|
Setting up a Canadian proxy server
I've been researching for a while now on setting up a proxy server in Canada that would make my IP address appear to come from Canada (for poker playing purposes), but there doesn't seem to be a real clear way to set this up. I've also read that you have to trust the owner of the proxy 100% because they could compromise some of the sensitive data you would be sending through the proxy.
My questions are as follows: 1. Would it be possible to physically set up my own proxy in Canada, specifically Vancouver? 2. Could I pay a tech guru to do this for me? 3. How much would something like this cost initially and monthly to maintain? 4. Is the proxy 100% foolproof and would it be able to avoid detection from poker sites that don't take US players? Thanks for the help. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
1. Would it be possible to physically set up my own proxy in Canada, specifically Vancouver? [/ QUOTE ] You don't want a proxy. Proxies will redirect web ports (TCP 80 and TCP 443), and typically lobbies are 80 and login info/tables are 443. The problem is Party also "phones home" on other UDP ports. A proxy will allow you to connect, sure...but the site can easily tell you are going through a proxy. Weather they will care or not is another story but I wouldn't trust going through a proxy. What you need is a VPN so that *all* your traffic is redirected through the remote computer. Yes, you can set up a VPN server in Vancouver. [ QUOTE ] 2. Could I pay a tech guru to do this for me? [/ QUOTE ] Yes. [ QUOTE ] 3. How much would something like this cost initially and monthly to maintain? [/ QUOTE ] Depends on the tech and the service. I've set up for HSNLers before on their own dedicated server in a top-notch data center in Vancouver and the monthly was $69 to the data center company. You want a solid data center w/ redundant internet connections from multiple providers, backup generators and UPS's to run during power outages, climate/dust controlled environment, physical security, good customer service, etc. "Joe's hosting and sandwich shop" would be cheaper, but prolly not a good idea. Setup you'd have to work out w/ whomever does the work. You may also find someone offering a multi user VPN environment (each w/ their own dedicated IP) for a little less per month. I run such a service out of Montreal but am shutting it dow this weekn due to lack of interest (even though tons of people were screaming to know when it would be available...I launched...almost nobody moved on it grrrrr). [ QUOTE ] 4. Is the proxy 100% foolproof and would it be able to avoid detection from poker sites that don't take US players? [/ QUOTE ] Proxy, no as per reasons in #1. VPN, yes, but only if set up correctly. The key in VPN setup is proper client-side setup. VPN's go down sometimes (I was up an average of 15-16 days 24/7 before a drop, and would be reconnected within about 30 seconds). Poker clients will automatically attempt to reconnect to the poker site. If the poker client attempts to reconnect to a poker site while the VPN is down (during the 10-30 seconds it will take to reconnect to the VPN) then guess what....it's trying to connect from your real US IP and your Party acct will get insta-locked and you'll have to fight to get *some* of your bankroll back...if you're lucky. This has happened to at least one 2+2er I am aware of....$20k got locked, only $16k was eventually recovered. VPN will cover the data side, but you still need ID, address, phone#, funding vehicle which may or may not be a problem. PM me if desired. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Proxy, no as per reasons in #1. VPN, yes, but only if set up correctly. The key in VPN setup is proper client-side setup. VPN's go down sometimes (I was up an average of 15-16 days 24/7 before a drop, and would be reconnected within about 30 seconds). Poker clients will automatically attempt to reconnect to the poker site. If the poker client attempts to reconnect to a poker site while the VPN is down (during the 10-30 seconds it will take to reconnect to the VPN) then guess what....it's trying to connect from your real US IP and your Party acct will get insta-locked and you'll have to fight to get *some* of your bankroll back...if you're lucky. This has happened to at least one 2+2er I am aware of....$20k got locked, only $16k was eventually recovered. [/ QUOTE ] only 4k was recovered |
Re: Setting up a Canadian proxy server
[ QUOTE ]
only 4k was recovered [/ QUOTE ] Damnit....I had a carbon-based storage dyslexic error. I thought it was the other way around. I guess it was wishful thinking. |
Re: Setting up a Canadian proxy server
BiPolar is right, it is fairly easy for an experienced network engineer to setup. But frankly it is beyond the average 2+2 reader. Hire someone, there are a few of us in this forum that would likely entertain a project like this.
