Guide | How To Protect Yourself Against MITM Attacks

The associated guide may contain user-generated or external content.

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
IF you use Yandex browser you don't need it.
I can't use it any more cuz government blocked it(5 months ago):p


DNS spoofing protection
Protect active security technology scans files and website for viruses, blocks fraudulent webpages, protects passwords and bank card details, and keeps online payments safe from theft.

DNSCrypt
The world's first browser with support for DNSCrypt technology. Encrypts Domain Name System (DNS) traffic. For example, it protects from a trojan DNSChanger, a tracking Internet provider, or hackers. This option must be enabled in the browser settings.
 
  • Like
Reactions: simmerskool

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Just make sure your connection is HTTPS using TLS and it will get validated that way. Any site that cannot be validated will not be resolved using HTTPS and your browser will tell you that it could not connect or reset the connection or connection timeout.

I would also argue to worry less about the last mile from DNS resolver to your PC. Worry more about what your DNS resolver does. If you have DNSCrypt but your resolver doesn't use DNSSEC, what's the point. Your resolver gets fooled and will send you the wrong address. If your DNS resolver validates DNSSEC, you get herd immunity by it validating all queries it receives for you before they get sent to you.

This is another example where you choose between privacy and security. If you want security, actually your ISP has DNSSEC validating resolvers that are the least likely to be spoofed because they have the experience, they log traffic to pay attention to criminals, and it would hurt their image the most if people found out that their traffic gets routed to the wrong place. Your ISP's DNS resolvers also can only be accessed by subscribers like you which further reduces the attack surface. Finally most ISP DNS resolvers will reject pings and other queries making them practically invisible on the web. If you don't believe me, test them here: GRC | DNS Nameserver Spoofability Test

Long story short your ISP's DNS resolvers are the most secure but also the least private when it comes to govt surveillance and logging. Those other DNSCrypt resolvers may be more private but also easier to fall victim to DNS cache poisoning because they are run by volunteers, not billions in revenue from paying customers. Unless you are on public wifi I wouldn't worry. If you are on public wifi, VPN is a must anyway. :)
 

Glashouse

Level 4
Verified
Well-known
Jun 4, 2017
174
If you are on public wifi, VPN is a must anyway.
totally agree but whould like to add that using a VPN is not always everything you need. most of the clients you'll get from the vpn providers change your DNS Servers for privacy reasons... this makes you vulnerable for dns poisening / spoofing!
 
  • Like
Reactions: HarborFront

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
totally agree but whould like to add that using a VPN is not always everything you need. most of the clients you'll get from the vpn providers change your DNS Servers for privacy reasons... this makes you vulnerable for dns poisening / spoofing!
Agreed. That's why you need to select a VPN provider which has secure DNS server
 
  • Like
Reactions: Glashouse

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
totally agree but whould like to add that using a VPN is not always everything you need. most of the clients you'll get from the vpn providers change your DNS Servers for privacy reasons... this makes you vulnerable for dns poisening / spoofing!
Rightfully so. A good VPN will encrypt all of your traffic and tunnel DNS queries to its own DNS servers. Now it's up to the VPN provider to protect you. :)
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
5

509322

Thread author
According to this article there are 4 common types of MITM attacks and these are

1) ARP Cache Poisoning
2) DNS Spoofing
3) Session Hijacking
4) SSL Hijacking

Understanding Man-in-the-Middle Attacks - ARP Cache Poisoning (Part 1) - TechGenix

For the ARP Cache Poisoning I thought there are specific software to handle this form of attack and also some firewall which has this feature too? Anyone knows?

You don't have to worry about ARP unless you are connected to a LAN.

COMODO has a setting for ARP spoofing.

Research ARP cache poisoning or spoofing online. You might have to read multiple articles and piece it altogether.
 
5

509322

Thread author
totally agree but whould like to add that using a VPN is not always everything you need. most of the clients you'll get from the vpn providers change your DNS Servers for privacy reasons... this makes you vulnerable for dns poisening / spoofing!

The whole point of changing the DNS is precisely to protect against DNS poisoning\spoofing. The better VPNs offer secure DNS.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
You don't have to worry about ARP unless you are connected to a LAN.

COMODO has a setting for ARP spoofing.

Research ARP cache poisoning or spoofing online. You might have to read multiple articles and piece it altogether.

I think Zonealarm firewall also has such a feature

How about if your laptop is connected to public WiFi? Thanks
 
  • Like
Reactions: SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
would you please share the names of a few vpn that you KNOW offer secure dns. I'm looking into 2 vpn and unclear how secure their dns is, at least at first look...
Private internet access, airvpn...

Basically they force their dns which is rooted through their servers. So it doesn't leak or use your isp or location dns.
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
5

509322

Thread author
would you please share the names of a few vpn that you KNOW offer secure dns. I'm looking into 2 vpn and unclear how secure their dns is, at least at first look...

I only recommend IVPN, but it is expensive

Search online for "That one privacy guy" and it will take you to a page where all major VPNs are reviewed

Find the Excel comparison spreadsheet
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top