dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1309
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned)

Member

[XPPro] XP secure?

Not sure if this has been covered but how insecure is an XP Pro SP3 box since support has ended?

I have an old Pentium 3 box that hasn't had any Windows Updates since 2012. I just want to run a proxy server on it (on a non standard port) for my own use when I'm travelling. That will be the only port I open in my router's settings. Shouldn't be an issue as long as I'm running the latest version of the proxy software, correct?

I don't think my Netgear R7000 has a stand alone proxy feature to run one right off the router.

I'm going to China and want to use Google, Facebook etc.

Am I better off with a proxy or VPN? Seems both will accomplish the same thing. I'd like free and don't care if the reds can snoop my data over my proxy if I go that route.

Wily_One
Premium Member
join:2002-11-24
San Jose, CA

1 recommendation

Wily_One

Premium Member

said by fartness:

I'm going to China...

And you want to use an unpatched, outdated OS? LMAO!

Just make the password "welcome" and save everyone some time.
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

1 recommendation

fartness (banned)

Member

One port is open. One. Unless there is an exploit in the proxy software, nobody is getting in/nothing is getting exploited if everything else is behind the router. Same reason one shouldn't surf the Web on a server. Use the computer for what it's intended for.

I'm more curious how all the other XP boxes on the net are still fairing? I haven't heard much news on it.

I'm also guessing I wouldn't be able to get the most recent 2014 updates for XP anymore?

Tursiops_G
Technoid
MVM
join:2002-02-06
Brooksville, FL
ARRIS TM1602

Tursiops_G

MVM

I don't believe so, Unless you use the POSReady hack (which is totally disapproved of by MS)...
I have one older (Non-Windows 7 capable) box myself, that has been using it with no problems at all, but it is never used for anything other than 24/7 BOINC (Distributed Computing work unit processing) for Team Discovery.

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to fartness

Member

to fartness
said by fartness:

Am I better off with a proxy or VPN?

You are far better off utilizing a VPN while in China accessing what sounds like your home network? Proxy hosted on old PIII at home correct?
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned) to Tursiops_G

Member

to Tursiops_G
I don't see any issue if one uses even an XP SP1 box and uses it for one service that is up to date and behind a hardware based firewall. There's a lot of FUD spreaders out there about the doom and gloom that will happen...
fartness

fartness (banned) to Chubbzie

Member

to Chubbzie
said by Chubbzie:

said by fartness:

Am I better off with a proxy or VPN?

You are far better off utilizing a VPN while in China accessing what sounds like your home network? Proxy hosted on old PIII at home correct?

Yes.

or I'd prefer to run it off my router if possible to save electricity since I turn mostly everything off before I leave.
fartness

fartness (banned)

Member

Seems Open VPN is blocked in China. Not sure if it would still be blocked if I setup a server at home.

Just tested a nice VPN app (Private Tunnel) for my phone but it appears it will be blocked I'm China.

Tursiops_G
Technoid
MVM
join:2002-02-06
Brooksville, FL

1 recommendation

Tursiops_G

MVM

You really expect to get around a Communist Regime's Internet "Walled Garden" easily?

Good Luck with that...
SipSizzurp
Fo' Shizzle
Premium Member
join:2005-12-28
Houston, TX

2 recommendations

SipSizzurp to fartness

Premium Member

to fartness
said by fartness:

I'm more curious how all the other XP boxes on the net are still fairing?

Just fine, except Java is now complaining that there is no support. The XP box I am on has had no updates since SP3 and is still doing fine. NAT firewalls work. Chrome is the browser that currently is most compatible with the internet. Firefox seems to have gotten it's head stuck up it's ass about a year ago. IE on XP is 99% non functional.
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned) to Tursiops_G

Member

to Tursiops_G
said by Tursiops_G:

You really expect to get around a Communist Regime's Internet "Walled Garden" easily?

Good Luck with that...

We have FUD spreader numba two in this thread.
fartness

fartness (banned) to SipSizzurp

Member

to SipSizzurp
I never run java anyway. Haven't for years. I figured Chrome or FF would be fine for those who want to surf the web on XP.

Tursiops_G
Technoid
MVM
join:2002-02-06
Brooksville, FL
ARRIS TM1602

Tursiops_G to fartness

MVM

to fartness
Well, then Let me know what you find that does work for you in your endeavor...

Seriously, I wish you well in this...
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned)

Member

Any of these should work. There ARE websites that devote themselves to this topic if you weren't aware. I just prefer a free/home-made approach. I'll pay if I have to though.

»www.greycoder.com/best-v ··· n-china/

Tursiops_G
Technoid
MVM
join:2002-02-06
Brooksville, FL
ARRIS TM1602

Tursiops_G

MVM

Note that I said "Easily"...
From what I've seen, You pay your money, you take your chances, while they play "Whack-A-mole" with the servers...
A DIY solution is practically doomed from the start...
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned)

Member

I agree. A DIY proxy might end up working the best compared to a VPN since I've looked at the history of some sites that keep track of ways to get around the Great Firewall and it seems to be a whack a mole approach as you've stated.

Tursiops_G
Technoid
MVM
join:2002-02-06
Brooksville, FL
ARRIS TM1602

Tursiops_G

MVM

With a Static Proxy, I'd think you'd need to have somebody available locally, (that you can readily get into Voice contact with), who can work around any hurdles that "they" may throw at you, if/when they find it...
(ie: Have a BUNCH of alternate Proxy options available for you to switch to at a moment's notice)...
fartness (banned)
Donald Trump 2016
join:2003-03-25
Look Outside

fartness (banned)

Member

I could probably use ultraVNC also and if there's an issue I can login to my network and connect to my mifi if I need a new IP. Or have my computer connected to both ISPs at home at the same time for redundancy. I'm not really worried about them finding it and blocking it in a matter of days when there's bigger ones out there that they haven't blocked.
HarryH3
Premium Member
join:2005-02-21

HarryH3

Premium Member

If TeamViewer isn't blocked from there then it does an awesome job of remote access.

