Anchorfree/Hotspot shield free vpn

Discussion in 'privacy technology' started by badjoey, May 26, 2009.

Thread Status:
Not open for further replies.
  1. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    so basically this is for steve.steve i would like to know how it is that a free product like hotspotshield seems to have created a fix for DNS leakage but a product that charges people 35/month cant fix it.if you go to the anchorfree website and download the latest version and go to https://www.dns-oarc.net/oarc/services/dnsentropy

    the only ip adress that shows is the anchorfree ip adress.
    and actually its not just your product but every vpn i have tried seems to reveal your isp's ip adress except for anchorfree.and believe me i have tried lots of products from pptp vpn's to open vpn.

    so again how is it that a product that does not charge for use seems to be able to fix this issue.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Your problem is a client-side problem, not a server side problem. You've fallen into a special area, if indeed your DNS is leaking. Observe:

    1. Your network is misconfigured.
    2. The DNS test is not a DNS leak test.

    It is by coincidence that the DNS entropy test doesn't appear to reveal a proper DNS ip address for anchorfree, likely because of an address conflict inside your network, or a malcious configuration of the anchorfree adapter/method. That means:

    3. If it is the former, your DNS is leaking due to misconfigured network settings, and will leak through anchor as well when a proper DNS leak test is administered. If it is the latter, you will continue to have network problems.

    It is my suggestion you wipe out your entire network stack, all network adapters, from the registry as well, all their DLLs, unhook their hooks, and just install your physical network adapter, and a single TAP adapter, and see your problem resolved.
     
  3. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    i agree with what you have said and just to let you know JonDonym does not leak dns i am on there networks now so not sure why it is blamed on the user itself because i have not changed any settings on my pc
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes, jondonym browser can leak DNS if you stress test it (firefox was designed for DNS query handling but can be bypassed). But we're going to help them with a new browser we've designed.
     
  5. paulxx

    paulxx Registered Member

    Joined:
    Mar 26, 2009
    Posts:
    13
    It may be true that dns leaks are a client side, especially Windows (also Debian, not 100% sure about mac) problem.

    But VPN services and also OpenVPN developers should know about it and have a solution built in. It can be solved sometimes by turning off automatic DHCP on the router and computer LAN but that is not common with users.

    So actually a lot of the advertising like 'hide all your activity from your ISP behind our 1 megabyte encryption algorithm.....' is actually a false promise unless a solution to DNS leaking is included in the package.

    So I managed to develop my own solution a couple of months ago. I do fix computers for a living but haven't actually coded anything for years. Nothing on these forums worked - the only thing that worked for me was to set the DNS address of the active internet adapter to 'none'. That only works with a fixed IP/DNS on the active network adapter which has to be set before connecting the VPN and then the setting of the adapter DNS to 'none' immediately after the VPN connects. This forces everything through the VPN.

    I posted the three methods I've found a few days ago on this forum and over at perfect-privacy https://forum.perfect-privacy.com/showthread.php?t=702 . I detest copyright or even demanding acknowledgement, so if someone can use it and/or improve upon it, do it.

    One thing that would work as a self contained universal solution is to read the current IP address from the adapter in a batch file and use it to replace the fixed ones in my batch file netsh solution (One Click Method 2 on the tutorial).

    I ran into my coding limitations but here are some coding examples I've found: http://www.computing.net/answers/dos/extract-ip-address-for-use-in-batch-file/11015.html http://forums.teamphoenixrising.net/showthread.php?t=22067 http://samanathon.com/set-your-ip-address-via-batch-file/#comment-150806

    The same has to be done for the DNS address which is almost always the same as the gateway IP address which I think can be obtained via the same parsing of ipconfig method. The subnet is pretty much always 255.255.255.0. The active connection I don't know how to detect but it will almost always be either be 'Local Area Connection' or 'Wireless Network Connection'.

    So all that is needed is the IP addess and the DNS or Gateway address in batch file variables and maybe a selection routine or two sets of batch files for wireless and LAN.

    If someone can do this then it or something better should be incorporated into every VPN service's OpenVPN configuration files. It should be possible to do the same for PPTP in a batch file.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I've mentioned it twice to the OpenVPN development team. They think it is a GUI issue and not related to OpenVPN. They are kind of right. OpenVPN implementation in windows needs a whole new GUI written from scratch. And windows needs a brand new network stack that is standardized and doesn't rely on goofy thinks like registry entries. It's a problem. So we've gone outside the OS entirely, and that is what our cryptorouter is for.
     
  7. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    hey steve didnt your tech guru kyle williams write a batch file for fixing dns into his virtual version of tor.if i remeber corectly it reroutes your dns to a server in san diego and the ip starts with 208.this seemed to work for me anyways but it only worked on xp and i stopped using xp a long time ago and was hoping he would come out with something similar for vista.can you talk to kyle about this.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    No, what we wrote was a batch file for 1) turning your dynamic addresses to static. 2) turning off dhcp 3) kills all DNS entries 4) inputs an internal DNS entry.

    You don't want to pick some arbitrary DNS server somewhere, you need one inside your anonymity network.
     
  9. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    Ok I'm a little bit confused here....

    When I go to https://www.dns-oarc.net/oarc/services/dnsentropy and click on "Test my DNS", the only IP address that comes up is a Xerobank IP address.

    So my question is how is this a problem? Also this isn't what I call "DNS leaking". What I call a DNS leak is if you use a packet sniffer like ethereal, and monitor your network card, and then see DNS requests that are "in the clear". (i.e. outside of your vpn tunnel), which means that your ISP or anyone else monitoring you could see what websites you are going to.

    I don't have this problem with Xerobank at all, since I set my router to use OpenDNS, and I also disabled "obtain DNS servers automatically" in the TCP/IP properties for my network card in Windows.

    I've done a similar thing in Linux and don't have any DNS leaks there either.

    edit: By the way the source port randomness is "good", and the transaction ID randomness is "great".
     
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That's why I said his network stack was screwed up. If he followed directions on a normal network stack, problem would have been solved. If he didn't follow directions or had a very abnormal configuration, there is the possibility it could still leak. In situations like this, you need the cryptorouter for sure.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    The test above has never shown my true IP. And I have tried this on 4 different computers so far. Right now it is showing 74.55.55.162, The Planet.
     
  12. JokersWild

    JokersWild Registered Member

    Joined:
    Nov 10, 2008
    Posts:
    23
    My post isn't very helpful, as It doesn't address the OP concerns. However, I have a XB account and it does not leak my true IP address.

    Running this test: https://www.dns-oarc.net/oarc/services/dnsentropy also reveals the IP address: 74.55.55.162

    I'd think that specifying the XB DNS server address of: 10.244.2.1 in TCP properties if there is leakage may very well fix the problem.

    But I don't have the leakage issue.
     
  13. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    the 74.55.55.162 is the same one that shows for me...It seems to be the Xerobank entry node?
     
Loading...
Thread Status:
Not open for further replies.