Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread
Standard User cerberus2
(newbie) Sun 24-Feb-13 20:15:52
Print Post

Wire tap?


[link to this post]
 
Is a wire tap something the consumer needs to worry about, or purely a myth? (If the former which would be the best ISP?)
Standard User Deadbeat
(knowledge is power) Sun 24-Feb-13 20:42:59
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
This is what you require.
Standard User techguy
(committed) Sun 24-Feb-13 20:49:47
Print Post

Re: Wire tap?


[re: Deadbeat] [link to this post]
 
If you really are worried the CIA might care about what you are ordering from your preferred supermarket then TOR (The Onion Router) is probably the best idea

Either that or the tin foil hat already suggested.

Virgin (ADSL) => Namesco => Newnet => O2 => Plusnet => Zen => Newnet => Zen => Freeola => Vivaciti (using O2 Wholesale DSL) => Xilo (C&W Wholesale) => Xilo (O2 Wholesale)
Note: I don't lay turf for anyone. astro or otherwise, all views and opinions expressed are my own based on experience.


Register (or login) on our website and you will not see this ad.

Standard User cerberus2
(newbie) Sun 24-Feb-13 21:26:29
Print Post

Re: Wire tap?


[re: techguy] [link to this post]
 
I'm a Tor refugee (you don't meet many of those do you wink unusual screen res. - exit nodes always get me - and those rogue nodes are currently running at 50% from what I hear[1]).

No, I am not worried about the CIA, MI5, etc., I'm a bog standard domestic Internet user. It's the neighbourhood thief I am worried about.

Can I have a sensible reply please guys.

-----

[1] Though having said that LPS http://www.spi.dod.mil/lipose.htm forces the screen res. to SVGA no matter what your screen actually is - the dist. from what I can gather was only ever intended for US air force staff to do their online banking etc., it would be OK for that.
Standard User kitcat
(member) Sun 24-Feb-13 21:43:32
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
I have never heard of a neighbourhood thief tapping an ordinary users fixed line in this country.

You would need to climb the pole or open a cab up and get the right pair which would need inside knowledge. Much easier to watch when you go out then pretend to clean the windows and break in.

Mobiles are much easier to tap, a la N.O.W.

I can vaguely remember a BT engineer getting sacked for listening to converstations years ago, now they get sacked for metal theft.

Most of the things they would be interested in via BB should be over HTTPS and encrypted, it appears much easier to steal these remotely by spam, trojans, keyloggers and staright forward naivety and much less risky than doing anything in the neighbourhood.

There is a small risk if your router is not secured of picking things up via wireless, but with all the usual security active your risk is below that you need to worry about.
Standard User camieabz
(sensei) Sun 24-Feb-13 21:50:50
Print Post

Re: Wire tap?


[re: Deadbeat] [link to this post]
 
Dagnabbit! I have a cracked lip and that post made it worse. laugh

~ Camieabz ~

All Connection Data ~ Some plusnet links

mod'er·a'tion n.
Synonyms: temperance, restraint, modesty.
Standard User XRaySpeX
(eat-sleep-adslguide) Sun 24-Feb-13 21:57:43
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Tor?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User Deadbeat
(knowledge is power) Sun 24-Feb-13 21:58:16
Print Post

Re: Wire tap?


[re: camieabz] [link to this post]
 
Glad to be of (lip?) service. wink
Standard User cerberus2
(newbie) Sun 24-Feb-13 22:18:32
Print Post

Re: Wire tap?


[re: kitcat] [link to this post]
 
You're right I think in that a thief will much prefer to hack a computer by getting direct access to the keyboard (my experience would back that up).

I wouldn't though underestimate the skill of local crime (especially in urban areas). (Not sure what N.O.W. is - googling returns every page with the word now in it - would be interested to know more - I've contemplated a mobile data package I must admit because they are getting less expensive and I assumed it might be more secure.)

