Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Post

Proxy ARP Protocol

One of the most common requests that a router will get on a busy network are ARP requests.  They can easily overload hardware so it’s important to have facilities which can share the burden.  Proxy ARP allows a router to answer ARP requests on one of it’s networks for a host on another network.    This involves fooling the sender or the ARP request into believing that the router is the destination host where in fact the destination host is actually on another interface of the router.    The router is effectively acting as a proxy agent for the destination host relaying packets across adjacent networks.

One of the best ways to illustrate proxy ARP is by means of an example.  Imagine a system connected to ethernet networks.  They may look connected but in fact they’re not merely connected by a router operating on two different subnets.  The router will perform the hardware ARP requests across both of the networks which means that they will appear as a single entity.  You can even cross country borders and hide two networks for example a French and a UK proxy like this.

The router will perform complex calculations in order to determine which networks the datagrams need to be sent to.  At the core of the calculations are the network IDs which are essential in order to keep track of source and destinations of the network data.  The router will build up a large table of the various hardware addresses across all connected networks.  Then it can use this information to effectively route data through the most efficient interface like a fast VPN.

You can use various tools to troubleshoot both ARP and proxy ARP functions. One of the most useful is obviously the arp command which will list the various addresses stored in the table, use it with the -a switch for easy reference.  You can usually pick up the communications that will commonly take place when proxy ARP is being used fairly easily.

Other commands that are useful include the ifconfig command which can list IP addresses for ports and interfaces.  You can also reconcile hardware addresses, serial links and interface information using this command.  Effectively though you can understand proxy ARP by the simple fact that it tries to hide two physical networks from each other.   IN fact when it is configured correctly you can actually have a single network id to represent two distinct networks.

 

Post

Hey How do I Hide My VPN Connection?

The problem with being a super sneaky ninja surfer and using a VPN is that anyone with a little IT knowledge and access to ISP logs can see that you are using one.   For the ordinary user, internet logs are a myriad of calls and get requests to hundreds of different web servers and IP addresses.  However if you’re using a VPN then it all get’s channeled through a single IP address, that of the VPN server.

hide my vpn
Of course, it’s all encrypted and hidden so your actual web activity is hidden.  However signalling the fact that you’re using a VPN does kind of decrease the feeling of privacy somewhat.  So is there a way of becoming a little more discrete and hide VPN connection from various nosy people?   Well it depends on which VPN service you’re using but the most secure services have configuration options that enable to make the fact you’re using a VPN almost invisible too.

Even the best proxy server isn’t going to have these options at least not unless you’ve full administrative access .  However a few of the proper secure VPN download for PC have customizable interfaces that allow you to configure these security settings.

Hide My VPN – Demonstration

Here’s a video explaining the options in Identity Cloaker – entitled Hide my VPN, where you can see how to make VPN use invisible.

The key factor in hiding the use of a VPN or proxy is to make your browsing look similar to everyone else’s and that involves rotating your internet addresses that are used. If your connection simply uses a single IP address all the time it’s fairly easy to identity it’s a VPN or Proxy server being used. However if this IP addresses is rotated slightly then your connections will sink back into the shared anonymity of the logs.

Identity Cloaker also allows you to configure some applications to be encrypted and redirected whilst others operate as normally. For instance you can configure one browser like Firefox to be encrypted and routed through the VPN server, whilst Chrome operates like a normal insecure browser. You then switch to the secure browser when you want some privacy and to hide your browsing whilst everything else is normal. Activists use this technique to just switch to their secure browser when posting on social media or making controversial posts.

Post

The Return of US DNS Netflix

It’s been a few months now since Netflix instigated it’s comprehensive and extremely effective VPN and Smart DNS block.  Overnight literally millions of people found that they were blocked from accessing their Netflix version of choice as suddenly their VPN or US DNS Netflix solutions simply stopped working.  When they connected to Netflix by using one of these methods instead of being redirected to their selected version as soon as a movie or video was played – this was the message most users received:

US DNS Netflix

Most people used these solutions to access different versions of Netflix, generally the US, UK or Canadian versions simply because they are much bigger and better.  The US version of Netflix for example has thousands more movies and TV shows than some of the smaller countries have access to, despite the subscription cost being fairly standard across the world.  For expats or travellers this was even more inconvenient as their US Netflix subscription suddenly was inaccessible and they were redirected to whatever the local version happened to be.

It looked like the media giant had won and the internet had got a little bit smaller again.  However there is hope, we’ve already written on these pages about one residential VPN system which now works after some serious upgrade work.   Now there is a Smart DNS solution too, implemented by the company . .   I believe it is the only US DNS Netflix based system which currently works with Netflix and it works very well indeed.