|
Re: Setting up a Canadian proxy server
Will a VPN work if I can only use port 80. I'm in the UK but the university network seems to block traffic through just about everyport except port 80, I can connect to pokerstars through a proxy but [censored] ongame won't give me that option 'because it's a security risk'.
|
Re: Setting up a Canadian proxy server
at a minimum you need port 443 (TLS/encrypyed Web) + 80.
For VPN to work you need TCP port 1723 and IP protocol 47 (GRE)....it either of those are blocked, then a VPM won't work either. I haven't tried tunneling a VPN connection through SSH but in theory it should work....wtf, I may give that a try for the fark of it. I like tunnels lol. Do you know if you can SSH to any sites? If so I can prolly set up a tunnel for ya that'd work. PS...it's Friday night...my suggestions may or may not be valid in the morning. They make sense (to my drunk ass) at the moment tho. Edit: if ALL you have is port 80 outbound, tunneling through SSH is still an idea....I'll test it out once sober provided I have time. |
Re: Setting up a Canadian proxy server
FTP (port 21) and port 23 are definitely open.
|
Re: Setting up a Canadian proxy server
Seems to be working! Browsing around and an option in connect too menu, called a WAN miniport (PPTP) turned it on and everything seems to be working. (I'm not sure how it got there).
|
Re: Setting up a Canadian proxy server
BPN,
Regarding trying to spoof one of the banned sites with a VPN, isn't it the case that at least with party which is the most aggressive in intrusion on a customer's computer, that a person using a VPN solution as you advocate would also have to start with a fresh machine? I was under the impression that they collected machine specific info to identify you like your mobo or hdd serial number. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
BPN, Regarding trying to spoof one of the banned sites with a VPN, isn't it the case that at least with party which is the most aggressive in intrusion on a customer's computer, that a person using a VPN solution as you advocate would also have to start with a fresh machine? I was under the impression that they collected machine specific info to identify you like your mobo or hdd serial number. [/ QUOTE ] I haven't researched the specific info Party stores, but you are correct to a large extent. If you uninstall Party, then reinstall and create a new acct, your machine will still be known to Party as being previously used under your old acct. I've seen a HowTo for complete removal of Party Poker, but can't remember if it was on 2+2 or not [img]/images/graemlins/frown.gif[/img]. I'm too busy answering PM's from a Zoo post to check now....and I'll soon be going zzz, but tomorrow I'll try to search for the "Party cleansing ritual" if nobody else comes up w/ the howto link. edit: BTW: thanks for pointing that out...some people I've been talking to will definitely need that info, and I hadn't considered a prior install. |
Re: Setting up a Canadian proxy server
Well I don't see how you can cleanse a hard-wired serial number, but only registry entries and the like. I doubt other sites that don't currently take americans go to that kind of trouble, but I'm pretty sure party does. If you knew for sure they didn't get mobo info, then just swapping hard drives would do the trick.
|
Re: Setting up a Canadian proxy server
AFAIK, they store the info on your computer, not their servers. Basically, their uninstall program leaves behind some reg keys that identify the prior acct. While I agree Party *could* record system-specific info on their servers, and they *are* pricks, I have no evidence that they actually engage in such practices. I'd be very interested in hearing any facts you have that are contrary since it is obvious that if they store computer-specific info on their end, nothing changed by the user will make up for it (on the same hardware) and that would be needed information. Thanks.