Someone on twitter suggested that every website should be HTTPS (which would prevent code injection), however as another twitterer pointed out this still leaves the destination IP of a packet in clear text. I would prefer it myself if it wasn't even possible to know whether I was surfing the web at a particular time or not (and the only way to do that at present is to random surf when not using the computer). There is the issue of anonymity as well, It really would be preferable if I had the choice of letting a website have geographic data for myself.

Wireless should be OK, and I do use an encrypted VPN - but even with the VPN you have to be able to make sure that not even so much as a single unencrypted DNS request goes out before making the connection to the gateway (people do not usually use DNSCrypt servers), or your connection is tainted. A firewall can be pretty tight at that point also. The problem is though that, a) domestic computers are not set up for this at all (although they can be set up this secure - it takes a corporate IT dept. to configure a computer in this way, and most people are not going to be able to afford the MS certified engineers, etc.!), and b) even if the latter is in place, then can not the broadband connection be broken, slowed down, stopped and started? The IP of the VPN server will be known to the hackers also (not ideal).

I think possibly maybe then I am looking for statistics on crime related to cable cabs (or poles - my cable goes straight into a flower bed, etc.). Now I seem to remember an instance of this reported in the local news in the not too distant past - does that then mean then that the domestic user does need to consider a wire tap as a possible reality and not a myth? In which case should not ISPs make known their procedures for the eventuality?
Standard User Ignitionnet
(knowledge is power) Sun 24-Feb-13 22:31:05
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
Is a wire tap something the consumer needs to worry about, or purely a myth? (If the former which would be the best ISP?)


Unless you're a jihadist or paedophile there's probably nothing to worry about, and no ISP is immune.
Standard User cerberus2
(newbie) Sun 24-Feb-13 22:33:43
Print Post

Re: Wire tap?


[re: XRaySpeX] [link to this post]
 
Tor is an anonymizing network - connect to it and there is no way for a web server serving a webpage that your are viewing to know what your IP address is (as they usually do). It can also be used to bypass ISPs that may be blocking websites (typically in countries that heavily censor the web) by enabling a computer to connect to the website via a server that is outside of the censored zone but not itself censored. Tor networks are also very heavily encrypted - though note it is not possible to encrypt the entire connection between your computer and a webpage unless it is a HTTPS connection - it is I think better to use a normal encrypted VPN than a Tor network if encryption is your priority.

There is a link to a page on the Tor network on this page.
Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 22:36:06
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Why would your joe moron neighbour bother to wire tap your connection?

You don't need to worry about this, you would be wiser investing your resources into measures to prevent your ISP and the government (hence any sort of cloud services and stuff stored on the internet) from snooping on your data, because first of all that is a real risk, and by doing that you would also address your concerns of your neighbors using a wire tap.

Check out "VyprVPN" (google it) and go from there (alternatives, similiar services et) - this is a good starting point for something which you might be interested in.

Zen 8000 Pro

Edited by Pipexer (Sun 24-Feb-13 22:37:49)

Standard User cerberus2
(newbie) Sun 24-Feb-13 22:38:14
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
If we can get the prejudice out of the way, I'm neither a "jihadist or paedophile" - I think that essentially the higher the value a crime target you are then the more likely local area thieves will put time and resources otherwise into the exercise. Please have some respect for high value crime targets :|
Standard User XRaySpeX
(eat-sleep-adslguide) Sun 24-Feb-13 22:43:45
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Sounds dishonest to me and rather paranoid!

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User Ignitionnet
(knowledge is power) Sun 24-Feb-13 22:46:43
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
If we can get the prejudice out of the way, I'm neither a "jihadist or paedophile" - I think that essentially the higher the value a crime target you are then the more likely local area thieves will put time and resources otherwise into the exercise. Please have some respect for high value crime targets :|


*Snigger* I'm stuck between wanting to be amused by the comment on prejudice and the last couple of sentences.

You, sir, are a genius, and I hope the local area thieves do not put time and resources into you!

