Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Search found 256 matches

by df
Sun Sep 04, 2016 5:52 am
Forum: member support & tech assistance
Topic: Can't Authenticate On Any Node
Replies: 21
Views: 6241

Re: Can't Authenticate On Any Node

@parityboy For now, I've decided to go with a simple/single master so the token database is only on one server. It would be possible to setup replication (which never worked in our Mongo setup), but that would mean the token db is on every node. Not a huge security risk, but if someone confiscated a...
by df
Sat Sep 03, 2016 11:26 pm
Forum: member support & tech assistance
Topic: Can't Authenticate On Any Node
Replies: 21
Views: 6241

Re: Can't Authenticate On Any Node

@parityboy Actually, I completed the Mongo -> MySQL migration about 3 months ago :-P This particular auth mod that went horribly wrong was to address an unlikely scenario that involves confiscation of multiple CS servers (and/or a customer's computer). Before the mod, the auth script was pretty muc...
by df
Sat Sep 03, 2016 11:27 am
Forum: member support & tech assistance
Topic: Can't Authenticate On Any Node
Replies: 21
Views: 6241

Re: Can't Authenticate On Any Node

@privangle the problem was fixed about 4 hours ago. if you're still getting auth errors, double check the token you're using and make sure https://cryptostorm.nu/ confirms that it's valid. email me at df@cryptostorm.is with your openvpn log and your token hash if you're still having problems connect...
by df
Sat Sep 03, 2016 8:00 am
Forum: member support & tech assistance
Topic: Can't Authenticate On Any Node
Replies: 21
Views: 6241

Re: Can't Authenticate On Any Node

Is anyone still getting these auth failures?
The issue should be fixed as of about half an hour ago.
by df
Sat Sep 03, 2016 7:08 am
Forum: member support & tech assistance
Topic: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details inside)
Replies: 15
Views: 12856

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

@privangle
try now. I was modding something in the auth script that was causing temporary auth fails for valid tokens.
should be all good now.
by df
Sat Sep 03, 2016 6:46 am
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

@phonky Does Xubuntu come with an /etc/openvpn/update-resolv-conf script? It might also be useful to change your ovpn config's "verb" line to something higher (5 or 6) so that your log gets more information. @btechgraduate2001 If I understand you correctly, you're saying that you see DNS p...
by df
Sat Sep 03, 2016 6:41 am
Forum: member support & tech assistance
Topic: DNS Leak Ubuntu
Replies: 3
Views: 2084

Re: DNS Leak Ubuntu

[root@b ~]# host public.deepdns.net public.deepdns.net has address 108.62.19.131 public.deepdns.net has address 70.32.38.67 public.deepdns.net has address 173.234.56.115 public.deepdns.net has address 104.238.194.235 public.deepdns.net has address 109.71.42.228 public.deepdns.net has address 76.164....
by df
Sun Aug 28, 2016 2:18 pm
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

From the NetworkManager.conf manpage: dns Set the DNS (resolv.conf) processing mode. default: The default if the key is not specified. NetworkManager will update resolv.conf to reflect the nameservers provided by currently active connections. dnsmasq: NetworkManager will run dnsmasq as a local cachi...
by df
Wed Aug 24, 2016 7:31 pm
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

@btechgraduate2001
No, that IP range is owned by Google:

[root@b ~]# whois 74.125.73.80|grep -E "NetName|Range"
NetRange: 74.125.0.0 - 74.125.255.255
NetName: GOOGLE

So your DNS is still set to either 8.8.8.8 or 8.8.4.4.
by df
Tue Aug 23, 2016 11:26 pm
Forum: member support & tech assistance
Topic: .onion routing broken?
Replies: 8
Views: 4480

Re: .onion routing broken?