|
Re: Setting up a Canadian proxy server
BPN,
I have no specific knowledge but was assuming they did store the info on their servers as in the past here I have read that the previous methods to cleanse a computer of all traces were failing to work. Of course I didn't really care enough to keep up with it as most of that stuff was rakeback related, and mabye people just figured out some different place on the customer's computer they were storing the stuff and how to clean that too. Also the only other poster here I know for sure is still playing on party said he did so after getting a new computer, which he had already planned to do shortly after the ban. |
Re: Setting up a Canadian proxy server
BPN,
I forgot to ask you something I was wondering about in one of your earlier posts here about a VPN dropping connectivity. Can that happen on the client end or only on the server end or both? |
Re: Setting up a Canadian proxy server
[ QUOTE ]
BPN, I forgot to ask you something I was wondering about in one of your earlier posts here about a VPN dropping connectivity. Can that happen on the client end or only on the server end or both? [/ QUOTE ] both, and everywhere in between. this is the biggest thing you have to watch out for. seriously. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
[ QUOTE ] BPN, I forgot to ask you something I was wondering about in one of your earlier posts here about a VPN dropping connectivity. Can that happen on the client end or only on the server end or both? [/ QUOTE ] both, and everywhere in between. this is the biggest thing you have to watch out for. seriously. [/ QUOTE ] Agreed. Although I did notice my last dropout was caused by a ADSL hiccup. I also lost my IRC, IM, and SSH sessions on another computer that wasn't going through the VPN. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
BPN, I forgot to ask you something I was wondering about in one of your earlier posts here about a VPN dropping connectivity. Can that happen on the client end or only on the server end or both? [/ QUOTE ] Its not a major issue. You create firewall rules that do not allow the host to connect to anything but the VPN concentrator. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
[ QUOTE ] BPN, I forgot to ask you something I was wondering about in one of your earlier posts here about a VPN dropping connectivity. Can that happen on the client end or only on the server end or both? [/ QUOTE ] Its not a major issue. You create firewall rules that do not allow the host to connect to anything but the VPN concentrator. [/ QUOTE ] Sorry, that didn't make much sense with that quote... Grab the wrong thing. [img]/images/graemlins/blush.gif[/img] Anyway I was addressing the concern of the poker client connecting to the server from the host if the VPN drops. My $0.02 on reliability of VPN... If you have good connections on both sides, and good equipment on both ends, you are not going to have a lot of problems. Even if you do, they are not likely to be long lasting. Bottom line is you are going to have an outage about as often as you do now with a none VPN connection. [img]/images/graemlins/wink.gif[/img] |
Re: Setting up a Canadian proxy server
Percula,
In order to do what you say, i.e. not allowing the host to connect to anything other than the VPN concentrator, don't you have to be able to set up a 2-tiered firewall rule structure? First it checks to see if VPN is working, and if not only allows connection to the VPN, but if it is, then the 2nd set of firewall rules apply to regulate normal traffic. What I am asking, is whether a firewall allows you to set up a double test where it first checks the VPN's connectivity, and then applies another set of rules. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Percula, In order to do what you say, i.e. not allowing the host to connect to anything other than the VPN concentrator, don't you have to be able to set up a 2-tiered firewall rule structure? First it checks to see if VPN is working, and if not only allows connection to the VPN, but if it is, then the 2nd set of firewall rules apply to regulate normal traffic. What I am asking, is whether a firewall allows you to set up a double test where it first checks the VPN's connectivity, and then applies another set of rules. [/ QUOTE ] it doesn't have to check the VPNs connectivity. |
Re: Setting up a Canadian proxy server
Freakin,
What means firewall rule-wise, do you use to insure that any random program first has to connect to the VPN concentrator, and then only to the net? Also, basically the import of this is that the player mentioned earlier in this thread as having had his account locked, need never have had that happen if he was set up correctly, is that correct? |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Freakin, What means firewall rule-wise, do you use to insure that any random program first has to connect to the VPN concentrator, and then only to the net? Also, basically the import of this is that the player mentioned earlier in this thread as having had his account locked, need never have had that happen if he was set up correctly, is that correct? [/ QUOTE ] you need traffic to the VPN server allowed, you need all other traffic blocked on your NIC. that is all. And yes, if the player mentioned earlier had those kind of rules in effect, it would not have been an issue. |
Re: Setting up a Canadian proxy server
OK thanks. But I am still fuzzy about something. Basically do you have 2 firewalls with 2 separate sets of rules in place? I.E. the firewall on your pc only allows traffic to the VPN server, and then a firewall on that server with a set of rules as to which specific sites it can connect to or not?
|
Re: Setting up a Canadian proxy server
no. one firewall. The application firewall on your computer.