Edited by Ignitionnet (Sun 24-Feb-13 22:47:56)

Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 22:48:46
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
In reply to a post by Ignitionnet:
*Snigger* I'm stuck between wanting to be amused by the comment on prejudice and the last couple of paragraphs.

You, sir, are a genius, and I hope the local area thieves do not put time and resources into you!

You are slightly out of order, and while you probably meant it in jest, you should have not brought the pedophile nonsense into it.

People have a right to protect their privacy, just because they want to protect their privacy and anonymity, does not mean they are dodgy or up to illegal activities.

Zen 8000 Pro
Standard User cerberus2
(newbie) Sun 24-Feb-13 22:52:35
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
Pipexer, privateinternetaccess is better - but you have to know what you are doing (it doesn't do the job properly out of the box - ref previous post on VPNs).
Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 22:53:51
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
If you are using such a service then all that someone wire tapping in your village would see is traffic between your PC and the VPN endpoint, which is encrypted.. in which case, very little to worry about.

Zen 8000 Pro
Standard User cerberus2
(newbie) Sun 24-Feb-13 23:05:23
Print Post

Re: Wire tap?


[re: XRaySpeX] [link to this post]
 
XRaySpeX - the cops can look at my Internet connection if they want, but legally. And yes I am paranoid, as this book intended for computer systems administrators puts it:

'Paranoia Is Common Sense ... In general, cries of "paranoia" are really just a sign that you are performing your job well. After all it is your job to be at least one level more paranoid than ... crackers [hackers] hope you will be.'

The point I think is to be paranoid enough to know what thieves are going to contemplate next, and you will be OK.
Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 23:11:09
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
I would question why the cops need to look at your internet connection?

Any organized crime which is.. err... organized, would use encryption so the cops can look at it all day long - they won't be able to make any sense of it.

I really don't know enough about the matter as I should but I don't think the cops can legally just look at your connection traffic without a solid reason.

Nobody has any right to snoop on what I use my internet connection for or treat me as a criminal, if they have suspicion I am up to something no good then fair enough, but spying on everyone assuming them to be criminals is wrong.

I think regardless of whether you are a small business or personal user, or an enterprise, wire tapping is not, really, in itself something to be concerned about, as things should be encrypted in the first place which would do away with the wire tapping risk.

Zen 8000 Pro
Standard User cerberus2
(newbie) Sun 24-Feb-13 23:18:47
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
Pipexer, it's the "very little to worry about" that is my problem, namely quoting a previous post: "the broadband connection [could still] be broken, slowed down, stopped and started". And as mentioned also a wire tap could see the VPN gateway being connected to (this is it looks like causing me problems). Also I'd kind of prefer if a hacker could not see my surfing fingerprint (temporally), which would be trivial with a wire tap.

One final not entirely insignificant issue also, I'm suggesting encrypted VPN packages do not work fully out of the box - subscribers are being lulled into a false sense of security (unaware of the work it takes to set them up fully properly). You may say that not many people need that level of peace of mind, but the information should still be provided.
Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 23:24:49
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
But I don't get what the issue is if they could see the VPN gateway being connected to? The authentication process would have been encrypted, so all they can see is "oh look cerberus2 has connected to his private VPN service, but I can't see his username or password", and from that point it would be "he is doing something on the internet, but that is all I know".

The next level above that is getting a fiber optic line installed - this cannot be tapped easily. But if someone was determined, they could break into the exchange and tap it more easily there.

I don't see how someone seeing you are doing something with the internet would be a risk.... Unless (and I must state: I am not implying you are doing this) you was doing something dodgy and someone had tracked your approximate location, and you wanted to ensure they could not detect you was using the internet, in which case you are stuffed. In this instance you should have ensured that your location was never given away in the first place.

The problem is consumers are to blame for this invasion of privacy int he first place, they would rather have convenience at the expense of having their privacy invaded, half of them go and air all their dirty laundry on Facebook anyway. Anyone concerned about privacy ought to be savvy enough to know how to use these encryption utilities and services like Tor etc.