@edifice98
Manually setting your DNS to 70.32.38.67 would only fix .onion routing if you're connected to the Dallas node.
by df
Mon Aug 22, 2016 12:59 am
Forum: member support & tech assistance
Topic: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details inside)
Replies: 15
Views: 12856

Re: cryptofree ovpn config works but no connection to ANY of the "paid" nodes no matter if via UDP or TCP (details insid

@Everyone FYI, the sha512 hash calc on the main website didn't remove spaces or tab characters, which sometimes would be included at the end of the plain token if copy/pasted from an email or webmail client. The code's been updated to automatically remove it, but some non-printable chars still might...
by df
Mon Aug 22, 2016 12:40 am
Forum: cryptofree: no-cost cryptostorm network access
Topic: cryptofree howto Windows | cryptostorm.org/cfwindows
Replies: 2
Views: 23176

Re: cryptofree howto Windows | cryptostorm.org/cfwindows

@dlmetcalf It actually points to https://cryptostorm.nu, but even then it's not as secure as we'd like it to be. So in v3 we've addressed the issue by storing setup.exe (now called cryptostorm_setup.exe) on every node, and it's only accessible from an internal HTTP server that requires you to be on ...
by df
Sun Aug 21, 2016 6:25 am
Forum: member support & tech assistance
Topic: Minimize remote attacks on Debian laptop using VPN for Internet access
Replies: 1
Views: 2591

Re: Minimize remote attacks on Debian laptop using VPN for Internet access

Install Windows 10 with Norton and you'll be good :-P Seriously though, traditional remote attacks should always be a concern, even if your laptop only gets assigned an RFC 1918 (https://en.wikipedia.org/wiki/Private_network) IP in the 10.0.0.0/8 or 192.168.0.0/16 space, as is common in most network...
by df
Sun Aug 21, 2016 4:48 am
Forum: member support & tech assistance
Topic: Accessing certain websites outside of CS
Replies: 1
Views: 1696

Re: Accessing certain websites outside of CS

Unfortunately, the solutions to something like this aren't very simple. http://unix.stackexchange.com/questions/101505/route-traffic-out-different-gateway-by-destination-network has information about the type of policy routing that could be used to do this, but it's only for Linux systems (BSD could...
by df
Sun Aug 21, 2016 4:19 am
Forum: member support & tech assistance
Topic: No longer connecting using Cryptostorm 2.2 Widget
Replies: 19
Views: 13411

Re: No longer connecting using Cryptostorm 2.2 Widget

@Archon13 and @EveryoneElse I've tested tested the v3 beta widget on a clean win10 install, it worked fine for me. It's up at https://b.unni.es/cryptostorm_setup.exe Proper release should be fairly soon, just need to fix a few minor (but annoying) bugs. When it does get released, i'll update the abo...
by df
Sun Aug 21, 2016 4:10 am
Forum: member support & tech assistance
Topic: DNS Leak Ubuntu
Replies: 3
Views: 2084

Re: DNS Leak Ubuntu

You sure you added those 3 lines to the correct file(s)? I.e., are the .ovpn configs you downloaded from https://github.com/cryptostorm/cryptostorm_client_configuration_files/tree/master/linux in /etc/openvpn/? If you connect to the VPN, then execute `cat /etc/resolv.conf` and get back: # Dynamic re...
by df
Sun Aug 21, 2016 3:19 am
Forum: member support & tech assistance
Topic: .onion routing broken?
Replies: 8
Views: 4480

Re: .onion routing broken?

Works for me when I just tested two random nodes.
You sure you're using the correct deepdns IP pushed by openvpn?
If you change your DNS to something else, the .onion thing won't work.
by df
Mon Aug 15, 2016 11:00 am
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

@9218391809182 That's not a Google translate IP, it's one of the exit/end points for Google's public DNS servers 8.8.8.8 (or 8.8.4.4), which uses load balancing: [root@b ~]# echo 'nameserver 8.8.8.8' > /etc/resolv.conf [root@b ~]# host whoami.cryptostorm.is whoami.cryptostorm.is has address 74.125....
by df
Sat Aug 13, 2016 4:01 pm
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

Are you running Ubuntu or some other Debian variant? If not, it's possible that something else could be replacing /etc/resolv.conf with whatever is pushed via DHCP by your router. P.S. A cheap fix for that scenario is to put the deepdns IP for the node you're connecting to inside of /etc/resolv.conf...
by df
Sat Aug 13, 2016 2:51 pm
Forum: member support & tech assistance
Topic: DNS Leak Test Failing
Replies: 20
Views: 6696

Re: DNS Leak Test Failing

If you're running Ubuntu or any other Debian based distribution, be sure to follow the instructions at the bottom of https://github.com/cryptostorm/cryptost ... ster/linux to prevent /etc/resolv.conf from being overwritten by dhclient, which will cause DNS leaks.
by df
Sat Aug 13, 2016 4:30 am
Forum: member support & tech assistance
Topic: New Mac config files not working.
Replies: 14
Views: 6744

Re: New Mac config files not working.

