一台 tp-link 的 router,型號係 wrt1043nd,其實我幾鐘意呢個 router,一、性價比高。二、可以安裝 3rd party firmware。幾年前我係安裝 ddwrt,但後來唔知點解佢做唔到我想要o既嘢,但家陣唔記得係咩 function,就膽粗粗自己走去裝個 openwrt,呀,點知又 work 喎。以我半桶水o既性格,用得都不亦樂乎。
既然用得 openwrt,就梗係調下 wifi settings、做下小小 firewall、port forwarding、起下 vpn pptp server、開埋 ddns service to update ddns 之類。。。
早幾日,細妹投訴話屋企上網好慢,有時仲 load 唔到網頁,youtube 又睇唔到,甚至 smartone 個勁慢o既無限 3G plan 都快過用 wifi 連去 netvigator 200M。有咩可能?小弟又要出動去 check 下咩事。。。
唔 check 好地地,一 check 就覺得怪怪地:
Tue Feb 24 10:31:01 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:12 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:24 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
Tue Feb 24 10:31:30 2015 daemon.warn dnsmasq[6244]: Maximum number of concurrent DNS queries reached (max: 150)
一開頭唔識睇,心諗,屋企最多二台 desktop,一台 NAS,三部手提電話,計落都係 6 台 device,有咩理由會打爆 150 limit。咁我咪 click 入去 dhcp and dns setting 去睇下。依然無頭緒。咁咪逐個 setting 睇下囉,點知又俾我咁啱 click 咗:
Write received DNS requests to syslog咁我返轉頭再睇下個 system log,嘩,不得了,俾啲 log 嚇傻咗:
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 70.234.253.75
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.239.253.115
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 109.108.209.151
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.239.253.115
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 109.108.209.151
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 67.240.130.123
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: query[ANY] fkfkfkfz.guru from 70.234.253.75
Tue Feb 24 10:32:55 2015 daemon.info dnsmasq[6322]: forwarded fkfkfkfz.guru to 219.76.98.90
無端端係咁 query url,一睇個網址就知古怪喇,第一時間我以為係有嘢中毒,或者係 NAS 中咗招,咁我二話不說就 remote power off 台 HP N40L。點知 check log 都係一樣。咁我咪試下改個 dns port 做其他,咦,即係無事喎,無晒啲無聊 query。咁以為自己搞掂喇,點知打番屋企一問,屋企人投訴上唔到網就知出事,估計係改咗 dns port 連 lan 內o既 device/PC 都 lookup 唔到 dns,咁即係改 port 方法行唔通。咁唯有上網搵料。上網一查原來呢個係叫做 dns amplification attack,即係不斷咁問 dns server 去解個網址,俾人係咁問,唔識就 forward 去自己個 dns server,再 reply 去目標電腦,jam 到目標無晒反應,做到 DoS,唔係 Disk Operation System,係 denial of service。
搵咗一大輪,又話要 set firewall,加句 iptables 咩咩咩咁,又要係 specify 係 drop 咩網址o既 packet 又成,搞到頭都大,加上呢個攻擊應該係 update 咗,上網都唔多搵到呢個 fkfkfkfz.guru o既資訊,類近網址就搵到o的。最終都係唔成功,礙於第二日要早起返工,唯有暫時放棄唔整住,但個心都係好唔安樂。
第二日,返工嗰時有時間都繼續搵下料。俾我搵到小小線索:原來係 OpenWRT 有個小問題,就係佢個 dnsmasq service default 係會 listen 所有 interface,即係 lan 同 wan o既 dns query 都會應機。頂,有無咁痴線呀,街外 dns query 關你鬼事咩,多餘。咁咪睇下有咩 setting 要整。
/etc/config/dhcp
under
config dnsmasq
加句
list notinterface 'wan'
意思係唔再 listen 來自 wan o既 dns query。叫做成功解決咗問題,router loading 由 3x% 跌番去 less than 10%。好彩 netvigator 無 blacklist 我咋,做咗'助攻'成兩個幾月都唔知道。最衰都係 OpenWRT,佢 dnsmasq default 應該要 list notinterface 'wan'喇,仲要 gui 無得俾人 set,下下要 telnet 入去改 config 檔,大老呀,真係唔係個個識整。故寫下此文,希望有緣人能 search 到,幫到手、用得著。
所以話,久唔久要睇下 log,真係好緊要。同埋,唔好隨便開 server 俾街入到嚟,唔係中咗招都唔知咩事。
Wednesday, February 11, 2015
香港台灣電視節目
本來唔多睇電視o既我,都要睇下香港電視 update 下新聞以解鄉愁。
自己 download 個 rss player
再 add 番條 link
irss.se/dramas
好多嘢睇o架!連台灣綜藝都有,真係唔錯!TWC 15Mb 都好暢順無問題!
Monday, February 02, 2015
Subscribe to:
Posts (Atom)