Proactively Avoid Blocks using Amazon S3

The easiest way to avoid an ISP blocking a particular ProxyShard causing you issues is to save a copy of your PAC file to Amazon's S3 file storage cloud.

ISPs can't risk blocking S3 due to it's massive scale and use by lots of other websites. Since S3 URLs natively support SSL they can't inspect the HTTP Host header or GET path to block.

To push your PAC file to S3 is easy;

• Navigate to your PAC files view page (e.g. https://routingpacketsisnotacrime.uk/view/b718ce9b276bc2f10af90fe1d5b33c0d )
• Look on the left hand side (or near the bottom on smaller screens) for the Push PAC to Amazon S3 section
• Click the   Push to S3 button
• Done! After a short delay your personalised, SSL secured Amazon S3 bucket and PAC file will be created and the unique URL will be displayed

Using DNS

ISP DNS interference seems to be restricted to A and CNAME records so in order to find alternate ProxyShards PacketFlagon publishes a list of alternate frontends and proxies using SRV and TXT records.

Find Alternate ProxyShards with TXT Records

At a command prompt issue the following; nslookup -type=txt shards.packetflagon.is or dig -t txt shards.packetflagon.is

You should receive a CSV list of domains (excluding the http(s) prefix) that are vetted PacketFlagon ProxyShards.

$ dig -t txt shards.packetflagon.is
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t txt shards.packetflagon.is
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2603
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;shards.packetflagon.is.         IN      TXT
;; ANSWER SECTION:
shards.packetflagon.is.  10799   IN      TXT     "routingpacketsisnotacrime.uk,thisproxykillscensors.uk"
;; Query time: 57 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct  2 15:37:26 2014
;; MSG SIZE  rcvd: 103

Find PacketFlagon Proxies

At a command prompt issue the following; nslookup -type=SRV _proxy._tcp.packetflagon.is or dig -t SRV _proxy._tcp.packetflagon.is

You should receive an RFC compliant SRV response that are vetted PacketFlagon proxies, their ports and priorities.

Windows nslookup Response

>nslookup -type=srv _proxy._tcp.packetflagon.is
Server:  google-public-dns-a.google.com
Address:  2001:4860:4860::8888
Non-authoritative answer:
_proxy._tcp.packetflagon.is     SRV service location:
          priority       = 0
          weight         = 5
          port           = 8080
          svr hostname   = proxy-1-1.packetflagon.is
_proxy._tcp.packetflagon.is     SRV service location:
          priority       = 0
          weight         = 15
          port           = 8080
          svr hostname   = proxy-1-2.packetflagon.is

Linux Dig Response

$ dig -t srv _proxy._tcp.packetflagon.is
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t srv _proxy._tcp.packetflagon.is
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31975
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_proxy._tcp.packetflagon.is.   IN      SRV
;; ANSWER SECTION:
_proxy._tcp.packetflagon.is. 10799 IN   SRV     0 15 8080 proxy-1-2.packetflagon.is.
_proxy._tcp.packetflagon.is. 10799 IN   SRV     0 5 8080 proxy-1-1.packetflagon.is.
;; Query time: 426 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct  2 15:36:33 2014
;; MSG SIZE  rcvd: 135

Twitter

In the event a block is detected it will be announced by the PacketFlagon Deadhand software and a new URL will be tweeted with the hashtag #PacketFlagon

Anyone running their own PacketFlagon shard (or an independant platform) is also encouraged to use the #PacketFlagon hashtag as we will not automatically publish private proxy shards unless specifically asked to.