@EveryoneElse

https://github.com/cryptostorm/cryptost ... ion_files/ has been updated with a comment about how you can't right-click -> "save as" to download files from GitHub, plus instructions on how to correctly download the configs.
by df
Sat Aug 13, 2016 4:27 am
Forum: member support & tech assistance
Topic: New Mac config files not working.
Replies: 14
Views: 6744

Re: New Mac config files not working.

@Guest I have the same problem on certain nodes when using Windows. Haven't tested on Linux but I'm sure the same would happen there too for those nodes. The solution in Windows, when using PuTTY for your SSH client would be to turn on keepalives: In your session properties, go to Connection and und...
by df
Sat Aug 13, 2016 4:17 am
Forum: member support & tech assistance
Topic: Bitcoin payment on Cryptostorm.is
Replies: 1
Views: 1997

Re: Bitcoin payment on Cryptostorm.is

We've switched from BitPay to Stripe for Bitcoin orders.
Main page has been updated with more information.
by df
Sat Aug 13, 2016 4:13 am
Forum: member support & tech assistance
Topic: Is there a howto or tutorial for install & config crypostorm on manjaro linux ( Arch linux)?
Replies: 7
Views: 4040

Re: Is there a howto or tutorial for install & config crypostorm on manjaro linux ( Arch linux)?

@totoroha Your OpenVPN config file name doesn't look correct, or maybe some of it got cut off when you copy/pasted. "/home/remnux/Downloadsryptofree_client_linux1_4.conf" sounds like it should be: "/home/remnux/Downloads/cryptofree_client_linux1_4.conf" But that's obviously the c...
by df
Sat Aug 13, 2016 4:02 am
Forum: member support & tech assistance
Topic: IP exposed with Dnsleaktest.com and ipleak.net
Replies: 3
Views: 2887

Re: IP exposed with Dnsleaktest.com and ipleak.net

Is your real IP showing on dnsleaktest.com's first page, or is your ISP DNS showing after clicking the "Standard test" or "Extended test" button? You said: append these "script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf" to the be...
by df
Fri Jun 24, 2016 12:25 pm
Forum: member support & tech assistance
Topic: Just Voodoo, o.k., Just Voodoo. [[ Ubuntu / Debian / otros distros ]]
Replies: 1
Views: 2741

Re: Just Voodoo, o.k., Just Voodoo. [[ Ubuntu / Debian / otros distros ]]

Hola ABIS. Derp, I completely forgot there were OpenVPN config files in that repo. They're outdated so I'll remove them now. The latest voodoo configs are at https://github.com/cryptostorm/cryptostorm_client_configuration_files/tree/master/voodoo 1) There's currently no cryptofree voodoo option. 2) ...
by df
Fri Jun 24, 2016 4:29 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

I'm pretty sure my Inno Setup pascal code for the installer was incorrect. It wasn't actually removing some of the cached files it needed to remove in order to update from a previous v3 install, so some of my fixes weren't getting to systems that already had an older v3 installed. That code is funct...
by df
Tue Jun 14, 2016 9:29 am
Forum: member support & tech assistance
Topic: Get more IPs?
Replies: 1
Views: 2733

Re: Get more IPs?

