In the last few months I've seen many advertisements for a device they call the "Super Box" - it's essentially an (Android based?) IPTV device with every channel imaginable. The people I know with them paid around $300 and there isn't a monthly fee.
I have a hunch they're trading free TV for becoming a residential proxy unknowingly. Would love to capture network traffic from one and see what's really going on.
The fact that people are willing to buy these super sketchy devices and plug them into their networks without a second thought is kinda scary.
Well didn't lookup Super Box but I assume it's less sketchy than you image.
It probably just pulls from something like https://github.com/iptv-org/iptv and so the provider of Super Box doesn't have to maintain pretty much anything or use any of their own bandwidth. So the $300 minus the cost of the hardware is the profit and they don't have real reoccurring costs.
I don't believe so. These boxes provide access to premium TV channels and live sports, not just public broadcasting.
Premium TV channels and live sports have publicly accessible IPTV streams, though. Undocumented != nonpublic.
I've never seen a $300 one but I've seen $70 ones. I don't think they're nefarious in that sense, but these boxes are usually scams.
They come preloaded with a pirate iptv service that only works for 1-2 months then they ask you to pay something like $70/year to keep watching. There's tons of providers for these IPTV services so bundling them with the boxes is a way to make it easy to access while gaining subscriptions, you can just buy a cheap android TV box yourself, install the apk and get a cheaper IPTV provider.
Most of these boxes/providers don't last more than a couple years as authorities tend to go after them when they get too big. My dad uses them to watch portuguese TV--it would be impossible to watch certain channels outside the country otherwise--and in the past 10 years he changed provider 3-4 times.
These have been a thing for a while - check your local Craigslist for "fully loaded" Fire sticks or other streaming TV devices. I wouldn't be surprised at all if you're correct - these devices are marketed to technically unsophisticated users, by vendors who have every incentive to maximize profit.
Why there is no protocol that would allow a network to request blocking traffic from a subnet or network? For example, AS X doesn't want any traffic from Y, and all operators between X and Y block traffic from Y to X.
To motivate lazy network operators, this protocol should be linked with financial conditions: an operator who doesn't honor the request, gets significantly reduced payment for this month's traffic.
I see weak people whining about attacks for like 10 years, and nobody changes anything. It's easier to blame evil hackers than fix their own broken poorly designed systems.
To give specific example, imagine a business which has 95% customers in developed country A, but receives 99% web requests from developing countries (DDoS attacks mainly come from there). It makes financial sense to cut off those countries first and after than figure out what happened.
The finances work the other way around: you can often pay your transit/upstream providers an additional fee for their DDOS protection/filtering service, where you can signal (via BGP or otherwise) that there's traffic you don't want to receive. BGP Flowspec (or similar) is one of the technologies used here.
The capabilities offered by the protocol you're envisioning already exist in the form of firewall rules and BGP peering agreements.
Most websites and networks would suffer more from blocking residential ISP traffic than they do from misuse of residential ISP traffic, though...
No. If you have majority of customers in country A, but the attack comes from country B, it is better to cut off B to keep the web services working.
BGP doesn't allow to stop attacks this way as I understand.
what if the attack comes from country A too? my understanding is they try to get botnets and residential proxies in large Western countries to avoid being filtered by IP range already.
Very fascinating. I saw multiple people predict that these ddos attacks were just advertisement for the Aisuru services.
How can regular users of Android, smart TV's, etc. identify these IoT devices that have been compromised?
I guess the increased bandwidth should at least show up on the ISP bill since that's the only place anyone would notice.
But we're pretty far from having a system that isn't perfect for botnets and malicious proxies hiding on your network.
Kinda crazy how my ISP doesn't even show me my usage on the bill. But then again every time I call them for something, they try to convince me I need something more than the minimum plan, and they're BS depends on me not knowing which tier I need.
> I guess the increased bandwidth should at least show up on the ISP bill since that's the only place anyone would notice.
Not sure about other places, but where I live ISPs don't have bandwidth limits over which they make you pay an extra. In extreme cases they might suspend service if your usage is deemed abusive though, but I never heard of this happening to people I know IRL.
realistically? not much regular joe can do.
advanced users can segregate all their iot crap into separate network which allows keeping an eye on what goes on in there. but you need to know what your normal safe baseline looks like to be able to identify something weird happening.
of course there is lot of fancy tools built around this topic too, stuff like zeek and suricata almost certainly could be used to identify possible compromises. especially in a separate iot network, which should have otherwise fairly regular traffic patterns. but realistically, idk if anyone has been very successful in implementing such detection.
I recently heard that a group at Cardiff University is moving to commercialize what was their PHD thesis on this topic.
https://orca.cardiff.ac.uk/id/eprint/147062/1/AnoML.pdf
Saw them working on their elevator pitch last week.
recently had to research "residential proxy", and the number of websites that claim that they have millions of IPs on hand was very strange. then the fact that a lot of them work in the exact same way, and a lot of them accepted payment mostly in crypto was very strange. so now connecting the dots, makes sense now why these "residential proxy" websites looked and worked the same way
also note that all of them claim that their residential proxies are "ethically sourced" (unlikely their competitors, I guess?)
there's no such thing as an ethically sourced residential proxy.
I've been thinking about building an actually-ethical residential proxy system, for censorship-evasion purposes.
The internet in a growing number of countries is censored, but different content categories are censored in each jurisdiction. Many sites and services also block known VPNs (i.e. non-residential IPs), so that doesn't work as a bypass in all cases.
I have trusted friends in other countries, so by mutual agreement we could set up wireguard links for each other to use (subject to agreed terms). It just needs some way to intelligently route traffic depending on which jurisdictions will allow which requests (i.e. "which is the lowest-latency link that will allow this request").
> I've been thinking about building an actually-ethical residential proxy system, for censorship-evasion purposes.
That thing already exist and is called Tor Snowflake.
And the concept of web of trust and signing parties just gets more and more valuable for each day!
> there's no such thing as an ethically sourced residential proxy.
There is, just like you giving your attention and cpu to watch free ad supported content on the internet. It's the same in apps that give users access for free in return for bandwidth, or free VPNs that allow you to share bandwidth. There's also ISP "residential" proxies where ISPs re-sell some of their address space to proxy providers.
Their are services that allow users to share their bandwidth in return for some cents per GB, a way to passively earn income.
Additionally, there's almost no ethical use for a residential proxy. The purpose is always to deceive, at best you get lightly unethical uses like "avoiding georestrictions on IP distributors like netflix", or "avoiding controls in dictatorships" which is acknowledging that it is used to break the law, but maybe it's the wrong kind of law.
Even these soft reasons to use VPNs and residential proxies are like an alibi for bad actors, is IP 25.14.xx.xx creating a fake account on twitter to spread malware or is he downloading a show that wasn't available before? I guess we'll never know such are the limits of privacy I guess.
So not only are AI companies stealing content, they’re actively funding criminal organisations too. Wonderful
They're funding criminal organizations in the same way you're funding one if you get your hair cut at a hair salon which works as a front for money laundering.
That is, mostly unknowingly, perhaps suspecting what's going on, but politely trying to ignore it for their own convenience.
A hair salon is a legitimate business. "Residential proxies" have very little legitimate use, and are sourced by unethical means, so it's not a fair comparison.
Watching netflix is plenty legitimate in my book.
> ... renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services...
And that's why I will never buy any IoT devices that require an internet connection to work. Only IoT devices in my house are those that connect to my own server and never see the light of the internet.
Your IoT is an Intranet of Things then, checks out!