Is my VPN traffic really being routed through all these strange networks? [closed]

I use the client of a reputed paid VPN company. With each server location I connect to, the log tells me I am instead connecting to networks completely unrelated to the company and the country of the VPN location. But when I check my external IP address, my expected VPN location is returned. So it appears that my traffic is being routed (and logged?) through these strange networks, yet when I try to block them in the firewall, it still connects successfully, making me wonder if I am not connecting to these networks after all or if the firewall is unable to block the connections. Even if no shady routing (MitM) is actually taking place, the question remains: why are those IP addresses showing up in my logs? The signatures of both the VPN client and OpenVPN are valid.

I contacted support, and although they expressed concern, I couldn’t get any explanation in 30 minutes of chatting.

Here’s a redacted transcript of a log. Is there a possibility that my traffic isn’t actually being routed through those networks?

`==============================================

Connecting to Some VPN country - Some VPN city, ip: **SPOOKY IP**, protocol: tcp ... Sat Jul 25 15:47:01 2020 OpenVPN 2.4.7  ... Sat Jul 25 15:47:01 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:55583 ... Sat Jul 25 15:47:01 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat Jul 25 15:47:01 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat Jul 25 15:47:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]**SPOOKY IP**:443 ... Sat Jul 25 15:47:01 2020 Attempting to establish TCP connection with [AF_INET]**SPOOKY IP**:443 [nonblock] Sat Jul 25 15:47:02 2020 TCP connection established with [AF_INET]**SPOOKY IP**:443 Sat Jul 25 15:47:02 2020 TCP_CLIENT link local: (not bound) Sat Jul 25 15:47:02 2020 TCP_CLIENT link remote: [AF_INET]**SPOOKY IP**:443 Sat Jul 25 15:47:02 2020 TLS: Initial packet from [AF_INET]**SPOOKY IP**:443, sid=xxxxxxxx xxxxxxxx ...  Sat Jul 25 15:47:02 2020 Peer Connection Initiated with [AF_INET]**SPOOKY IP**:443 ... Sat Jul 25 15:47:03 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.151.0.1,route 10.151.0.1,topology net30,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.151.0.102 10.151.0.101,peer-id 0,cipher xxx-xxx-xxx' ... Sat Jul 25 15:47:03 2020 OPTIONS IMPORT: data channel crypto options modified Sat Jul 25 15:47:03 2020 Data Channel: using negotiated cipher 'xxx-xxx-xxx' Sat Jul 25 15:47:03 2020 NCP: overriding user-set keysize with default ... Sat Jul 25 15:47:03 2020 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) Sat Jul 25 15:47:03 2020 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) Sat Jul 25 15:47:03 2020 Opened utun device utun2 Sat Jul 25 15:47:03 2020 /sbin/ifconfig utun2 delete Sat Jul 25 15:47:03 2020 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Sat Jul 25 15:47:03 2020 /sbin/ifconfig utun2 10.151.0.102 10.151.0.101 mtu 1500 netmask 255.255.255.255 up ... ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address  DNS setting update type: up DNS setting update type: up, completed  Sat Jul 25 15:47:03 2020 /sbin/route add -net **SPOOKY IP** 192.168.1.1 255.255.255.255 add net **SPOOKY IP**: gateway 192.168.1.1 Sat Jul 25 15:47:03 2020 /sbin/route add -net 0.0.0.0 10.151.0.101 128.0.0.0 add net 0.0.0.0: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 /sbin/route add -net 128.0.0.0 10.151.0.101 128.0.0.0 add net 128.0.0.0: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 /sbin/route add -net 0.0.0.0 10.151.0.101 128.0.0.0 route: writing to routing socket: File exists add net 0.0.0.0: gateway 10.151.0.101: File exists Sat Jul 25 15:47:03 2020 /sbin/route add -net 128.0.0.0 10.151.0.101 128.0.0.0 route: writing to routing socket: File exists add net 128.0.0.0: gateway 10.151.0.101: File exists Sat Jul 25 15:47:03 2020 /sbin/route add -net 10.151.0.1 10.151.0.101 255.255.255.255 add net 10.151.0.1: gateway 10.151.0.101 Sat Jul 25 15:47:03 2020 Initialization Sequence Completed ` 

Community detections in networks using more than one factor?

all community detection algorithms in major python packages are using only edges & edge weights. Is there any algorithm that uses multiple attributes of nodes to detect communities?

For ex, in social network, while edges imply relationships, nodes have attributes like age, gender, & interest. Given that FB does have predictions and suggestions, I suspect there are algorithms that use multiple factors to find communities.

Airmon-ng/Airodump-ng – Low Beacon Count on certain networks

It’s been a few years since I’ve played around with this so I’m not sure if times have changed.

When using AR7921 chipset (Alfa AWUS036NHA) on Ubuntu 20.04 I can see many networks using the following commands

airodump-ng start wlx00c0ca84d0f8  airodump-ng mon0 

I’ve noticed all the VMxxxxx networks have a very low beacon count, perhaps 1 every 20 seconds (compared to e.g BT Broadband APs which seem to have a “normal” beacon count of several per second. The VMxxxx networks are Virgin Media home broadband networks- including the connection I’m legitimately using that is 6 feet away from me.

The rest of the networks have normal looking beacon counts. Has something changed/new technology in place that reduces the beacon count over the past few years or is the issue something else?

