Bypassing DNS Filters







Hacking is the art of exploration, exploring around computers to gather info how they actually work...So hacking is for good not evil... well lets continue...
With the recent turmoil over the Stop Online Piracy Act (SOPA), PROTECT IP Act, and global internet censorship in general, its time to begin discussing how to bypass DNS filtering. As with all hacking tutorials, these are designed to give you a better understanding of how the DNS works, and you should use it for good, not evil. 

The second disclaimer is that tampering with HOSTS files, DNS settings
, and other "Power User" settings can really make things worse on your computer if done incorrectly. If you've played with computers for any period of time, you should know this.





1. Introduction to the DNS:
We're all familiar with URL's (or URIs, if you want to be that guy), as we use them every day. Its a handy way to remember the location of your favorite sites, and its been in use since the beginning of the internet. Most of us have also heard of Internet Protocol (IP) addresses, which look something like 123.456.789.000 (IPv4). Since IP addresses are inconvenient for us mortals to remember, and arent as catchy as the URLs, we have a system in place to resolve the URL (hostname) to an IP address. (Computers dont recognize www.example.com, believe it or not)

When you want to visit a website, you type the address into the URL bar on your browser. In turn, your browser asks a DNS server "Hey, where is example.com located?". The DNS server queries its records, and says "Itss over at 123.45.67.89". From there, your computer can easily connect to example.coms web server, and life is good.

One common method of censoring/filtering web results is through DNS filtering. With DNS filtering, your computer is pointed towards the filter's DNS server, which returns the wrong location for the website.
Example:

Computer: "Where is hack-the-hack.blogspot.com?"
Filter: "Over at 666.666.666.666"

When your computer connects to 666.666.666.666, it is actually the filter's server, which will probably give you the "Your employer/government/school doesn't like fun, so it blocked this site" error.

So, if we're getting bad directions, how can we fix that?

By not asking the filter for directions, obviously! :P





2. Modification of your HOSTS file:
Each computer contains a HOSTS file, which you can think of as a map or address book for your computer. By providing the (IP) address for your computer, it doesn't need to ask for directions (query the DNS) at all.

NOTE:*** Note that the "hosts" file does not have a file extention. In other words, it's NOT "hosts.txt", or anything like that. It can be edited in Notepad, gedit, etc.
*** You typically have to have Administrator (sudo/root) privleges to edit the HOSTS file. In Windows, access Notepad via the Start menu, and Right Click > "Open as Administrator". Linux users should do "sudo gedit /etc/hosts" in terminal. Im not a Mac user, so Im not sure what the exact steps are for Macs.





---------------------------------------------------------------------
For Windows NT/2000/XP/2003/Vista/Windows 7, your HOSTS file is located at:
---------------------------------------------------------------------

---- %SystemRoot%\system32\drivers\etc\hosts

(Usually C:\windows\system32\drivers\etc)




---------------------------------------------------------------------
MAC OS X (10.2 and up)
---------------------------------------------------------------------

---- /private/etc/hosts (or /etc/hosts)





---------------------------------------------------------------------
Linux/UNIX
---------------------------------------------------------------------

---- /etc/hosts
---------------------------------------------------------------------



A full listing is available on Wikipedia ...  you may refer it.




When you open your HOSTS file, you'll typically see a few comments, showing examples. Before editing the HOSTS file, you'll need to know the IP and hostname for the website you're trying to access. There are a number of tools online to do this. Once you have that information, you'll want to edit the HOSTS file like so:

"123.45.67.89 blockedsite.com"


NOTE:
Some sites may have multiple IP addresses, and a number of sites host their media (images, etc) on other sites. For example, blockedsite.com may embed YouTube videos, which will require you to add those lines as well. Facebook uses a variety of IP addresses, and all of them must be added to the HOSTS file for it to work properly.

In editing the HOSTS file, I've still encountered occasional problems with it simply not working. If you encounter this problem, you can try different IPs, or proceed to the next step
.




3. Changing your DNS Servers:


A more drastic approach to bypassing filters is to ask a trustworthy server for directions (instead of those evil corporate/government/school computers that lie to us). As a word of caution, you should make sure the DNS server you're about to switch to is legit, and not a DNS server run by some shady guy in his mom's basement. Just about all of your internet traffic will be routed through this computer.

A viable option, as far as Im concerned, is Google's Public DNS. The website is located here:

---- http://code.google.com/speed/public-dns/

Configuration instructions are here:

---- http://code.google.com/speed/public-dns/docs/using.html

Since Google has very good instructions, Im not going to duplicate them here. Again, the usual security precautions take place:

1) Back up your current settings (write them down, copy & paste, etc)

2) Make sure you are following the instructions - you can heck stuff up if you do it wrong!

3) Again, make sure the server is trustworthy, and not a phishing scheme.





4. Conclusion:
Hopefully, this has given you a better insight as to how to get around DNS filtering. There are a few other options (browser add-ons, web proxies, etc), and I encourage you to learn more about those. Its always best to have plan A, B, C, D, etc., so that when the first one falls through, you can move on to the next plan. For new users, I recommend the TOR Browser Bundle, as it will help you bypass the blocks in place under most circumstances. It also doesnt make any serious changes to your computer, which means there's less of a chance of you heckin something up. If you're a Firefox user, check out the "DeSOPA" browser add-on. If you're an Internet Explorer user, get a better browser.


have fun and HECK THE HECK.. ;)
                                                                                                                          -      ¤®äå¤









Comments

Popular Posts