Smart DNS systems are actually preferred by many users because they don’t require any software and you can install them on all sorts of devices.   They work by only redirecting part of your internet connection and only when you’re using a region blocking media site like Netflix.  Remember though they provide no real anonymity, so if that’s a requirement you’ll need a VPN.  All you need to do is to use the Unblock-US DNS servers instead of your normal ones.  They’ll work normally until you visit a website like Netflix at which point you’ll be redirected through a server in the country you have specified.

usdnsnetflix

Here’s the screen where you specify which country to be routed through.  In this example I’ve chosen Canada as Canadian Netflix has some great shows not available on any other Netflix regions, although I usually leave this set to US Netflix.  If you’ve changed your DNS settings, that’s all you need to do – simply specify which region you wish to use.  You can use this on virtually any device as long as you are able to access the DNS server settings – including phones, smart TVs, media streamers and games consoles. You can even assign these settings on devices which restrict access to the network settings like the Roku. However it can be a little trickier as you have to assign the DNS settings via a DHCP allocation if your router or access point supports that facility.

You still need a valid Netflix subscription of course, but it effectively gives you access to any version of Netflix instantly from anywhere in the world.

However don’t take my word for it, simply click here – . and try it for yourself.   Remember all you need to do is to change your DNS server address and select your Netflix Region and that’s it.

 

Post

Residential VPN – A New Era of IP Addresses

In this article we will introduce the concept of using a VPN and their updated counterpart the residential VPN for bypassing the various blocks and filters you’ll encounter online.

The war waged on VPN services by the media companies has been going on for many years but it’s lately developed a new twist.  Virtual Private Networks are now used by millions of people to bypass internet filters, censorship and region locking.   The latter term refers to the practice of restricting access based on your location, usually to due with some sort of licensing restrictions.  It’s very common and for anyone who travels a lot or lives abroad can be a real problem.

For example a US citizen spending some time in Europe will get barred from accessing all their home media services – their Hulu and HBO accounts for example will not be accessible.   This is because they won’t have a US IP address and will ultimately only have access to media resources in the country  they are located in.   Even more global service like Netflix will redirect you to a localized version which can be a problem if you don’t speak that language well.

Years ago you could use things like a netflix proxy free version or even some simple dns-trick software to bypass these blocks, alas no longer.  They are all blocked apart from the new generation of virtual private networks.   Some companies are more aggressive than others, for example I tried viperdns solution with ITV hub and it works but not for most of the larger US media firms like Netflix.  In fact they are the most aggressive and the the days of using a Netflix proxy chrome extension are consigned to history.

So VPN services have been extremely popular as they stop this sort of filtering. You simply connect to a VPN in the country you wish to access and everything should work fine, so you can choose which is the best VPN for Netflix for instance.

residential vpn

Blocking these services for the media company is actually very difficult to do, simply because the actual VPN connection is very difficult to identify.   The method usually applied is to try and monitor simultaneous connections from the same IP address or manually locate the addresses of these service providers and add them to a black list.  Both work but are extremely time intensive to operate and the reality is that the IP addresses can be rotated very quickly anyway.

Introducing the Residential VPN

However Netflix has moved the battle significantly with it’s latest blocking move, by actually restricting access to specific categories of IP address.  The media giant has blocked access to it’s servers from any commercial based IP address, and given that 99% of VPN servers sit in data centers with commercial addresses this move has wiped out the majority of VPN access to Netflix.

Here’s a residential VPN solution that still works however –

This is a big step and arguably will signal the end of many of the simple VPN companies especially if other media firms follow suit.   The companies who merely rent a few dedicated servers and install some proprietary software simply weren’t prepared for this move.   The simple fact is that it’s extremely easy to obtain commercial IP addresses but much more difficult to obtain residential addresses.

The fight has moved on however and some of the VPN companies like Identity Cloaker are now expanding to offer – different VPN services which are assigned residential classified IP addresses rather than commercial ones.   These can be more expensive but are currently the only way you can access Netflix servers by using a VPN to hide your real IP address.    It’s too soon to be certain whether this will become more widespread, although it does seem to be the simplest way to enforce region locks.

It was first attempted about six years ago when a few TV streaming services blocked access from non-residential addresses.  It was just as successful then and in some ways surprising that the practice didn’t become more widespread.  There are problems of course, when you block access from commercial IP addresses you potentially block many legitimate users too.

For example anyone connected from the workplace through a corporate proxy or using a VPN for security would be blocked too.  Imagine how many people use the BBC in their office and you can see the potential dilemma for these companies.  Perhaps for a pure media streaming company like Netflix it’s more straightforward, after all many employers will already block sites like these purely because of the bandwidth they use.

Whether all companies are going to be able to provide the sort of residential VPN  that is needed to bypass these blocks remains to be seen.  At the moment these domestic classified addresses are hard to get hold of for anyone who isn’t an ISP – some companies like Identity Cloaker have incorporated them but they are the exception at the moment.

Post

Need a German Proxy – Read on.

For years now, people have been using free proxies that you can find online – UK, US and German proxy servers are the most popular but the demand is wide.  It’s not always the smartest move as many of these are simply hacked or mis-configured and using them without permission leaves anyone open to legal action.   Even then, some of them are used to actively sniff your traffic with the intention of stealing usernames, account names and passwords for identity theft or plundering your accounts.
German proxy

However despite these huge security risks, people still use them in their millions every day for accessing content that is restricted to specific countries.   Just for example say you a German national who happens to be living or working say just over the border in France, you might get annoyed to find that many of the web sites you normally visited are blocked because of your location.   Yes, at the moment the European dream of unrestricted movement doesn’t really extend to the digital realm.  Your location determines a huge amount of what you can access online, including often important stuff like online banking.

