Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,708
Operating System
Windows 10
Antivirus
#1
ok, everybody here knows about malwares, Avs , etc... but there is an area we don't talk enough , datas protection.

One well known attack is called MITM aka Man In The Middle Attack:

In cryptography and computer security, a man-in-the-middle attack (often abbreviated MitM, MiM attack, MitMA or the same using all capital letters) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. A man-in-the-middle attack can be used against many cryptographic protocols.[1] One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point can insert himself as a man-in-the-middle.[2]

As an attack that aims at circumventing mutual authentication, or lack thereof, a man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to their satisfaction as expected from the legitimate other end. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certificate authority.[3]
Man-in-the-middle attack - Wikipedia

so what to do to counter it ?

basically you have to secure the transmission via encryption , for this we use the DNScrypt protocol:

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
DNSCrypt - Official Project Home Page

There is a simple apps called Simple DnsCrypt that will automatize and really simplify the implementation of this protocol

Simple DNSCrypt - Official Project Home Page

We will then choose from the list a DNS provider using DNSSEC.

DNSSEC is a technology that was developed to, among other things, protect against such attacks by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.icann.org). Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall processii. Importantly it does not encrypt data. It just attests to the validity of the address of the site you visit.
DNSSEC – What Is It and Why Is It Important? - ICANN


Simple as that ;)

Thanks for reading.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,708
Operating System
Windows 10
Antivirus
#10
@shmu26 let me explain simply.

Whatever you do on your computer , when you access internet you send packets of datas, which will pass between routers/relays/networks until they reach the destination you want (server/website/computer). Then you will get a response, from the destination.

Now let say i want to know what/where/who you are communicating, all i have to do is to take over one of the relay between you and the destination, since you have no access to those relays , you can't protect it. Now that i have access to the relay i can reconstruct the datas and read (Eavesdropping) what you are communicating, i can even modify the content to my needs.

you have a good example here: Man-in-the-middle attack - Wikipedia
 
Last edited:

shmu26

Level 71
Content Creator
Verified
Joined
Jul 3, 2015
Messages
6,023
Operating System
Windows 10
#12
@shmu26 let me explain simply.

Whatever you do on your computer , when you access internet you send packets of datas, which will pass between routers/relays/networks until they reach the destination you want (server/website/computer). Then you will get a response, from the destination.

Now let say i want to know what/where/who you are communicating, all i have to do is to take over one of the relay between you and the destination, since you have no access to those relays , you can't protect it. Now that i have access to the relay i can reconstruct the datas and read (Eavesdropping) what you are communicating, i can even modify the content to my needs.

you have a good example here: Man-in-the-middle attack - Wikipedia
thanks, Umbra!
 
Joined
Oct 28, 2016
Messages
19
#13
Sadly DNScrypt will save you from MiTM attacks. What it does do is give more privacy from your ISP.

MiTM attacks are very hard to defend against because the attacker is most likely using stolen certificates and has control over fiber backbones.

Using a browser that has good security can help. Firefox and Chrome will alert you on stolen and forged certificates.
 

XhenEd

Level 27
Content Creator
Verified
Joined
Mar 1, 2014
Messages
1,674
Operating System
Windows 10
Antivirus
#14
How do I know if DNSCrypt through Simple DSNCrypt is working? I think it's already enabled, but I'm not sure if it's really working.

Edit:
Nevermind. I just found out that my DNS server changed to 127.0.0.1, instead of the default.
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,214
#17
How do I know if DNSCrypt through Simple DSNCrypt is working? I think it's already enabled, but I'm not sure if it's really working.

Edit:
Nevermind. I just found out that my DNS server changed to 127.0.0.1, instead of the default.
Same as mine. Is pointing to 127.0.0.1 correct or is there something wrong?

Thanks
 

HarborFront

Level 43
Content Creator
Verified
Joined
Oct 9, 2016
Messages
3,214
#19
That is correct. If you use DNSCrypt, your DNS should change to that. :)
Hi

I understand that the server will change its settings to 127.0.0.1 and 127.0.0.2 which is expected

So, if I want to use another DNS server will Simple DNSCrypt reverts the DNS server's settings to 127.0.0.1 and 127.0.0.2? If yes, then how to go about in resolving this?

Thanks
 

XhenEd

Level 27
Content Creator
Verified
Joined
Mar 1, 2014
Messages
1,674
Operating System
Windows 10
Antivirus
#20
Hi

I understand that the server will change its settings to 127.0.0.1 and 127.0.0.2 which is expected

So, if I want to use another DNS server will Simple DNSCrypt reverts the DNS server's settings to 127.0.0.1 and 127.0.0.2? If yes, then how to go about in resolving this?

Thanks
I'm not sure, actually, as I don't use it anymore. @Umbra might be able to help.