How-to Guide Protect Yourself Against MITM Attacks

Discussion in 'Tutorials & Guides' started by Umbra, Oct 28, 2016.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    ok, everybody here knows about malwares, Avs , etc... but there is an area we don't talk enough , datas protection.

    One well known attack is called MITM aka Man In The Middle Attack:

    Man-in-the-middle attack - Wikipedia

    so what to do to counter it ?

    basically you have to secure the transmission via encryption , for this we use the DNScrypt protocol:

    DNSCrypt - Official Project Home Page

    There is a simple apps called Simple DnsCrypt that will automatize and really simplify the implementation of this protocol

    Simple DNSCrypt - Official Project Home Page

    We will then choose from the list a DNS provider using DNSSEC.

    DNSSEC – What Is It and Why Is It Important? - ICANN


    Simple as that ;)

    Thanks for reading.
     
  2. carsten ibsen

    carsten ibsen Level 20

    Sep 18, 2016
    980
    5,205
    retired
    denmark
    Windows 10
    Microsoft
    Thanks For Sharing,interesting reading:)
     
    Polygon, Svoll, venustus and 6 others like this.
  3. Overkill

    Overkill Level 30
    Trusted

    Feb 15, 2012
    2,106
    1,997
    USA
    Windows 7
    Default-Deny
    Which DNS resolver do you use/recommend? Do you use the secondary resolver?
     
    Polygon, AtlBo, Svoll and 6 others like this.
  4. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    at the moment the second isnt working.

    i picked Cloudns and dnscrypt.org
     
    Polygon, AtlBo, Svoll and 8 others like this.
  5. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,722
    10,657
    Testing security programs
    Earth
    Windows 10
    Happy user for some time :D

    Clipboard01.jpg
     
    AtlBo, Svoll, silversurfer and 11 others like this.
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yep me too for quite a long time ^^
     
    AtlBo, Svoll, Yash Khan and 8 others like this.
  7. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,256
    13,527
    Utopia
    is this needed on a trusted home network, or only for public WIFI situations?
     
    Polygon, AtlBo, Svoll and 7 others like this.
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    everywhere.
     
    Polygon, AtlBo, Svoll and 9 others like this.
  9. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,256
    13,527
    Utopia
    doesn't chrome sandboxing of processes take care of this issue, in a large part? Or am I confusing two different things?
     
    Polygon, AtlBo, Svoll and 4 others like this.
  10. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #10 Umbra, Oct 28, 2016
    Last edited: Oct 28, 2016
    @shmu26 let me explain simply.

    Whatever you do on your computer , when you access internet you send packets of datas, which will pass between routers/relays/networks until they reach the destination you want (server/website/computer). Then you will get a response, from the destination.

    Now let say i want to know what/where/who you are communicating, all i have to do is to take over one of the relay between you and the destination, since you have no access to those relays , you can't protect it. Now that i have access to the relay i can reconstruct the datas and read (Eavesdropping) what you are communicating, i can even modify the content to my needs.

    you have a good example here: Man-in-the-middle attack - Wikipedia
     
  11. Duotone

    Duotone Level 9

    Mar 17, 2016
    407
    2,517
    GEODETIC ENGINEER
    Philippines
    Windows 7
    Default-Deny
    Great info Umbra I've also used that for some half a year I think, but it cause some problem back then...Going to try it again!
     
    Polygon, AtlBo, Svoll and 3 others like this.
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,256
    13,527
    Utopia
    thanks, Umbra!
     
    Polygon, AtlBo, Svoll and 4 others like this.
  13. RedTeam

    RedTeam Level 1

    Oct 28, 2016
    19
    84
    Cyber Threat Intelligence Command Center
    Sadly DNScrypt will save you from MiTM attacks. What it does do is give more privacy from your ISP.

    MiTM attacks are very hard to defend against because the attacker is most likely using stolen certificates and has control over fiber backbones.

    Using a browser that has good security can help. Firefox and Chrome will alert you on stolen and forged certificates.
     
    DeepWeb, Andy Ful, AtlBo and 5 others like this.
  14. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,423
    Philippines
    Windows 10
    Default-Deny
    How do I know if DNSCrypt through Simple DSNCrypt is working? I think it's already enabled, but I'm not sure if it's really working.

    Edit:
    Nevermind. I just found out that my DNS server changed to 127.0.0.1, instead of the default.
     
    Andytay70, Polygon, AtlBo and 7 others like this.
  15. Vipersd

    Vipersd Level 6

    Dec 14, 2014
    279
    552
    Very informative, I presume this tool can be used together with other software like Malwarebytes Anti-Malware or ZAL with their real time protection enabled without conflicts.
     
    Andytay70, AtlBo, frogboy and 2 others like this.
  16. Azure Phoenix

    Azure Phoenix Level 19

    Oct 23, 2014
    921
    2,466
    Puerto Rico
    The only problem is ZAM/ZAL detecting the change as a DNS hijack. But simply excluding that detection after a scan is enough.
     
    Polygon, AtlBo and Svoll like this.
  17. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,298
    5,754
    Far East
    Same as mine. Is pointing to 127.0.0.1 correct or is there something wrong?

    Thanks
     
    Polygon and AtlBo like this.
  18. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,423
    Philippines
    Windows 10
    Default-Deny
    That is correct. If you use DNSCrypt, your DNS should change to that. :)
     
    Andytay70, Polygon, AtlBo and 2 others like this.
  19. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,298
    5,754
    Far East
    Hi

    I understand that the server will change its settings to 127.0.0.1 and 127.0.0.2 which is expected

    So, if I want to use another DNS server will Simple DNSCrypt reverts the DNS server's settings to 127.0.0.1 and 127.0.0.2? If yes, then how to go about in resolving this?

    Thanks
     
    Polygon and AtlBo like this.
  20. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,423
    Philippines
    Windows 10
    Default-Deny
    I'm not sure, actually, as I don't use it anymore. @Umbra might be able to help.
     
    Polygon and AtlBo like this.
Loading...
Similar Threads Forum Date
3 Practical Tips to protect yourself against anti-ransomware Backup, Sync and Encryption Mar 24, 2017
Hacking Alert Protect Yourself from KRACK WiFi Vulnerability Security News Oct 19, 2017
Cloudbleed: How to Protect Yourself After the Data Leak News Archive Feb 25, 2017