The only time we ever get any additional IPs is whenever we add new servers. Our goal isn't to obtain as many different IPs as possible since there are very few reasons a client would require that outside of abuse. We could do the same thing every other provider does and buy a bunch of cheap VPSes s...
by df
Tue Jun 14, 2016 9:17 am
Forum: guides, HOWTOs & tutorials
Topic: HOWTO: iOS Connection Guide
Replies: 43
Views: 33988

Re: HOWTO: iOS Connection Guide

scottb: i don't have an iOS devices to test with, but my guess would be that you imported the HTML version of the page. I.e., https://github.com/cryptostorm/cryptostorm_client_configuration_files/blob/master/mac/cstorm_Dynamic.ovpn the page you should be importing is the one in raw format from: http...
by df
Sun Jun 05, 2016 11:14 am
Forum: member support & tech assistance
Topic: Error downloading nodelist
Replies: 1
Views: 2060

Re: Error downloading nodelist

The widget uses cryptostorm.nu/nodelist.txt , not crypostorm.nu/nodelist.txt
Also, it access that URL automatically.
There's no reason for a Widget user to visit cryptostorm.nu/nodelist.txt manually.
by df
Wed May 25, 2016 12:40 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

Thanks to @microsol (on IRC here) for pointing out a bug in the openvpn/openssl version checking code. Turns out the code that did those checks were in a section of code that only runs if the splash screen is enabled. So disabling the splash screen would cause the message: "You are using OpenVP...
by df
Tue May 24, 2016 10:21 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

@JTD121 The latest build is at https://b.unni.es/cryptostorm_setup.exe , but to avoid confusion I've also put the latest build up at https://b.unni.es/setup.exe (where the pre-alpha build was) since nobody should have been using the pre-alpha one to begin with. If the hashes listed above match the o...
by df
Sun May 22, 2016 11:40 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

@JTD121 That error was from the pre-alpha v3 (the installer was named "setup.exe"). It should be fixed in the current one (installer named "cryptostorm_setup.exe"). It's possible that installing the current v3 didn't correctly overwrite the existing pre-alpha v3, or at least some...
by df
Sat May 21, 2016 3:42 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

@wwee That's incorrect. The type of DNS leak protection they're talking about only applies AFTER you connect to the VPN server. DNS hijacking and all the other DNS security issues still apply to pre-connect DNS queries, which is where DNSCrypt comes in. @Guest Yes, you can use obfsproxy on linux. Th...
by df
Thu May 19, 2016 11:35 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

ALRIGHTY! I think I've finally gotten v3 to a point that I can consider it a proper beta. That means I now need people to test it out and tell me all the horrible ways it breaks your system :-) Most of the features in it were listed above in the original post (DNSCrypt, in-tunnel updates, yadayada)....
by df
Tue May 10, 2016 11:33 am
Forum: general chat, suggestions, industry news
Topic: Get the password of any WiFi network
Replies: 8
Views: 7078

Re: Get the password of any WiFi network

That's accurate. You *could* use a spoon to open a volt. You *could* use windows to pwn some wifi crap. Though the first would electrocute you, the latter would be a waste of time for anything but the most retarded wireless networks (WEP, or WPA/2 with a really simple dictionary/default key, or Reav...
by df
Sat May 07, 2016 9:13 am
Forum: member support & tech assistance
Topic: cryptostorm dns fucked ?
Replies: 12
Views: 16319

Re: cryptostorm dns fucked ?

In the near future this will be an optional service, but we're still trying to decide on the most efficient way to implement the choice. At the very least, it will require us to purchase additional IPs to host non-TrackerSmacker DeepDNS servers, unless we can figure out a way to allow users to remot...
by df
Sat May 07, 2016 8:32 am
Forum: member support & tech assistance
Topic: cryptostorm dns fucked ?
Replies: 12
Views: 16319

Re: cryptostorm dns fucked ?

The purpose of this feature is to help retain privacy/anonymity. The few sites that are being blocked are known to use invasive/malicious methods to track your activity. For example, if you visit one of the blocked sites while not on CS, they could be saving a cookie on your computer that contains y...
by df
Wed May 04, 2016 6:11 pm
Forum: general chat, suggestions, industry news
Topic: Praising The Cryptostorm Team
Replies: 10
Views: 39293

Re: Praising The Cryptostorm Team

I've gone ahead and deleted PJ's post since it's relating to some personal matters of his and has nothing to do with CS. Also he was in the hospital when he posted that, so there's a good chance he was on a lot of pain medication (and no, he didn't have access to anything CS related at that time, an...
by df
Mon May 02, 2016 5:42 am
Forum: member support & tech assistance
Topic: cryptostorm dns fucked ?
Replies: 12
Views: 16319

Re: cryptostorm dns fucked ?

