Seems new Business opportunity arises in some DNS packet manipulate issued countries.

hong

New Member
Yesterday, South Korea's overseas line monopolistic ISP 'KT' is start to running a DNS packet Manipulation over Inspection Program in partial of they're lines.

someone says it's just a undersea cable line or just a Equipment issues but Not sure to confirm.

only we confirm is, Half of South Korea Civils experience Particial Packet Drops over HTTPS connections.
no matter what's service is (Webpage, VoIP, Video, PC Games), and no matter what's ISP is(all the 3 ISP using KT's Over Country Cables to lease)
and it's part of further international action of Against Revenge Porn and Intellectual Property Piracy Websites.
(like those give pressure on Tumblr porn move to Twitter kind of)


so, i've test some affected websites for sure.


tested on
/ Windows 10 64bit with FF65
/ Android 7.1 Device with FF66 for Android Beta
/ Android 8.1 Device with FF65 for Android


1. in usual case like 'without any custom DNS setting and using 3 ISP's DNS in korea',
all the DNS Packet are manipulated and not secure so webbrowser showing us 'Secure Connection Failed' in all the HTTPS url.

2. so this time try with custom DNS like 1.1.1.1 or 8.8.8.8 kind of 'Support DNS over HTTPS' ones without Encrypted SNI,
now sometimes connection is in, sometimes not.
mostly first connection is failed and have to try some more on each indivisual url connections
to succed to connect but won't be use properly in general usages.

3. we are know Current AdGuard Filtering Engine doesn't support on Encrypted SNI related thing YET but will support in future.
so i've try test on 1.1.1.1 App for Android from CloudFlare Official, set with DNS over TLS mode, not the DNS over Https Mode, Set the Encrypted SNI to ON from Firefox's About:Config page.
now you can check the both DoH and DoT status from 1.1.1.1 Connection Information page
https://1.1.1.1/help

Screenshot_20190212-121352.png


now all the connections trough secure packet seems works fine.

as expected, Current DNS change trough AdGuard, select to DNS Crypted server can't solve this issue.
i'm not try fully proper test on former 'DNSSEC' connection method but as i've seen it won't be pass this packet manipulation i guess.

test result is simple, current Encrypted SNI to using DNS over TLS can avoid current DNS Packet Inspect and Manipulation Program, just using DNS over Https is leaked and filteredable from ISPs.




it's not a Major Social issues in Korea yet, but South Korea is almost 98% percentage of Smartphone usage rate one.
sooner or later it will be issues in social crowds, it will become opertunity to AdGuard products and services.

before ready on those functional in AdGuard, or at least modify AdGuard to work harmony with CloudFlare's 1.1.1.1 Application, advertise or announcement of AdGuard's work & ready on SNI thing for targetting customers in Highly Surveilenced Nations would be good i think.
 

hong

New Member
Current KCC(Censorship committee establishment by Former president Lee Myung Park that establishment right after he shutdown the administrative department of the IT, and he is in Jail now XD) press release are updated now.

https://kcc.go.kr/user.do?mode=view&page=A05030000&dc=K05030000&boardId=1113&cp=1&boardSeq=46819



one more thing i want to ask is.. there's any method to 'Properly set DNS over TLS in Windows 10'?


캡처.PNG


i try to using DNSCrypt(SimpleDNSCrypt) to try set but seems it Only support DNSSEC and DoH.

and try searching on CloudFlare 1.1.1.1 Forum ( https://community.cloudflare.com/c/reliability/1111 ) but there's users doesn't have necessity to use DoT like my regional case so everyone talks about DoH and nothing much info about DoT in Windows 10. (or Firefox Specific ones)

not like Android 1.1.1.1 Official App, i hadn't found any method on Windows 10.
so i've revert all and planning to test this one ( https://github.com/ValdikSS/GoodbyeDPI / https://github.com/Include-sys/GUI-for-GoodbyeDPI ) for next days.

I'v heard GoodbyeDPI can deal with other regional DNS Packet Inspection and manipulate cases but not sure it work on current 02.11 South Korea case.
 
Last edited:
Top