Zen 8000 Pro

Edited by Pipexer (Sun 24-Feb-13 23:26:17)

Standard User cerberus2
(newbie) Sun 24-Feb-13 23:28:06
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
I would question why the cops need to look at your internet connection?


I actually don't personally even want police to look at my Internet connection legally - police corruption is by no means unknown - a bit too much to be comfortable to be honest in may own nic of the woods. But at the same time bona fide police do need to be able to do their job.
Administrator MrSaffron
(staff) Sun 24-Feb-13 23:32:16
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
How do you know the people running the Tor node, or the VPN system, or the operating system are not looking closely at what you are doing.

If you are a high value target for the local thieves, then I would suggest retaining a full time computer security expert to advise you.

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Pipexer
(eat-sleep-adslguide) Sun 24-Feb-13 23:33:50
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Check out RevKs blog, he makes some very good points about it all, which I have to say almost always agree with: http://revk.www.me.uk/

(He is the MD of AAISP)

Back on to your wire tapping question though why are you concerned about someone being able to see if you are using a VPN connection? You clearly know a fair bit about this but I am failing to understand your particular reasons for worrying about this. You have probably compromised your privacy more by posting on this forum than the risk of someone wire tapping your connection.

Zen 8000 Pro
Standard User cerberus2
(newbie) Sun 24-Feb-13 23:57:55
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
Anyone concerned about privacy ought to be savvy enough to know how to use these encryption utilities and services like Tor etc.


There I very much disagree!

By the way thanks for the tip on fibre - Virgin Media are upgrading fibre cables in my area in the next few months - I shall look into it.

The issue with the IP of the VPN gateway being in clear text (servers have to know where a packet is going) - I found when I connected to an overseas gateway my broadband speed was being throttled down to about a quarter, yet when I connected to a national gateway, it was back to 100%. Applying some deduction, and I think I have a MITM problem. So I ring Virgin, "is this wire tap business a myth or does it really happen, and if so what do I do about it" (even just answering the former would help to rule a few possibilities out) - and they don't give me an 'effing reply. So I am here on message boards asking from the ground up what the reality of wire taps of domestic broadband is, and what we can expect regarding this from our ISPs. If hackers could theoretically break into an exchange (corrupted staff, etc. - a reality once you have been around a while) then if a user reports issues I would expect an ISP to provide a coherent response (I think my problem though is probably the first few dozen metres of cable).
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:04:07
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
OK, if you already know this apologies for stating the obvious, but when you say "wire tapping", we take this as tapping the wire (physically, or maliciously without your knowledge), if something is monitoring the connection inline and is "intentional", this is not wire tapping, as it is actually its own part in the connection. You may be getting confused and possibly jumped to a conclusion.

What you experienced there is traffic management, the wire is not being tapped, it is a box inline at your ISP which is monitoring the traffic and applying a QoS depending on the type. If the traffic is not recognized, then it will be throttled, the algorithms are complicated and customized by each ISP so its always difficult to ascertain why one type of traffic is prioritized different to the next.

You won't have got a reply because their 1st line support representatives wont have a clue about traffic management or much else for that matter.

Use an ISP which does not do traffic management, and this will not be an issue.* (Who better than AAISP, who are mad keen on privacy)

*For the pedantic: I am aware the ISP peering etc could cause this, but not likely to affect a broadband connection speed, and if so, then a good reason to move ISP anyway.

Zen 8000 Pro

Edited by Pipexer (Mon 25-Feb-13 00:18:02)

Standard User Ignitionnet
(knowledge is power) Mon 25-Feb-13 00:07:36
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
In reply to a post by Ignitionnet:
*Snigger* I'm stuck between wanting to be amused by the comment on prejudice and the last couple of paragraphs.

You, sir, are a genius, and I hope the local area thieves do not put time and resources into you!