Emailing me with the domain/hostname usually does the trick :-)
(or just tell me it here)
by df
Sun May 01, 2016 6:49 pm
Forum: member support & tech assistance
Topic: cryptostorm dns fucked ?
Replies: 12
Views: 16319

Re: cryptostorm dns fucked ?

That's a result of our new server-side ad/tracker blocking system known as TrackerSmacker. tldr; It uses https://github.com/StevenBlack/hosts to determine which hosts to block. In the words of Steven Black, we're using 0.0.0.0 instead of 127.0.0.1 because "Using 0.0.0.0 is faster because you do...
by df
Fri Apr 29, 2016 12:27 am
Forum: member support & tech assistance
Topic: new user wondering how secure it is to resolve .onion using cryptostorm
Replies: 2
Views: 3501

Re: new user wondering how secure it is to resolve .onion using cryptostorm

@paritboy Yep, that's pretty much how it works. Not much documentation on it aside from the deepdns stuff @ https://github.com/cryptostorm/cstorm_deepDNS . The resolution is done server-side then it's sent to the Tor instance running on that server. Doing it this way means easier .onion access, plus...
by df
Fri Apr 29, 2016 12:14 am
Forum: member support & tech assistance
Topic: Authentication failed with newly created hash
Replies: 2
Views: 2946

Re: Authentication failed with newly created hash

email me at df@cryptostorm.is with your token or token hash, I'll check the token against our side.
by df
Fri Apr 29, 2016 12:12 am
Forum: member support & tech assistance
Topic: What's happened to PJ ?
Replies: 28
Views: 14404

Re: What's happened to PJ ?

Also, I went ahead and ordered a new secondary Switzerland node because you torrent monkeys have been hitting that one up pretty hard. That should balance things out enough that nobody will have anymore speed problems during the busy hours. Oh and I've ordered a new node in Oslo, Norway, for no rea...
by df
Mon Apr 25, 2016 3:23 pm
Forum: member support & tech assistance
Topic: What's happened to PJ ?
Replies: 28
Views: 14404

Re: What's happened to PJ ?

Voodoo options are pretty much "If we think it looks like a cool exitnode and it's not insanely expensive", it gets thrown into the pot.
by df
Mon Apr 25, 2016 9:04 am
Forum: member support & tech assistance
Topic: What's happened to PJ ?
Replies: 28
Views: 14404

Re: What's happened to PJ ?

df here, just noticed this thread so thought I might as well comment on some of what was said: (yea, yea, I know. I don't visit the forum often enough.) Question is: what will be the future of Crypto VPN? CS will continue regardless of whatever happens to PJ. You know PJ has basically nothing at all...
by df
Sun Apr 24, 2016 5:28 pm
Forum: general chat, suggestions, industry news
Topic: Get the password of any WiFi network
Replies: 8
Views: 7078

Re: Get the password of any WiFi network

Post deleted, user banned. And of course that was a trojan: "This software can flawlessly find and decrypt the password of any WiFi network around you". It makes fantastic claims without any kind of technical details on how the software works. Plus the user signed up yesterday and this is ...
by df
Thu Apr 07, 2016 9:29 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

EDIT: updating this post's hashes since setup.exe is now the same thing as the newer cryptostorm_setup.exe md5: 272e60f6b59950638c6fd6f3262b1659 sha1: 37b332d50f6deddbcdd4fb7efabef20ad9745c17 sha256: 0cf5df38be0ade6517b934a9da12d7aa2ea548e44389af5877f24fadd41aab0b sha512: e48a89463033c785e59939ef5a0...
by df
Thu Apr 07, 2016 8:28 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 6642

Re: voodoo.network: alpha token batch, official release

@privangle
Yea, similar to Tor relay chains.
And yes, VPNs can be attacked. Anything online can be attacked (and probably is being attacked), and a lot of offline stuff too.