I can use the following command for half an hour on my VMxxxx network and find nothing connecting to it, even though I’ve got 4 different devices here using that access point (disconnected and reconnected them several times).

airodump-ng -d [APMACHERE] -c 6 mon0 

Sample output after 5 minutes

 CH  6 ][ Elapsed: 5 mins ][ 2020-06-13 16:53 ][ fixed channel mon0: -1                                            BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID   xx:xx:xx:xx:xx:xx    0   0        6        0    0   6  54e. WPA2 CCMP   PSK  VMxxxxxxx                                                           BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                      

It is my understanding there should be a significant amount more beacons, especially from an AP in the same room.

Any idea what the problem might be?

What are some advanced background topics I’ll need for distributed systems and networks research?

I am a new graduate student in Computer Science who would like to be able to read and understand modern and new distributed systems research papers. My current background / courses and understanding is in the level of undergraduate and beginner graduate level courses in:

  • Networks (TCP/IP stack and applications)
  • Distributed Systems (Graduate level course with Time (logical/vector clocks), 2PC and 3PC, Multicast and membership, election, Consistency , Consensus and Quorums (Paxos), DHTs and Overlays and some modern applications like ZooKeeper etc)
  • Undergraduate Algorithms, Discrete Mathematics and Theory of Computation (basic DFA/NFA and intro to Turing Machines with no rigorous mathematics)

However, I find this background insufficient to read modern research in networks and distributed systems and in particular, I am not aware of modern protocols like QUIC and the formal methods mentioned in the papers which I believe include some sort of model checking and the likes. Also many of the topics I have mentioned above in distributed systems – I lack the background to verify and prove correctness of these protocols and even follow the proofs that they have given.

Any suggestions on a reading list that can prepare me to be in a position to understand modern research in this area would be very helpful.

Block Connections from Consumer VPN networks at gateway

We have a web server behind an AWS Load Balancer. We’d like to block any host from accessing our web server if they are connecting from a Consumer VPN style network. We’ll also be doing some geo-location blocking too which we can do with AWS WAF.

For blocking Consumer VPN networks, does anyone know the easiest/fastest way to obtain a listing of CIDR blocks registered to Consumer VPN companies? I have a list of IPs that I can do a WHOIS on and find the registered block, but that wouldn’t give me all of the networks out there. I’d have to do quite a bit of WHOIS searching and guessing to build it manually. If there’s a resource out there that could help me with this endeavor that’d be great.

Alfa card scans networks for a few mins and only when replugging it into USB port

I am running Kali Linux (2020.1b 64bit) via VirtualBox (6.1) on a macOS host (10.15.4) with a brand new Alfa AWUS036NH network card attached via USB.

The network card is recognised by Kali Linux and is set to monitoring mode:

$   iwconfig                                                                                                                                                                                                                                                                                                       lo        no wireless extensions.                                                                                                                                                                                                                                                                                            wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.427 GHz  Tx-Power=20 dBm                                                                                                                                                                                                                                                             Retry short  long limit:2   RTS thr:off   Fragment thr:off                                                                                                                                                                                                                                                                  Power Management:off 

However, when running airodump-ng wlan0, no wireless networks are discovered despite there being numerous.

I have noticed that by physically removing the adapter and re-plugging it back into the USB port, I am able to get the card to discover the nearby networks. This does not always work, but it is the only scenario that I am able to get it working. Furthermore, whenever I get it “working”, this state is short-lived and the networks disappear within a few minutes — and then silence.

What could be causing this unusual behaviour and what diagnostic tests can I run to narrow down the cause?

3 Social networks for gaining traffic you probably didn’t know existed!

Hi All,

As this is my first post (that is except for my introductory post), I want to kick things off with something useful, something that should help you gain a little more traffic for your website/blog etc etc

Anyhow I am posting this under social media, but advanced apologies to admin if this is the wrong section to post this in :)

1. Jooseph.com

This is actually a site where you can create lists, the site itself gets a bundle of traffic, so the idea here is to build a useful list of…

3 Social networks for gaining traffic you probably didn't know existed!

Urgent Flag of TCP, Computer Networks

The Urgent Flag(URG) is set whenever the sender’s Application Layer wants to send some urgent data to the receiver. In this case, the Transport Layer does not wait for enough data to achieve maximum segment size. Now, my question is how do the routers in between recognize that the packet needs to be forwarded urgently(they do not have the transport layer)?

Approximating Deep Neural Networks (DNNs) with Binarized Neural Networks (BNNs)

I am working currently as a research intern on Binarized Neural Networks where the weights and the activations of the network are binary. The architecture of this type of networks makes them memory efficient and computationally efficient, which makes them ideal for resource constrained environments, like embedded devices and mobile phones.

The interesting part about BNNs is that we can encode a binarized network as a CNF formula (Boolean Formula). Using this formula, we can verify some properties of the network like Robustness against adversarial examples (carefully crafted samples looking similar to usual inputs but designed to mislead a pre-trained model). We can also extract explanations that support neural network decisions, hence make the neural network explainable.

Currently, I am trying to make a DNN explainable by verifying its decisions using BNNs. The first direction of research is to reduce a DNN to a BNN. Of course the two networks should be equivalent. I am researching ways to make this reduction but I haven’t found any works in the subject. Is it possible to carry out this transformation ? Is there any techniques that can “binarize” a DNN ?

Thanks 🙂