It allows VPN traffic. Everything else is blocked. If the VPN is up, all works well as all your traffic is going out the VPN. If the VPN goes down, nothing gets out because the only place data is allowed to go is out the VPN...which is down. Clearer? |
Re: Setting up a Canadian proxy server
[ QUOTE ]
OK thanks. But I am still fuzzy about something. Basically do you have 2 firewalls with 2 separate sets of rules in place? I.E. the firewall on your pc only allows traffic to the VPN server, and then a firewall on that server with a set of rules as to which specific sites it can connect to or not? [/ QUOTE ] I would use a local hardware based firewall. Then I use a VPN client on the host. On the firewall I create a set of rules that basically say... Allow traffic from "host" to VPN concentrator using only the VPN protocols needed for the VPN. Deny all other traffic from "host". On the VPN concentrator I configure it to route all client traffic to the Internet. This will effectively isolate the host so that the only way for it do anything on the Internet it has to be connected to the VPN. If you want to (and you should) take the security side of it a step further... On the VPN concentrator (I would use another firewall here and not a dedicated VPN concentrator) I would set firewall rules that only allow traffic for the poker site(s) and apply strict web content filtering only allowing HTTP/HTTPS traffic to sites like your payment processor, online bank, brokerage account, poker sites. You could also use that type of setup without the VPN on a home network to prevent hacking if IP appearance was not important. With a setup like this I use a firewall that I can create more than one network. I place the poker host in it's own network with the same restrictive rules already mentioned. Then any other personal computers go on the other network. They are not allowed to communicate with the poker host and the poker host is not allowed to communicate with them, but can otherwise can do pretty much anything they want, except what the poker host does, like connecting to the poker sites, payment processors, etc. It takes some money to build out and configure something like this, but for a mid to high stakes player, it's not too bad, <$7K plus yearly support for the IPS updates and NBD replacement at ~1K. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
[ QUOTE ] OK thanks. But I am still fuzzy about something. Basically do you have 2 firewalls with 2 separate sets of rules in place? I.E. the firewall on your pc only allows traffic to the VPN server, and then a firewall on that server with a set of rules as to which specific sites it can connect to or not? [/ QUOTE ] I would use a local hardware based firewall. Then I use a VPN client on the host. On the firewall I create a set of rules that basically say... Allow traffic from "host" to VPN concentrator using only the VPN protocols needed for the VPN. Deny all other traffic from "host". On the VPN concentrator I configure it to route all client traffic to the Internet. This will effectively isolate the host so that the only way for it do anything on the Internet it has to be connected to the VPN. If you want to (and you should) take the security side of it a step further... On the VPN concentrator (I would use another firewall here and not a dedicated VPN concentrator) I would set firewall rules that only allow traffic for the poker site(s) and apply strict web content filtering only allowing HTTP/HTTPS traffic to sites like your payment processor, online bank, brokerage account, poker sites. You could also use that type of setup without the VPN on a home network to prevent hacking if IP appearance was not important. With a setup like this I use a firewall that I can create more than one network. I place the poker host in it's own network with the same restrictive rules already mentioned. Then any other personal computers go on the other network. They are not allowed to communicate with the poker host and the poker host is not allowed to communicate with them, but can otherwise can do pretty much anything they want, except what the poker host does, like connecting to the poker sites, payment processors, etc. It takes some money to build out and configure something like this, but for a mid to high stakes player, it's not too bad, <$7K plus yearly support for the IPS updates and NBD replacement at ~1K. [/ QUOTE ] http://www.impawards.com/1987/posters/overboard.jpg |
Re: Setting up a Canadian proxy server
Thanks again. My question before was because I didn't see how other non-poker programs were going to be able to get through to the net. For example any random update process of any app you have installed. Normally it has to go through your software firewall where you have either given permission or not for it to connect on its own when you aren't necessarily around (something a poker client isn't going to do though). But with a VPN, you need the first barrier to be one that actually insures all traffic is routed through the VPN. So I wasn't seeing how that was done and then also other non-poker programs were either going to be able to connect at all, or if they were wouldn't be challenged at all as long as they went through the VPN.
