Free VPN Free Cheese
Dear colleagues.
It has often been observed (including on Habré) discussing the security of web surfing through public unprotected WiFi networks and protection recommendations.
At a minimum, it is advised to use HTTPS wherever possible. Many people remember about TOR and / or VPN. Someone prefers VPN to its own server (but it doesn’t write connection logs!), Someone buys a VPN. It happens, remember and freebies. Full or with restrictions (xxx MB per month for sample and we will be glad to see you among our clients, if you like it). In particular, such labels as Expat Shield and SecurityKISS became familiar. They have different conditions, but this is not the point. In one form or another, with or without restrictions, but this is a freebie. Set, try.
')
SecurityKISS successfully connected and reported that External IP 217.147.94.149 (UK).
Ping, any site in the browser ... it seems everything works. We check telnet connection to port 25 on a certain Internet server, in which console I sit at the time of the experiment directly, without a tunnel. Tcpdump running on the external interface of the server is silent about any connection attempts, there is no traffic on port 25. But telnet assures that there is a connection. True mailer banner is not ... I type EHLO 123 and falls out in response
421 Cannot connect to SMTP server xx.xx.xx.xx (xx.xx.xx.xx: 25), connect timeout
where xx.xx.xx.xx is the IP of my server.
As you understand, it is not my server xx.xx.xx.xx that is responding and not telnet with its “Connecting to xx.xx.xx.xx ... Could not open connection to this host, to port Y: Connection failed”
I try the same on the 80th port. The connection is, tcpdump does not show anything. I’m dialing through some (long enough) GET / - send TCP-SYN packets (in fact, port 80 is not listening, there’s no service on it).
IP 217.147.94.149.8414> xx.xx.xx.xx.80: S 832655572: 832655572 (0) win 16384 <mss 1366, nop, nop, sackOK>
Conclusion - transparently proxy everything they can.
Try Expat Shield.
The connection to port 25 seems to be without tricks, a banner and everything else is in place. We try the 80th port. The same effect as in the case of SecurityKISS. And here the author of the note makes ochepyatku. Instead GET writes GER. Session breaks with the conclusion of this
This time, more informative, “lit” nginx / 1.0.6.
Here is such a security. These services, of course, will protect against eavesdropping in the case of guest WiFi, but in the case of a fixed wired connection, the risk of revealing authentication data or receiving modified content is an order of magnitude higher than if these tunnels are not used.
If someone is interested, there is still a little curious and somewhat similar material on the subject of the Internet via 3G.
It has often been observed (including on Habré) discussing the security of web surfing through public unprotected WiFi networks and protection recommendations.
At a minimum, it is advised to use HTTPS wherever possible. Many people remember about TOR and / or VPN. Someone prefers VPN to its own server (but it doesn’t write connection logs!), Someone buys a VPN. It happens, remember and freebies. Full or with restrictions (xxx MB per month for sample and we will be glad to see you among our clients, if you like it). In particular, such labels as Expat Shield and SecurityKISS became familiar. They have different conditions, but this is not the point. In one form or another, with or without restrictions, but this is a freebie. Set, try.
')
SecurityKISS successfully connected and reported that External IP 217.147.94.149 (UK).
Ping, any site in the browser ... it seems everything works. We check telnet connection to port 25 on a certain Internet server, in which console I sit at the time of the experiment directly, without a tunnel. Tcpdump running on the external interface of the server is silent about any connection attempts, there is no traffic on port 25. But telnet assures that there is a connection. True mailer banner is not ... I type EHLO 123 and falls out in response
421 Cannot connect to SMTP server xx.xx.xx.xx (xx.xx.xx.xx: 25), connect timeout
where xx.xx.xx.xx is the IP of my server.
As you understand, it is not my server xx.xx.xx.xx that is responding and not telnet with its “Connecting to xx.xx.xx.xx ... Could not open connection to this host, to port Y: Connection failed”
I try the same on the 80th port. The connection is, tcpdump does not show anything. I’m dialing through some (long enough) GET / - send TCP-SYN packets (in fact, port 80 is not listening, there’s no service on it).
IP 217.147.94.149.8414> xx.xx.xx.xx.80: S 832655572: 832655572 (0) win 16384 <mss 1366, nop, nop, sackOK>
Conclusion - transparently proxy everything they can.
Try Expat Shield.
The connection to port 25 seems to be without tricks, a banner and everything else is in place. We try the 80th port. The same effect as in the case of SecurityKISS. And here the author of the note makes ochepyatku. Instead GET writes GER. Session breaks with the conclusion of this
400 Bad Request
400 Bad Request
nginx/1.0.6
400 Bad Request
400 Bad Request
nginx/1.0.6
400 Bad Request
nginx/1.0.6
400 Bad Request
400 Bad Request
nginx/1.0.6
400 Bad Request
400 Bad Request
nginx/1.0.6
This time, more informative, “lit” nginx / 1.0.6.
Here is such a security. These services, of course, will protect against eavesdropping in the case of guest WiFi, but in the case of a fixed wired connection, the risk of revealing authentication data or receiving modified content is an order of magnitude higher than if these tunnels are not used.
If someone is interested, there is still a little curious and somewhat similar material on the subject of the Internet via 3G.
Source: https://habr.com/ru/post/148200/
All Articles