Voodoo is something the CS-team invented, but it does use existing networking technologies, just in an unusual way :-)
by df
Thu Mar 31, 2016 5:43 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

sysfu: that's one of the reasons v3 should be considered pre-alpha, it's not finished yet. That message is referring to the dnscrypt-resolvers.csv file, which is updated when you connect, but not all servers have been configured yet for the internal server that will have those files.
by df
Wed Mar 30, 2016 1:52 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Linux/RAW IP reference chart
Replies: 13
Views: 19300

Re: Linux/RAW IP reference chart

I realize this is an old thread, which is why I'm going to lock it so nobody else can post here just to avoid confusion (I'll also add a note to the top of this thread). anony: The most up to date configs are always at https://github.com/cryptostorm/cryptostorm_client_configuration_files/ which can ...
by df
Thu Mar 17, 2016 7:50 pm
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

Monica: hop onto London, no TS there.

Also, (hehe) v4 CS, all internet is filtered. You can't connect to anything, nothing can connect to you.
It's the ultimate security! ;-D

The next best thing is throwing your pc and router out the window (aka, microsoft DoS protection) ;-D
by df
Thu Mar 17, 2016 7:08 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

@LoveTheStorm it's not a concern. I was half-joking with the possibility of non-CS IPs being disclosed. Even if I did go forward with the plan mentioned in the post you're referring to, I can ensure you that I would never allow any client IP, CS or otherwise to be embedded in anything that would res...
by df
Thu Mar 17, 2016 6:37 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

Guest: df knows what he's doing with regards to input validation. ;) For those that don't know, input validation is what is sounds like, validating expected input. It is the basis for all vulnerabilities. All vulnerabilities are technically forms of lack-of input validation. df tends to solve this p...
by df
Thu Mar 17, 2016 3:11 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

Actually, if I can figure out a half-decent (super-easy) way to do the opt-out thing, then I might just reverse the effect. What I mean by that is, make TS non-default, as in the client has to specify something in his config in order for it to activate. For widget users, I would set this to default,...
by df
Thu Mar 17, 2016 3:08 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

Either one, anything that tries to resolve that. But yea, post-connect. If you did it preconnect then your real IP would be in a temporary iptables rule, and I doubt any cs member would like that. Non-cs members using deepdns would also have their real ip in a rule (if they know to do that to disabl...
by df
Thu Mar 17, 2016 3:04 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

It'd work the same for all OSes. You resolve nots.cryptostorm.is, DeepDNS picks this up either via pdns-recursor or curvedns (tho the latter would require src-edits), and it would trigger a server-side script that runs some iptables commands that forwards further DNS requests from the same client IP...
by df
Thu Mar 17, 2016 2:24 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

The idea behind the nots.cryptostorm.is resolving thing would work on every node too :-P

And remember, just as important as easy-for-client is easy-for-df ;-P
by df
Thu Mar 17, 2016 2:06 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

I'm still trying to figure out the easiest way for clients to opt-out of this feature completely. Not sure if it's even possible as this is a system-wide (/etc/hosts) method and relies on the pdns-recursor used in DeepDNS which doesn't have any type of conditional functions ( lua-config-file / lua-d...
by df
Wed Mar 16, 2016 6:09 pm
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

Raka74: I'm not seeing that problem when using Chrome. Granted, I don't speak Dutch, but there's enough English on there to guess which sections are the one's you're talking about.
by df
Wed Mar 16, 2016 4:41 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

https://newsletter.askleo.com/what-is-c ... weber-com/ - it sounds like an actual click tracker, but not one of the evil ones (the kind that do hidden/malicious tracking). So I'll add that too.
by df
Wed Mar 16, 2016 4:04 am
Forum: DeepDNS.net - cryptostorm's no-compromise DNS resolver framework
Topic: TrackerSmacker: adware/crapware-blocking done right
Replies: 61
Views: 66385

Re: TrackerSmacker: adware/crapware-blocking done right

dist.nuget.org canonical name = db16.wpc.azureedge.net. db16.wpc.azureedge.net canonical name = cs1.wpc.v0cdn.net. Name: cs1.wpc.v0cdn.net Address: 0.0.0.0 Looks like cs1.wpc.v0cdn.net is in the blacklist due to some trackyness (probably by something besides nuget.org). Added it to the whitelist, sh...
by df
Mon Feb 29, 2016 1:42 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: Can't connect to your favorite node? look here
Replies: 15
Views: 15788