But from your explanation above, I guess the hardware firewall takes care of main priority, i.e. no connections except through the VPN, and then a software firewall on the VPN server is configured to test all programs that are in fact being channeled through the VPN. Is that correct? Thus, would microsoft's auto update program still function under a VPN? Also, are you saying the setup cannot be done without a hardware firewall, or would instead 2 software firewalls, one on your pc and the other on the VPN server, be able to do the same thing and never allow a poker client to connect if the VPN went down for a minute or two? |
Re: Setting up a Canadian proxy server
when you connect to the VPN you will use the remote server's gateway. All traffic will go out the VPN. Updates, streaming porn, random nmap scans, all 23 email and IM accounts, etc. When you connect to the VPN, *BANG* everything leaving your machine is going through the VPN. No voodoomagic required.
You're overcomplicating it, I think. VPN up == all traffic goes thataway....doesn't matter if you just fired up AIM or pokerroom...it's gonna shott through the VPN and connect "from" Canada or wherever you VPN server is. VPN down == no traffic goes anywhere since the one and only firewall you have on your poker machine is blocking all traffic not going through the VPN. Not sure how many ways this can be said. What isn't making sense? When you're on the VPN, EVERYTHING automagically will bounce through the remote server and appear to the rest of the world to have originated from wherever your VPN server is. Since your firewall on your poker machine will be set to block all traffic *not* traveling the VPN tunnel, then either everything will work normally by going out the VPN tunnel, or if the VPN goes down then no traffic goes anywhere because there is no place for it to go! *shrug* If that doesn't clear it up I give up for tonight...I gotta sleep, anyway...interview tomorrow [img]/images/graemlins/smile.gif[/img] IM me (contact info in profile) sometime tomorrow if you want a real-time conversation on the subject and I'll try to clear up your confusion. |
Re: Setting up a Canadian proxy server
BPN,
Thanks for the IM offer, but maybe some others here would be interested in your and others' responses to my questions *if* I can make myself clearer [img]/images/graemlins/smile.gif[/img]. Here's what I am misunderstanding. And that is the 2 part process where a program on your pc tries to contact the net and is first checked to make certain such contact is only taking place via the VPN, and then also checked to make sure it isn't a malicious/unpermitted contact in general, which is what one's software firewall normally does via a set of rules. So let's say I contract for a dedicated VPN server in canada or wherever outside the US. Now any random program attempts to connect with the net. 1) what program/hardware device checks to make sure such contact can only take place through the VPN and not otherwise? 2) what program/device then checks that app to see if it is permitted in general once having passed the first step above? (software firewall on PC or on the VPN server?) Also another question: can one with such a dedicated VPN server use just a software firewall on the PC and/or VPN server to make sure that no communication with the net takes place except through the VPN (as with Norton firewall for example), or is other hardware required? If so what other hardware? I hope these questions are more clear and I would like to thank you and the other posters who have provided knowledgeable replies in this thread. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
1) what program/hardware device checks to make sure such contact can only take place through the VPN and not otherwise? [/ QUOTE ] This is primarily a function of routing. When the VPN client is connected and properly configured, all Internet traffic will use the VPN as the default gateway, i.e. any non local traffic will use the VPN. The problem is that it is possible for the VPN connection to fail/drop or otherwise become unusable. This is where having a firewall (software or hardware based) comes into play, by not allowing the poker client software (or any software for that matter) to connect thru the normal Internet connection. [ QUOTE ] Also another question: can one with such a dedicated VPN server use just a software firewall on the PC and/or VPN server to make sure that no communication with the net takes place except through the VPN (as with Norton firewall for example), or is other hardware required? If so what other hardware? [/ QUOTE ] Yes, just the VPN client and a software based firewall are all that are needed at a minimum. For the average Poker Joe this would be "OK". However for anyone that has significant funds in play on the Internet, this is just asking for trouble. I could not recommend this type of solution for a mid or high stakes player. |