You are slightly out of order, and while you probably meant it in jest, you should have not brought the pedophile nonsense into it.

People have a right to protect their privacy, just because they want to protect their privacy and anonymity, does not mean they are dodgy or up to illegal activities.


Sense of humour transplants are through door number 4.

If your nerdiness precludes humour the 2 most common reasons for the government to wiretap are terrorism or paedophilia, hence reference to them both.

*Sigh*
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:13:17
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
That's what they tell you, that is just to get paranoid parents etc on board - who should know better.

Zen 8000 Pro
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:14:47
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
Btw, I can totally take the joke, but once you get into the territory of joking about those 2 matters you inevitably wind someone up. It is just best to not go there.

Zen 8000 Pro
Standard User Ignitionnet
(knowledge is power) Mon 25-Feb-13 00:17:57
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
Btw, I can totally take the joke, but once you get into the territory of joking about those 2 matters you inevitably wind someone up. It is just best to not go there.


While someone has every right to be offended I also have every right to free speech within the realms of this forum. Part of being grown up is dealing with things that may offend you and while it's wrong to set out to offend it's equally wrong to self-censor for fear of offending.

I stand by what I said both as being factually appropriate and having a bit of a rib behind it.
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:23:40
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
Well it's not factually correct is it? I have the right to worry about having my privacy invaded, and I do worry about having my privacy invaded, and I am not a pedophile or terrorist.

Zen 8000 Pro
Standard User camieabz
(sensei) Mon 25-Feb-13 00:28:33
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
In reply to a post by Ignitionnet:
Part of being grown up is dealing with things that may offend you and while it's wrong to set out to offend it's equally wrong to self-censor for fear of offending.


I agree, but the modern nanny state does not, and mud sticks so offhand comments of such a nature are (imo) best left unsaid. Would you say it to a stranger in a pub?

I wouldn't.

~ Camieabz ~

All Connection Data ~ Some plusnet links

mod'er·a'tion n.
Synonyms: temperance, restraint, modesty.
Standard User cerberus2
(newbie) Mon 25-Feb-13 00:29:27
Print Post

Re: Wire tap?


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
How do you know the people running the Tor node, or the VPN system, or the operating system are not looking closely at what you are doing.


Tor I do not use for that reason, VPNs and OS software I at least initially trust (I'm not a Windows user, and tend to start off at the most secure basepoint feasible - *BSDs - I'm not a network engineer, more business applications software, but with a modicom of networking thrown in) - it would help though if I could get something in black and white out of an ISP on the subject to be able judge the situation properly - am I looking at the possibility of a wire tap here or not? If so what can be done?

In reply to a post by MrSaffron:
If you are a high value target for the local thieves, then I would suggest retaining a full time computer security expert to advise you.


OK, but an ISP has to say exactly what security issues it is fit to deal with 'out-of-the-box', and what it is not.
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:30:28
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
am I looking at the possibility of a wire tap here or not? If so what can be done?

See my reply smile

Zen 8000 Pro
Standard User GeeTee
(committed) Mon 25-Feb-13 00:36:43
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Yes devices exist to transparently tap ADSL signals on the copper wire anywhere between your modem/router and the DSLAM in the exchange.

Just one example: http://www.etesters.com/listing/e814a379-1422-08df-a...

There are several others - wikileaks has some "liberated" documents on similar devices offered by other manufacturers that aren't publically advertised.

They are designed to be transparent when in use so you would see no indication of them being active on your circuit.

Just out of interest, who do you think your adversaries are in this scenario? (crooks, police, shadowy UK spooks, shadowy overseas spooks, some other nefarious religious or neo-political operation?)

This always gives me a chuckle: http://xkcd.com/538/
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 00:38:15
Print Post

Re: Wire tap?


[re: GeeTee] [link to this post]
 
In this case I think (respectfully) cerberus2 has confused ISP traffic shaping with a wire tap... two totally different matters really.