It’s something that happens all the time, my friend was moaning last week searching for a VPN for Switzerland as he needed to pay a bill but was a few miles over the border.  I can tell you it’s much easier finding a US proxy than a VPN for Switzerland at least for a reasonable price.

The solution is relatively well know, simply route your connection through a proxy server located in the correct country.  So our friend would need to bounce his connection through a German proxy in order  access German only web sites and services.   A crazy situation which is compounded when you have to find the proxy in a specific country, for example look what I (a UK TV license fee payer) need to do in order to watch BBC News live online when I’m travelling or on holiday.

German proxy or a UK One – You Choose

Isn’t it crazy?  Yet it happens to people all over the world in thousands of different situations being discriminated and filtered simply based on their physical location when they connect.

Unfortunately now, free proxies will be pretty much pointless as there’s a growing trend to block access whilst connected to a proxy server.  Proxies, even the well configured secure ones can usually be detected by the website you visit.  Many sites usually turned a blind eye, for example you could get access to BBC iPlayer with any old crappy proxy for many years.  This is beginning to change and now they rarely work as sites actively block the use of proxies to connect to their sites, yep including the BBC.

What you now need is a VPN and a well configured one too, at the moment for example this is the only way to access something like Netflix when you’re outside one of the countries they broadcast too. If you need access to a specific country then make sure you get access to a server in that country – i’e a German proxy if you want access to a German media sites. Even this can be difficult with some companies who are trying to block even VPN access.  This is not straight forward and takes quite a lot of resources, but Netflix seems to be doing this.  Although they can’t determine the actual presence of a VPN connection they can make an educated guess based on the number of connections being established on specific IP address ranges.  These can then be put into a static blocked list which can be banned from accessing the websites – it’s probably very expensive to do especially as the VPN service providers will usually then change their addresses in response.

Post

Netflix VPN Wars

Most of the big media have problems with VPNs, partly because they have no reliable way of detecting their use. A Virtual private network is an encrypted tunnel commonly used to provide a level of security that’s simply not available normally on the internet. It is often used as a method of accessing secure corporate networks using the internet as a transport, meaning that people don’t need the expense of dedicated lines like ISDN lines every where they go.

Best Netflix VPN

So what’s the problem with these VPN connections, why do the big online media firms like Netflix, Hulu and the BBC dislike them so much?

Well it’s basically related to profit maximization and copyright protection. For some unknown reason, most of the world’s big film and TV companies have been using the same sort of license agreements for decades. Except they don’t work anymore, country barriers don’t work so well online, and they’re very difficult to enforce. Simply put, trying to license a film for viewing only in the USA isn’t going to work, yet this is exactly what is happening. Firms like Netflix are forced to negotiate licenses individually on a per country basis which is why every version of Netflix is completely different depending on which country you are in.

Of course what has happened is that some of these versions of Netflix are much, much better than others despite a fairly uniform cost. When you connect to Netflix it looks up your IP address and determines which country you are in and then displays you that version. It’s annoying especially for the traveller, who may settle down in some foreign hotel and find that TV series he’s been watching for 6 weeks is suddenly not available. However this is where the Netflix VPN comes in, as well as being undetectable they also can be used to modify your location through your IP address. The location of the VPN server will determine which version of Netflix or whether you can watch the BBC iPlayer for example, so if you have access to a few VPN services spread across the world then you can basically choose between any version of Netflix you like.

But How Do the Netflix VPN Blocks Work?

As yet there’s no perfect way of detecting when a VPN connection is using a particular web site, although with enough resources you can ‘work out’ most of the VPNs.  What happens is that the companies search online and identify the companies offering services to bypass their blocks and try to identify IP ranges used by them.  It’s not hard – simply look at the adverts for various VPN services and you’ll soon find some of the bigger ones.  The other simple option is to look at specific IP addresses which have multiple connections on them – if you have five hundred people streaming to a single IP address then it’s likely that it represents a proxy or VPN server.  These IP addresses are then individually blocked in a sort of internet black list preventing them access the sites.

This is of course very resource intensive and associated with a host of other problems.    Sometimes the IP addresses change, the VPN services will routinely swap them out – sometimes they are from people connecting through company proxies or educational networks.    It means that some services will work especially the slightly smaller, low key security based ones.  Which means that you can still bypass these blocks if you choose carefully the best VPN for Netflix.

Who knows how this will go on?  The solution of course is to arrange global licensing deals and stop offering different levels of services depending on location.  It’s not surprising people find ways to work around the systems.  After all you can pay your expensive UK license fee and get blocked from watching the BBC online simply because you happen to be abroad for a while.  Also anyone who’s seen how much better the US version of Netflix is compared to some other countries will be amazed at the difference.