Re: Setting up a Canadian proxy server
Percula,
How for example do you configure Norton's firewall to only allow routing through the VPN? I know how to configure for individual programs and whether they are permitted or not, but what options there do you use to make sure traffic only goes through the VPN? Also regarding your last statement, are you in fact saying software only options can't insure 100% that a program like a poker client, never connects except via the VPN when the VPN goes down? Or are you saying they can, but there are other dangers not related only to that? Thanks |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Percula, How for example do you configure Norton's firewall to only allow routing through the VPN? I know how to configure for individual programs and whether they are permitted or not, but what options there do you use to make sure traffic only goes through the VPN? Also regarding your last statement, are you in fact saying software only options can't insure 100% that a program like a poker client, never connects except via the VPN when the VPN goes down? Or are you saying they can, but there are other dangers not related only to that? Thanks [/ QUOTE ] this is really not as hard as ya'll are making it. every decent firewall should have some sort of rule-based system. 1st rule) Allow traffic to the VPN server on all ports and protocols 2nd Rule) block all traffic on the local area connection that accesses the internet |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Percula, How for example do you configure Norton's firewall to only allow routing through the VPN? I know how to configure for individual programs and whether they are permitted or not, but what options there do you use to make sure traffic only goes through the VPN? [/ QUOTE ] I am not going to be able to walk you step by step thru the config as I dont use that application. However, what you need to do, assuming the Norton firewall is capable of it, is to create rules that say... Only allow traffic out of this PC thru the VPN adapter and deny everything else. If it does not allow for this type of rule creation you will have to find another product to use. [ QUOTE ] Also regarding your last statement, are you in fact saying software only options can't insure 100% that a program like a poker client, never connects except via the VPN when the VPN goes down? Or are you saying they can, but there are other dangers not related only to that? Thanks [/ QUOTE ] Other dangers in addition to the firewall application its self failing which could happen, but is less likely if not "played" by uneducated users on a regular basis. A hardware based solution is more reliable. With all the posts you see from people that have been hacked; I just can not fathom why a mid/high stakes player with hundreds of thousands or even millions of dollar accessible thru their PC in the form of poker sites, online bank accounts, online savings and brokerage accounts, etc, does not spend the money for the best security... Especially when you are talking about only a few buyins for a high stakes player versus the risk of losing significant parts or a total lose of those funds, wow, it just blows my mind. I have seen small mom and pop sized businesses that wont make as much in five years as a high stakes player does in one year with better security than most of these players have or at least seem to indicate what they have. |
Re: Setting up a Canadian proxy server
BluffThis:
Are you getting a better picture now or still confused? Drop the "2 step process" thinking. Like Perc said, that is basic routing. Applications don't decide what connection to use. They just spit out their request to use the network to the OS. The OS replies, "okay, I'll let the network know", if the VPN is up, it gets a VPN address as the "From" IP. If the VPN is down it gets the non-VPN address as the "from". This is all handled transparently to the user, and the application making the network request has no choice in the matter. There is only one step...and that is when the traffic hits the firewall during it's attempt to leave the machine. The firewall checks it's FROM address...if it's a VPN address then it's allowed to cruise out the VPN tunnel and eventually hit the internet from the remote VPN server. If the FROM address is not a VPN address, then the firewall says No and the data never leaves. That's not 100% technically accurate, but prolly the easiest way to explain it without explaining a bunch of kernel level and TCP/IP stack stuff that'd just be more confusing. |
