How-to Guide Protect Yourself Against MITM Attacks

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
Apr 16, 2017
211
398
Operating System
Windows 7
#82
I only recommend IVPN, but it is expensive
Search online for "That one privacy guy" and it will take you to a page where all major VPNs are reviewed
Find the Excel comparison spreadsheet
I vaguely recall trying ivpn a few months ago, and there was some issue...(?) but don't recall what it was. (maybe I kept notes). I'm testing vyprvpn and bought just one month and it was $12.95 (IIRC) so if I keep doing that, it will add up big time. Protonvpn ($77/yr IIRC). I think I need the excel sheet. :D
PS vypr seems to have fast throughput here. (& proton has tor, surprisingly fast the other day)

EDIT: worked out the kinks on my end and I'm now very happy with ivpn. secure private and fast, with good support. protonvpn also runs aok with ivpn installed, of course not running them at the same time. I removed vyprvpn because it conflicted with ivpn.
 
Last edited:

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#83
I vaguely recall trying ivpn a few months ago, and there was some issue...(?) but don't recall what it was. (maybe I kept notes). I'm testing vyprvpn and bought just one month and it was $12.95 (IIRC) so if I keep doing that, it will add up big time. Protonvpn ($77/yr IIRC). I think I need the excel sheet. :D
PS vypr seems to have fast throughput here. (& proton has tor, surprisingly fast the other day)
IVPN client uses a firewall. I have had fewest problems with the IVPN client and servers.

Mullvad, I've had problems with the client. It was a pain. I tried their service twice and the client and support just never worked out. Some have no problems whatsoever. Go figure.

The VPNs that have clients that work without problems also seem to be the ones with most lax security or other issues.
 
Apr 16, 2017
211
398
Operating System
Windows 7
#84
IVPN client uses a firewall. I have had fewest problems with the IVPN client and servers.

Mullvad, I've had problems with the client. It was a pain. I tried their service twice and the client and support just never worked out. Some have no problems whatsoever. Go figure.

The VPNs that have clients that work without problems also seem to be the ones with most lax security or other issues.
Thanks, I found my ivpn notes from March_2017, installed but was using chrome it was not loading webpages, perhaps some conflict, never figured it out. I'll try it again, tonight or tomorrow, starting to get late (for me). Also just downloaded the mullvad client, it was not signed?? so not installed here until clarification. ivpn that one privacy place notes that Gibraltar is part of UK, so perhaps not best jurisdiction??
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#85
ivpn that one privacy place notes that Gibraltar is part of UK, so perhaps not best jurisdiction??
Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
 
Apr 16, 2017
211
398
Operating System
Windows 7
#86
Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
ok, see your point :)
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#87
For your intended purposes under your specific computing conditions, most any reputable VPN will work. Now if you have the need to be super-secret squirrel no matter what, then you have to get into the paranoid, super-paranoid, and ultra-paranoid guides posted by mirimir on the IVPN site. Those anonymity\privacy configurations look like full-time occupations to me.
 
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#88
Who in one of the 14 eyes nations is going to go through all the trouble to pester UK GCHQ or whatever government agencies to do whatever to get your whatever infos from a business in Gibraltar and whatever other international rigmarole is involved to get infos ?

I mean, are you hacking nation-states-agencies via VPN ? If no, then you have no worries.

While it is theoretically possible that the UK can just go to Gibraltar and seize IVPN's "stuff" there or force them to give up whatever data they might have - somebody please tell me how realistic that such a thing would ever happen. Not...
Pretty much the same reason I'm not concerned about using a VPN from a five eyes nation (Canada). I keep it permanently connected so I may be noticed by my slowly-turning-authoritarian government (UK) but I'm not doing anything that would justify them taking a closer look. That is until sometime in the near future when my government forces ISPs to introduce backdoors into their system for real-time monitoring and makes end-to-end encryption illegal.
The world we live in, right? :rolleyes:
 

Lockdown

From AppGuard
Developer
Oct 24, 2016
2,918
12,630
#89
Pretty much the same reason I'm not concerned about using a VPN from a five eyes nation (Canada). I keep it permanently connected so I may be noticed by my slowly-turning-authoritarian government (UK) but I'm not doing anything that would justify them taking a closer look. That is until sometime in the near future when my government forces ISPs to introduce backdoors into their system for real-time monitoring and makes end-to-end encryption illegal.
The world we live in, right? :rolleyes:
American and Canadian lawmakers think alike... I guess.
 
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#90
American and Canadian lawmakers think alike... I guess.
Maybe. Either way unless Canada introduces a data retention law directed at VPNs or the UK government makes the use of anonymizing software illegal for private citizens I probably shouldn't care. Full-time data encryption probably ain't a bad thing either.
 
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#92
Does VPN can help us in case MITM?
Yes and no. Using a VPN will shut down many of the places where a MiTM attack might happen, but not all of them. Specifically, it will protect your traffic between your device and the VPN gateway, preventing your ISP (or most governments) from performing a MiTM attack targeted toward you.

However, once your traffic passes from the VPN gateway to its eventual destination, it becomes vulnerable to a MiTM attack. With a VPN, your traffic is then semi-anonymized, so it is much much more difficult to target any attack toward any particular person, but an indescriminate attack against all users of a particular website is still very possible.
 
Nov 15, 2016
95
298
Operating System
Windows 10
Installed Antivirus
Default-Deny
#94
Does it mean that DNSCrypt is more safe than VPN?

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
 
Last edited:
Feb 10, 2017
953
2,986
Operating System
Windows 7
Installed Antivirus
Default-Deny
#95
Does it mean that DNSCrypt is safer than VPN?
No. With a VPN you'll be using the VPN providers' own DNS servers (hopefully) and all your network traffic - including your DNS requests - will be encrypted.

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
Assuming you don't keep a VPN connected 24/7 your best bet is to add HTTPS Everywhere to all your browsers and select a DNS provider that supports DNSCrypt and uses DNSSEC. This prevents snooping or manipulation of DNS data through encryption and authentication. I'd suggest using DNS provider with a no logging policy too.
When using a VPN, DNSCrypt become irrelevant as you'll be using your VPN providers' DNS servers. HTTPS Everywhere is still relevant as it encrypts the traffic from the VPN to its destination.
 
Last edited:

HarborFront

Level 36
Content Creator
Oct 9, 2016
2,542
6,437
#96
Does it mean that DNSCrypt is safer than VPN?

HTTPS Everywhere, Proxy, VPN, DNSCrypt

Which one is the best in case MITM?
In addition to what @Arequire suggested it is best to add NetCut Defender if you are a laptop user when using public WiFi networks and that's because

At home, you have to worry of MITM attacks at the router, switch and PC
In public, you have only your laptop to worry against MITM attack
 
Last edited:
Apr 16, 2017
703
6,924
Operating System
Windows 10
Installed Antivirus
Microsoft
#98
Does anyone use Comodo's Internet Security Essentials? My ISP doesn't allow changing DNS, will it work even then?
 
Last edited:
Jul 1, 2017
565
1,790
Operating System
Windows 10
Installed Antivirus
Emsisoft
If you have Windows DNS Client and its cache disabled, do you still have to worry about DNS cache poisoning?
 
Likes: rockstarrocks