fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
fartness (banned)
Member
2015-Feb-26 6:10 pm
[XPPro] XP secure?Not sure if this has been covered but how insecure is an XP Pro SP3 box since support has ended?
I have an old Pentium 3 box that hasn't had any Windows Updates since 2012. I just want to run a proxy server on it (on a non standard port) for my own use when I'm travelling. That will be the only port I open in my router's settings. Shouldn't be an issue as long as I'm running the latest version of the proxy software, correct?
I don't think my Netgear R7000 has a stand alone proxy feature to run one right off the router.
I'm going to China and want to use Google, Facebook etc.
Am I better off with a proxy or VPN? Seems both will accomplish the same thing. I'd like free and don't care if the reds can snoop my data over my proxy if I go that route. |
|
Wily_One Premium Member join:2002-11-24 San Jose, CA
1 recommendation |
Wily_One
Premium Member
2015-Feb-26 6:44 pm
And you want to use an unpatched, outdated OS? LMAO! Just make the password "welcome" and save everyone some time. |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside
1 recommendation |
fartness (banned)
Member
2015-Feb-26 7:22 pm
One port is open. One. Unless there is an exploit in the proxy software, nobody is getting in/nothing is getting exploited if everything else is behind the router. Same reason one shouldn't surf the Web on a server. Use the computer for what it's intended for.
I'm more curious how all the other XP boxes on the net are still fairing? I haven't heard much news on it.
I'm also guessing I wouldn't be able to get the most recent 2014 updates for XP anymore? |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL ARRIS TM1602
|
I don't believe so, Unless you use the POSReady hack (which is totally disapproved of by MS)... I have one older (Non-Windows 7 capable) box myself, that has been using it with no problems at all, but it is never used for anything other than 24/7 BOINC (Distributed Computing work unit processing) for Team Discovery. |
|
|
Hitron CDA3 (Software) OpenBSD + pf
|
to fartness
said by fartness:Am I better off with a proxy or VPN? You are far better off utilizing a VPN while in China accessing what sounds like your home network? Proxy hosted on old PIII at home correct? |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
to Tursiops_G
I don't see any issue if one uses even an XP SP1 box and uses it for one service that is up to date and behind a hardware based firewall. There's a lot of FUD spreaders out there about the doom and gloom that will happen... |
|
fartness |
to Chubbzie
said by Chubbzie:said by fartness:Am I better off with a proxy or VPN? You are far better off utilizing a VPN while in China accessing what sounds like your home network? Proxy hosted on old PIII at home correct? Yes. or I'd prefer to run it off my router if possible to save electricity since I turn mostly everything off before I leave. |
|
fartness |
fartness (banned)
Member
2015-Feb-26 8:55 pm
Seems Open VPN is blocked in China. Not sure if it would still be blocked if I setup a server at home.
Just tested a nice VPN app (Private Tunnel) for my phone but it appears it will be blocked I'm China. |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL
1 recommendation |
You really expect to get around a Communist Regime's Internet "Walled Garden" easily? Good Luck with that... |
|
SipSizzurpFo' Shizzle Premium Member join:2005-12-28 Houston, TX
2 recommendations |
to fartness
said by fartness:I'm more curious how all the other XP boxes on the net are still fairing? Just fine, except Java is now complaining that there is no support. The XP box I am on has had no updates since SP3 and is still doing fine. NAT firewalls work. Chrome is the browser that currently is most compatible with the internet. Firefox seems to have gotten it's head stuck up it's ass about a year ago. IE on XP is 99% non functional. |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
to Tursiops_G
said by Tursiops_G:You really expect to get around a Communist Regime's Internet "Walled Garden" easily?
Good Luck with that... We have FUD spreader numba two in this thread. |
|
fartness |
to SipSizzurp
I never run java anyway. Haven't for years. I figured Chrome or FF would be fine for those who want to surf the web on XP. |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL ARRIS TM1602
|
to fartness
Well, then Let me know what you find that does work for you in your endeavor... Seriously, I wish you well in this... |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
fartness (banned)
Member
2015-Feb-26 9:28 pm
Any of these should work. There ARE websites that devote themselves to this topic if you weren't aware. I just prefer a free/home-made approach. I'll pay if I have to though. » www.greycoder.com/best-v ··· n-china/ |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL ARRIS TM1602
|
Note that I said "Easily"... From what I've seen, You pay your money, you take your chances, while they play "Whack-A-mole" with the servers... A DIY solution is practically doomed from the start... |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
fartness (banned)
Member
2015-Feb-26 9:40 pm
I agree. A DIY proxy might end up working the best compared to a VPN since I've looked at the history of some sites that keep track of ways to get around the Great Firewall and it seems to be a whack a mole approach as you've stated. |
|
Tursiops_GTechnoid MVM join:2002-02-06 Brooksville, FL ARRIS TM1602
|
With a Static Proxy, I'd think you'd need to have somebody available locally, (that you can readily get into Voice contact with), who can work around any hurdles that "they" may throw at you, if/when they find it... (ie: Have a BUNCH of alternate Proxy options available for you to switch to at a moment's notice)... |
|
fartness (banned)Donald Trump 2016 join:2003-03-25 Look Outside |
fartness (banned)
Member
2015-Feb-26 10:30 pm
I could probably use ultraVNC also and if there's an issue I can login to my network and connect to my mifi if I need a new IP. Or have my computer connected to both ISPs at home at the same time for redundancy. I'm not really worried about them finding it and blocking it in a matter of days when there's bigger ones out there that they haven't blocked. |