Re: Setting up a Canadian proxy server
Guys,
Thanks again for the explanation. I think I do understand it now, and the question is really one as mentioned above, whether a software firewall in fact is configurable to set a rule regarding VPN traffic, and from my exploration of Norton's at least, I'm not sure it is, but that might be because it involves the advanced networking settings of which I'm ignorant. Percula, While you are correct about the cost of a hardware solution being not so many buyins, I am still interested in what exactly it provides that software solutions can't, and how likely an unlikely situation with same actually is. I don't mind spending the bucks if necessary, assuming I ever go this route (don't have to for now anyway), but if I am knowledgeable enough not to make an error on my side, I am probably unwilling to insure against a 1000-1 shot, unless I am undergoing that longshot every day I play and thus undergoing an additive probability of such occurring in the space of a year or two. Also relevant is the fact that I would only keep so many buyins on any individual site anyway, with the bulk of my roll being in a bank account or online funding vehicle. |
Re: Setting up a Canadian proxy server
[ QUOTE ]
Percula, While you are correct about the cost of a hardware solution being not so many buyins, I am still interested in what exactly it provides that software solutions can't, and how likely an unlikely situation with same actually is. I don't mind spending the bucks if necessary, assuming I ever go this route (don't have to for now anyway), but if I am knowledgeable enough not to make an error on my side, I am probably unwilling to insure against a 1000-1 shot, unless I am undergoing that longshot every day I play and thus undergoing an additive probability of such occurring in the space of a year or two. Also relevant is the fact that I would only keep so many buyins on any individual site anyway, with the bulk of my roll being in a bank account or online funding vehicle. [/ QUOTE ] I think the current state of hacking poker players is at the stage where some are targeted, but mostly by script kiddies (read not all that good at it). Those that are not targeted specifically are being sucked into other scams that eventually lead to them being identified as a poker player and then targeted for that. My concern is the money. As it stands right now, there aren't too many 6 and 7 figure value targets on the Internet. The two primary ones are online brokerage accounts and HS/MS poker players. With a poker player you are somewhat likely to hit a double or home run finding not only money on poker sites, but also in ewallets/payment processors, online banks, and brokerage accounts. Often these people are well, smart, but inexperienced or just plain ignorant of the threats they are facing. With these more or less easily identifiable HS players, it is just a matter of time (if it hasn't already happened) before they are the targets of the real pros of hacking. A lot of the problem with security is user ignorance/education and behavior modification. But the bottom line is everyone makes mistakes, and sometimes that's all it takes to have a major breach. So you try to design the security system in such a way as to minimize the effects of a mistake while at the same time providing a high level of security. There was a post here a couple of weeks ago, about the same time as Jared was posting about getting hacked titled something like "This is how I would steal all your money" or something like that. The person posting that did not get a lot of attention and was kind of blown off. Which in my professional opinion is a mistake. I will continue this post later, got to run for now... |
Re: Setting up a Canadian proxy server
here is a nice link with some additional background for people like me who are not familiar with vpn's http://computer.howstuffworks.com/vpn.htm
|
Re: Setting up a Canadian proxy server
OK, back now...