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to fartness

Member

to fartness
said by fartness:

One port is open. One. Unless there is an exploit in the proxy software, nobody is getting in/nothing is getting exploited

Or a simple misconfiguration of the proxy daemon. Also, here is something to keep in mind. Although you have only one particular port with a particular service open the OS handles the protocol stack functions (TCP/IP) for that service. If XP SP3 has any known protocol stack vulnerabilities (such as buffer overflows) that can be remotely exploited it might be possible to subvert the OS.

cypherstream
MVM
join:2004-12-02
Reading, PA

cypherstream to fartness

MVM

to fartness
Where's the dude when you need him? He still browses in Win98!

maartena
Elmo
Premium Member
join:2002-05-10
Orange, CA

1 recommendation

maartena

Premium Member

said by cypherstream:

Where's the dude when you need him? He still browses in Win98!

HEH!

On the topic at hand: I would decommission that box. If you do want an in-house solution, there are several light weight Linux versions that will still install fine on such old hardware, and can be used for your purposes.

For the china trip however, I would just buy commercial access to a VPN provider for $10 for a month, and use that.

A free/inhouse solution is nice, but if the box locks up on you for any reason you are in trouble. A commercial VPN will always be up, and you will have many servers (in many countries) to choose from. For example, you may be able to dial in to a server in south Korea, Singapore, Japan, and thus getting on the internet backbone much more localized then all the way back to the US. This will improve your speed a lot.

Also, if an in-house solution is preferred, I know that many routers have built in VPN servers.
Expand your moderator at work

darcilicious
Cyber Librarian
Premium Member
join:2001-01-02
Forest Grove, OR
·Ziply Fiber

darcilicious to maartena

Premium Member

to maartena

Re: [XPPro] XP secure?

said by maartena:

there are several light weight Linux versions that will still install fine on such old hardware, and can be used for your purposes.

+1
OZO
Premium Member
join:2003-01-17

OZO to fartness

Premium Member

to fartness
said by fartness:

Seems Open VPN is blocked in China. Not sure if it would still be blocked if I setup a server at home.

Just tested a nice VPN app (Private Tunnel) for my phone but it appears it will be blocked I'm China.

OpenVPN uses common UDP/IP protocol, and nothing special. And you can configure it to use any port you want. I don't see why it could be blocked at all, unless your home IP address is completely blocked. But that would be a different story (not related to OpenVPN)...
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to fartness

Member

to fartness
better solution is smoothwall and squid proxy. It will take you about 2 maybe 3 hours to set up and configure. I do recommend adding a web based gui for config though. It is mostly made to be a fire wall but you can proxy through it etc. I use to do it all the time. Before my old box fell off the underside of my stand i had a irc bouncer a shell account and tons of other stuff running on the box. I loved that thing. Mine ran on pentium 133mhz with 16 megs of ram and a 2.3 gb hd. At most you will need to slap in 1 extra network card to connect every thing up
1 network card connects to your router running in bridge mode the other to your modem. Don't waste your time trying this on xp. I just think smoothwall and squid or any linux distro with squid is going to work much better for you than a windows box with xp. Yeh you can do it on xp. But your just asking to have that box owned. If you knew the ip of the network you'll be coming from you could set up a rule based white list on your router maybe.
Nanaki

Nanaki (banned) to Tursiops_G

Member

to Tursiops_G
Shoot give me a old pentium 133 non mxx or any thing of that era on up to the newest and best today and say 3 hours and watch how fast i by pass their little walled garden.

Lets not forget they use tor to bypass the filters etc in china and tor is stupid easy to block. If you know what your doing blocking any proxy that exist on any list on the net any where is a snap. I had a anti proxy script me and another guy in a irc chat wrote. It blocked 99% of all proxies when combined with blocking known tor etc proxy ports nothing much got through. Our false positive rate in 4 years of running it was maybe 3 or 4 and no that is not % but 3 or 4 false positives.

Catching a unknown proxy on odd ball ports (or vpns) is all but as impossible as it was possible to block 99% of known proxies. In the case of the irc script i think it was maybe 30 to 35 lines long.

So yeh unknown ip running a proxy on a unknown non standard port = impossible for china to detect or stop. At least in real time. Now a week or 2 down the line if they are actively looking for it they will nail it. That is a given i would think.

If they are not actively looking for it i wold say 2 maybe 3 months before they just happen to spot it and block it.
Nanaki

Nanaki (banned) to Chubbzie

Member

to Chubbzie
Well if one is not worried about the box you can always use the nuke and pave approach. I would have little worry about the xp box getting compromised as i would just nuke and pave once done. Personally i would go linux + squid and apache and say php admin. But if told i had to use the xp box or do to compat issues had to then i would not even worry about it getting slammed. I wold isolate it from the rest of the network and let it get fried who cares?

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie

Member

said by Nanaki:

Well if one is not worried about the box you can always use the nuke and pave approach.

Of course he could, but in the interim while he is away in China all sorts of nefarious network traffic could occur appearing to originate from his local network... if the box was subverted that is. Personally, I never use any flavor of Windows for network centric services but to each his own.