Re: Can't connect to your favorite node? look here

Guest: I just removed the rules that caused the current snort alerts, a lot of them were clearly false positives (only 2 or 3 looked like legitimate attacks).

try apt-get now.
by df
Sat Feb 27, 2016 2:07 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

The option worked fine in my widget tests, but I noticed that even when it's enabled win8.1 will still leak IPv6 DNS since there's really no way to turn that off without something like those .dll's (which I haven't tested yet).
by df
Fri Feb 26, 2016 11:51 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

from that github page - "Functionality of this plugin is integrated into OpenVPN 2.3.9, just use --block-outside-dns". v3 will use the latest OpenVPN and block-outside-dns :-P in my tests it seemed to be working, but i haven't yet tested v3 on win10. if it's still leaking, i'll throw that ...
by df
Fri Feb 05, 2016 12:11 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本
Replies: 37
Views: 41076

Re: 宮本 Tokyo (Japan) exitnode cluster | anchor node = miyamoto 宮本

@timusan I thought PJ posted somewhere here on the forum some time last year whenever the Japanese node went down. Guess not :/ The Japan node was purchased via OneProvider, who bought it from a DC in Japan (I forget which one). As with any other node, the DC receives DMCA (or whatever) notices, the...
by df
Fri Feb 05, 2016 11:53 am
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: voodoo.network: topological & routing discussions
Replies: 9
Views: 6642

Re: voodoo.network: alpha token batch, official release

@privangle The lifetime token is called an "aleph". In this forum post PJ was calling the first voodoo tokens "alpha" as in "the first ones". Yea, that is confusing. Poor choice of terms I guess :-P Anywho, the only documentation on "voodoo" is what you find o...
by df
Fri Jan 29, 2016 11:48 pm
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

Re: widget v3

Yea, windows only. I might port it to linux/mac when i'm done tho.
by df
Fri Jan 29, 2016 9:13 am
Forum: cryptostorm in-depth: announcements, how it works, what it is
Topic: widget v3
Replies: 163
Views: 144414

widget v3

Just to ensure everyone that I (df) didn't fall off the face of the earth, I wanted to give everyone an update on what's coming in v3 of the widget. I wanted to be done with this version on the 1st of 2016, but I kept adding features and fixing new & old bugs etc. that I had to push the release ...
by df
Fri Nov 27, 2015 10:14 pm
Forum: member support & tech assistance
Topic: more open ports to help bypass simple firewalls
Replies: 8
Views: 18268

Re: more open ports to help bypass simple firewalls

mart-e: That's one of the many reasons CS doesn't allow that kind of port forwarding.
So no, CS isn't affected :-)
by df
Mon Nov 23, 2015 11:55 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: LOCKED: voodoo.network: alpha token batch
Replies: 27
Views: 148967

Re: voodoo.network: alpha token batch, official release

DudeOfLondon: At the moment the exit IP isn't chosen randomly. The current server list is @ https://github.com/cryptostorm/voodoo.network
by df
Thu Nov 19, 2015 6:08 pm
Forum: general chat, suggestions, industry news
Topic: Status update
Replies: 27
Views: 25584

Re: Status update

Van: Ah, didn't know that about pingdom. I need to edit that.

Also, the NY (useast) node is up n running. Widget users just click the update button, others can use windows-useast.cstorm.pw or linux-useast.cstorm.pw to connect.

I'll update the configs @ github shortly.
by df
Wed Nov 18, 2015 5:04 pm
Forum: general chat, suggestions, industry news
Topic: Status update
Replies: 27
Views: 25584

Re: Status update

it happens in this business. DMCA is an american law, but alot of countries have similar copyright laws. Also alot of DCs are fucking pussies, and they'd rather simply kill the account than fight the legal battle. No matter, CS nodes are designed to be disposable in such situations. I.e., the dead b...

Go to advanced search

Nothing to display.

Login