Let's talk about security for a moment. There are two ways a hackers is going to get into your PC to steal your money. 1) Direct penetration. This is where the hacker is going to attack and try to exploit a weakness in the device that is fronting your Internet connection. This is not easy, at least with a commercial grade hardware firewall. With a software based firewall, it is a matter of how well it works and if it is working at all. Exposing a naked XP PC to the Internet, especially on a broad band connection is almost a sure thing that it will be taken over within 24-48 hours. 2) Indirect penetration. This one is the hard one to protect against. Indirect penetration is using the user against themselves. Sometimes its social engineering or down right scamming. Sometimes its exploiting a flaw in the users software, like someone finding a Zero Day flaw and exploiting it before anyone knows to or even how to protect against. After the host is taken over, the nasty stuff is install, common for this would be key loggers, screen scrapers, remote control software, etc. There are also some glaring security issues with the poker sites themselves. The first is that poker sites have tied the screen name that everyone sees as you play to your account name where you control your money. This leaves the high profile player a potential target for a brute force attack on the poker account its self. I hear that PS has taken the step of locking out an account after X number of failed loggin attempts, which is a step in the right direction, but is still not enough to stop a brute force attack, especially with many brute force scripts now using pauses to defeat this type of measure, as you have to have a timeout on the number of tries before resetting to zero again. Second they do not require strong passwords, and they do not expire passwords. Secure tokens would go a long ways to stopping both of these issues and frankly if PayPal can do it for <$10 then PS, FTP, UB, etc can do it too. So to make this novel even longer... Here is my formula for securing a poker machine. 1) Using a linux host that has the minimum install, plus Samba for windows file sharing and PostgreSQL for PT, etc. All drives are locked down so you can not just stick a USB drive, floppy or CD/DVD and use it. Install VMWare with XP Pro as a guest OS. Configure VMWare to revert on each power cycle. Why... Linux by its nature does not run windows software. The vast majority of programs a hacker would use to log keystrokes or scrape screen, remotely control the machine simply will not run on linux. We are isolating the XP system from the linux system, but if something did get on the linux box, it will pose little or no danger. You need a windows compatible file share to write your hand histories and other files that you need to retain the data that changes from session to session, e.g. PAHUD cache, layouts, etc. When the VMWare guest is powered down, it does a series of things. First it copies those ever changing files to the file share on the linux host. Next is reverts back to a "snapshot". The snapshot is a point in the configuration and use of the OS. So lets play devils advocate for a second. Let's say somehow someway something gets installed on the guest XP OS. It could be a key logger, etc, doesn't really matter. It wasn't there before the power up. So since our snapshot was taken on a clean OS, when we power down, we remove any change to the OS, including anything nasty. On the next power up, we revert to our clean snapshot and copy back the ever changing files like the PAHUD cache. The poker PC, is never ever used for anything but playing poker and conducting online account management. Here is the problem with this system... It is too difficult to copy the changes from say a updating AV program or even OS updates. So we need user intervention to make sure that we are keeping the OS, AV, etc up to date and creating snapshots after each update. As soon as you are relying on the user to preform you are adding a risk factor.... 2) I use a commercial grade hardware based firewall that can support a "DMZ" port. I am going to use the DMZ port to isolate the poker PC from any other PC's at the site. I would use the standard LAN port of the firewall for all other PC's, etc that need network access. I then create firewall rules that prevent the communication to/from the poker PC and the other PC's. I would use a firewall that includes web content filtering with URL/domain matching. I would configure it so that the poker PC can only surf to the online account sites, poker sites and update sites for things like AV and OS updates. On the LAN side I configure the content filtering so that they can go anywhere except the online account sites, a guy can not live without a little fun on the Internet. [img]/images/graemlins/wink.gif[/img] I would use a firewall with strong IPS and crank it up big time. I wont to protect the poker PC and the other PCs in the site. If VPN was a part of the deployment, nothing really changes except that the poker PC, must send all traffic thru the VPN tunnel, which would be configured via the VPN configuration and firewall rules. Why... We want to protect the poker PC at all costs. We prevent indirect attacks by only allowing the PC to access "approved" web sites, and prevent it from communicating with anything but exactly what we want, e.g. poker site. We also need more functional PC's available, but they too need protect. We also need to protect the user from them self by limiting access to high value information only from the poker PC. There are a lot of little details I have left out because, well, this is long enough as it is and frankly it would be over 95% of the readers of 2+2. Well thats about it. I am sure there is something I have forget, but enough, this is too long as it is... |
Re: Setting up a Canadian proxy server
3 cheers, Perc [img]/images/graemlins/smile.gif[/img]
|
| All times are GMT -4. The time now is 12:01 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.