Are you getting these 'rogue' pages when accessing the internet via your VPN service? Or just when not vpn'd?

And what kind of VPN is it? (one that is supplied as a VPN service or a VPS / Dedicated box that you configured the VPN jump through on?)

Also could you explain what you mean by "rogue" pages - i.e what you expected and what you actually got? (Understandable if you didn't want to go into much detail on that one!)

By the way, if you want to get more of an overall introduction into security matters, check out CompTIA Security+. It is only the basics, but a good starting point. (and you get a certification if you tale the exam)

In reply to a post by cerberus2:

as this book intended for computer systems administrators puts it:

'Paranoia Is Common Sense ...

But you said you were just a domestic consumer

This whole thread reeks of paranoia of seeing in normal events some ulterior rogue cause.

What you call paranoia others would call a sensible application of the precautionary principle.

Thanks for the forum's time I don't think people are going to be installing cabinet to home fibre in the the near future but there are other options and there will be more in the future no doubt. Rhetorical question but could ISPs develop software that could confirm when a line is has been tapped or subject to a MITM attack otherwise (Tor is frequently subject to this kind of inspection).

Thank's again for the forum's time - I have a better idea of the situation and should be able to make some progress if not at least hold some ground.

Cable uses encryption over the shared segments already.

ADSL is sufficiently complex and would fail to work if another ADSL modem was tapped physically onto the line, same for VDSL.

In theory with the the RF services a clamp could grab the data, but again it needs to deciphered from the algorithms.

We are in the realms of the security services (not police who would request wire tap at ISP) and foreign powers.

Data injection to produce a rogue web page from a wire tap would be pretty special particularly carried at by local thieves.

Rogue pages sounds like someone using security speak to talk about the annoying pop-up/under advertising that exists on the web.

In reply to a post by cerberus2:

The issue with the IP of the VPN gateway being in clear text (servers have to know where a packet is going) - I found when I connected to an overseas gateway my broadband speed was being throttled down to about a quarter, yet when I connected to a national gateway, it was back to 100%. Applying some deduction, and I think I have a MITM problem.

Applying some deduction it's far more likely that there was a congested link in between you and the VPN end point or you were seeing the effects of latency.

These are the exact same reasons why a speed test to London or Amsterdam should be pretty good, while one to the Far East or Australasia not so much.

Seems far more likely than a local gang wiretapping you.

In reply to a post by Pipexer:

Well it's not factually correct is it? I have the right to worry about having my privacy invaded, and I do worry about having my privacy invaded, and I am not a pedophile or terrorist.

Then it's just as well I didn't say or imply that, isn't it?

I said that unless fitting one of those descriptions there's probably nothing to worry about, which is perfectly accurate.

In reply to a post by cerberus2:

If we can get the prejudice out of the way, I'm neither a "jihadist or paedophile" - I think that essentially the higher the value a crime target you are then the more likely local area thieves will put time and resources otherwise into the exercise. Please have some respect for high value crime targets :|

OK, apologies, after reading the rest of the thread I can see that you were actually serious.

You aren't being wire tapped. It would be far more practical to either compromise your PC directly and install a keylogger, thus obtaining credentials in the clear, or compromise the PC physically.

If you were being wiretapped there is no way for you to hide that you are using the internet or not short of flooding your line with spurious traffic all the time, however I'm not sure what hiding whether you are using the internet or not would accomplish.

If you are still determined that you're the recipient of an MITM attack I'd recommend a Faraday cage, as if tapping your broadband is an option so is this.

Also be aware that your electricity supply is also a source of compromising emanations and you'll need to attend to that too, as well as soundproofing everything.

So you'll need to be jamming your broadband line with spurious traffic, attenuating or flooding the RF spectrum around your workstation and flooding your electricity supply with noise or again attenuating frequencies as a start.

If you really are such a high value target you shouldn't be working at home, but from a secure office location, or at very least if you must work from home work via a dedicated optical link to the Internet, meaning electrical tapping isn't possible, using TEMPEST certified hardware throughout.

Ensure you are behind a stateful firewall and never access the public Internet via your work computer. Ensure that it is on a completely different home and broadband network from anything you browse the internet with and never mix the two.

If you use a VPN to connect to work ensure that everything on the secure machine routes via the VPN, you can do this via static routing of everything through the VPN with a lower metric than the default route.

It's really all about how high value this is to you. A very high level of security costs.