Guide | How To Protect Yourself Against MITM Attacks

The associated guide may contain user-generated or external content.

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
I only recommend IVPN, but it is expensive
Search online for "That one privacy guy" and it will take you to a page where all major VPNs are reviewed
Find the Excel comparison spreadsheet

I vaguely recall trying ivpn a few months ago, and there was some issue...(?) but don't recall what it was. (maybe I kept notes). I'm testing vyprvpn and bought just one month and it was $12.95 (IIRC) so if I keep doing that, it will add up big time. Protonvpn ($77/yr IIRC). I think I need the excel sheet. :D
PS vypr seems to have fast throughput here. (& proton has tor, surprisingly fast the other day)

EDIT: worked out the kinks on my end and I'm now very happy with ivpn. secure private and fast, with good support. protonvpn also runs aok with ivpn installed, of course not running them at the same time. I removed vyprvpn because it conflicted with ivpn.
 
Last edited:
5

509322

Thread author
I vaguely recall trying ivpn a few months ago, and there was some issue...(?) but don't recall what it was. (maybe I kept notes). I'm testing vyprvpn and bought just one month and it was $12.95 (IIRC) so if I keep doing that, it will add up big time. Protonvpn ($77/yr IIRC). I think I need the excel sheet. :D
PS vypr seems to have fast throughput here. (& proton has tor, surprisingly fast the other day)

IVPN client uses a firewall. I have had fewest problems with the IVPN client and servers.

Mullvad, I've had problems with the client. It was a pain. I tried their service twice and the client and support just never worked out. Some have no problems whatsoever. Go figure.

The VPNs that have clients that work without problems also seem to be the ones with most lax security or other issues.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
IVPN client uses a firewall. I have had fewest problems with the IVPN client and servers.

Mullvad, I've had problems with the client. It was a pain. I tried their service twice and the client and support just never worked out. Some have no problems whatsoever. Go figure.

The VPNs that have clients that work without problems also seem to be the ones with most lax security or other issues.

Thanks, I found my ivpn notes from March_2017, installed but was using chrome it was not loading webpages, perhaps some conflict, never figured it out. I'll try it again, tonight or tomorrow, starting to get late (for me). Also just downloaded the mullvad client, it was not signed?? so not installed here until clarification. ivpn that one privacy place notes that Gibraltar is part of UK, so perhaps not best jurisdiction??
 
5

509322

Thread author
ivpn that one privacy place notes that Gibraltar is part of UK, so perhaps not best jurisdiction??

Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...

ok, see your point :)
 
5

509322

Thread author
ok, see your point :)

For your intended purposes under your specific computing conditions, most any reputable VPN will work. Now if you have the need to be super-secret squirrel no matter what, then you have to get into the paranoid, super-paranoid, and ultra-paranoid guides posted by mirimir on the IVPN site. Those anonymity\privacy configurations look like full-time occupations to me.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
Pretty much the same reason I'm not concerned about using a VPN from a five eyes nation (Canada). I keep it permanently connected so I may be noticed by my slowly-turning-authoritarian government (UK) but I'm not doing anything that would justify them taking a closer look. That is until sometime in the near future when my government forces ISPs to introduce backdoors into their system for real-time monitoring and makes end-to-end encryption illegal.
The world we live in, right? :rolleyes:
 
5

509322

Thread author
Pretty much the same reason I'm not concerned about using a VPN from a five eyes nation (Canada). I keep it permanently connected so I may be noticed by my slowly-turning-authoritarian government (UK) but I'm not doing anything that would justify them taking a closer look. That is until sometime in the near future when my government forces ISPs to introduce backdoors into their system for real-time monitoring and makes end-to-end encryption illegal.
The world we live in, right? :rolleyes:

American and Canadian lawmakers think alike... I guess.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
American and Canadian lawmakers think alike... I guess.
Maybe. Either way unless Canada introduces a data retention law directed at VPNs or the UK government makes the use of anonymizing software illegal for private citizens I probably shouldn't care. Full-time data encryption probably ain't a bad thing either.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Does VPN can help us in case MITM?
Yes and no. Using a VPN will shut down many of the places where a MiTM attack might happen, but not all of them. Specifically, it will protect your traffic between your device and the VPN gateway, preventing your ISP (or most governments) from performing a MiTM attack targeted toward you.

However, once your traffic passes from the VPN gateway to its eventual destination, it becomes vulnerable to a MiTM attack. With a VPN, your traffic is then semi-anonymized, so it is much much more difficult to target any attack toward any particular person, but an indescriminate attack against all users of a particular website is still very possible.
 

Maxwell Sien

Level 2
Verified
Nov 15, 2016
97
Does it mean that DNSCrypt is more safe than VPN?

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
 
Last edited:

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Does it mean that DNSCrypt is safer than VPN?
No. With a VPN you'll be using the VPN providers' own DNS servers (hopefully) and all your network traffic - including your DNS requests - will be encrypted.

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
Assuming you don't keep a VPN connected 24/7 your best bet is to add HTTPS Everywhere to all your browsers and select a DNS provider that supports DNSCrypt and uses DNSSEC. This prevents snooping or manipulation of DNS data through encryption and authentication. I'd suggest using DNS provider with a no logging policy too.
When using a VPN, DNSCrypt become irrelevant as you'll be using your VPN providers' DNS servers. HTTPS Everywhere is still relevant as it encrypts the traffic from the VPN to its destination.
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Does it mean that DNSCrypt is safer than VPN?

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
In addition to what @Arequire suggested it is best to add NetCut Defender if you are a laptop user when using public WiFi networks and that's because

At home, you have to worry of MITM attacks at the router, switch and PC
In public, you have only your laptop to worry against MITM attack
 
Last edited:

brambedkar59

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,124
Does anyone use Comodo's Internet Security Essentials? My ISP doesn't allow changing DNS, will it work even then?
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top