|
HarryH3 Premium Member join:2005-02-21 |
HarryH3
Premium Member
2015-Feb-26 11:12 pm
If TeamViewer isn't blocked from there then it does an awesome job of remote access. |
|
Hitron CDA3 (Software) OpenBSD + pf
|
to fartness
said by fartness:One port is open. One. Unless there is an exploit in the proxy software, nobody is getting in/nothing is getting exploited Or a simple misconfiguration of the proxy daemon. Also, here is something to keep in mind. Although you have only one particular port with a particular service open the OS handles the protocol stack functions (TCP/IP) for that service. If XP SP3 has any known protocol stack vulnerabilities (such as buffer overflows) that can be remotely exploited it might be possible to subvert the OS. |
|
|
to fartness
Where's the dude when you need him? He still browses in Win98! |
|
maartenaElmo Premium Member join:2002-05-10 Orange, CA
1 recommendation |
maartena
Premium Member
2015-Feb-27 2:10 pm
said by cypherstream:Where's the dude when you need him? He still browses in Win98! HEH! On the topic at hand: I would decommission that box. If you do want an in-house solution, there are several light weight Linux versions that will still install fine on such old hardware, and can be used for your purposes. For the china trip however, I would just buy commercial access to a VPN provider for $10 for a month, and use that. A free/inhouse solution is nice, but if the box locks up on you for any reason you are in trouble. A commercial VPN will always be up, and you will have many servers (in many countries) to choose from. For example, you may be able to dial in to a server in south Korea, Singapore, Japan, and thus getting on the internet backbone much more localized then all the way back to the US. This will improve your speed a lot. Also, if an in-house solution is preferred, I know that many routers have built in VPN servers. |
|
your moderator at work
hidden : Trolling hidden : Trolling
|
darciliciousCyber Librarian Premium Member join:2001-01-02 Forest Grove, OR ·Ziply Fiber
|
to maartena
Re: [XPPro] XP secure?said by maartena:there are several light weight Linux versions that will still install fine on such old hardware, and can be used for your purposes. +1 |
|
OZO Premium Member join:2003-01-17 |
to fartness
said by fartness:Seems Open VPN is blocked in China. Not sure if it would still be blocked if I setup a server at home.
Just tested a nice VPN app (Private Tunnel) for my phone but it appears it will be blocked I'm China. OpenVPN uses common UDP/IP protocol, and nothing special. And you can configure it to use any port you want. I don't see why it could be blocked at all, unless your home IP address is completely blocked. But that would be a different story (not related to OpenVPN)... |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to fartness
better solution is smoothwall and squid proxy. It will take you about 2 maybe 3 hours to set up and configure. I do recommend adding a web based gui for config though. It is mostly made to be a fire wall but you can proxy through it etc. I use to do it all the time. Before my old box fell off the underside of my stand i had a irc bouncer a shell account and tons of other stuff running on the box. I loved that thing. Mine ran on pentium 133mhz with 16 megs of ram and a 2.3 gb hd. At most you will need to slap in 1 extra network card to connect every thing up 1 network card connects to your router running in bridge mode the other to your modem. Don't waste your time trying this on xp. I just think smoothwall and squid or any linux distro with squid is going to work much better for you than a windows box with xp. Yeh you can do it on xp. But your just asking to have that box owned. If you knew the ip of the network you'll be coming from you could set up a rule based white list on your router maybe. |
|
Nanaki |
to Tursiops_G
Shoot give me a old pentium 133 non mxx or any thing of that era on up to the newest and best today and say 3 hours and watch how fast i by pass their little walled garden.
Lets not forget they use tor to bypass the filters etc in china and tor is stupid easy to block. If you know what your doing blocking any proxy that exist on any list on the net any where is a snap. I had a anti proxy script me and another guy in a irc chat wrote. It blocked 99% of all proxies when combined with blocking known tor etc proxy ports nothing much got through. Our false positive rate in 4 years of running it was maybe 3 or 4 and no that is not % but 3 or 4 false positives.
Catching a unknown proxy on odd ball ports (or vpns) is all but as impossible as it was possible to block 99% of known proxies. In the case of the irc script i think it was maybe 30 to 35 lines long.
So yeh unknown ip running a proxy on a unknown non standard port = impossible for china to detect or stop. At least in real time. Now a week or 2 down the line if they are actively looking for it they will nail it. That is a given i would think.
If they are not actively looking for it i wold say 2 maybe 3 months before they just happen to spot it and block it. |
|
Nanaki |
to Chubbzie
Well if one is not worried about the box you can always use the nuke and pave approach. I would have little worry about the xp box getting compromised as i would just nuke and pave once done. Personally i would go linux + squid and apache and say php admin. But if told i had to use the xp box or do to compat issues had to then i would not even worry about it getting slammed. I wold isolate it from the rest of the network and let it get fried who cares? |
|
Hitron CDA3 (Software) OpenBSD + pf
|
said by Nanaki:Well if one is not worried about the box you can always use the nuke and pave approach. Of course he could, but in the interim while he is away in China all sorts of nefarious network traffic could occur appearing to originate from his local network... if the box was subverted that is. Personally, I never use any flavor of Windows for network centric services but to each his own. |
|