Interesting links smile

Zen 8000 Pro
Standard User GeeTee
(committed) Mon 25-Feb-13 00:49:21
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
Quite possibly. It's no surprise that a VPN connection to an overseas VPN endpoint is somewhat slower than direct internet access via their domestic ISP.

I got a little lost in all the talk of being a high profile target for criminals. law enforcement and spooks etc. Hence my question about who cerberus2 thinks the adversary is.

End of the day, if cerberus2 has something of enough value (financial / knowledge / influence) and the adversary has the resources and will - well cerberus2 is going to be awoken at gun point one night and made to hand whatever it is over.

On the other hand the concern may be about being monitored over time.

Very different problems that would require very different solutions (or in many cases attempted mitigation).

edit because: GCHQ probes modified my post as I submitted it causing several words to be omitted. smile

Edited by GeeTee (Mon 25-Feb-13 01:02:10)

Standard User cerberus2
(newbie) Mon 25-Feb-13 01:10:11
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
confused ISP traffic shaping with a wire tap


I'd sort of ruled out ISP issues by observing that the problem was intermittent - not consistent - not likely to be an ISP policy.

AAISP looks good, not cheap though (but not too expensive).

In reply to a post by GeeTee:
Just out of interest, who do you think your adversaries are in this scenario?


If I were to hazard a guess (and it is no more than that) a skilled local crime gang. I'm not getting any data injection problems at the moment which is the main issue (accept the odd rogue webpage!).
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 01:19:31
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Bandwidth shaping is never consistent, the algorithms are too complex to ascertain (but I have to say I am pretty good at identifying it).... it will be your ISP. I am 99.9% certain it lies with your ISP traffic shaping or their peering being over capacity.

I would strongly recommend AAISP, their culture on privacy fits right in with what you seem to want from your connection. Give them a call and discuss your concerns with them - I'm sure they will be happy to advise. I'd thoroughly recommend reading revk's blog, especially on "black boxes"

Odd rogue webpage - tell us more. There will be a logical explanation to this.

Zen 8000 Pro
Standard User GeeTee
(committed) Mon 25-Feb-13 01:22:09
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Are you getting these 'rogue' pages when accessing the internet via your VPN service? Or just when not vpn'd?

And what kind of VPN is it? (one that is supplied as a VPN service or a VPS / Dedicated box that you configured the VPN jump through on?)

Also could you explain what you mean by "rogue" pages - i.e what you expected and what you actually got? (Understandable if you didn't want to go into much detail on that one!)
Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 01:24:39
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
By the way, if you want to get more of an overall introduction into security matters, check out CompTIA Security+. It is only the basics, but a good starting point. (and you get a certification if you tale the exam)

Zen 8000 Pro
Standard User XRaySpeX
(eat-sleep-adslguide) Mon 25-Feb-13 03:09:07
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
as this book intended for computer systems administrators puts it:

'Paranoia Is Common Sense ...
But you said you were just a domestic consumer

This whole thread reeks of paranoia of seeing in normal events some ulterior rogue cause.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User gomezz
(eat-sleep-adslguide) Mon 25-Feb-13 08:51:43
Print Post

Re: Wire tap?


[re: XRaySpeX] [link to this post]
 
What you call paranoia others would call a sensible application of the precautionary principle.

O2 Standard (8Mbps LLU)
Standard User cerberus2
(newbie) Mon 25-Feb-13 09:40:45
Print Post

Re: Wire tap?


[re: XRaySpeX] [link to this post]
 
Thanks for the forum's time smile I don't think people are going to be installing cabinet to home fibre in the the near future but there are other options and there will be more in the future no doubt. Rhetorical question but could ISPs develop software that could confirm when a line is has been tapped or subject to a MITM attack otherwise (Tor is frequently subject to this kind of inspection).

Thank's again for the forum's time - I have a better idea of the situation and should be able to make some progress if not at least hold some ground.
Administrator MrSaffron
(staff) Mon 25-Feb-13 11:44:27
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Cable uses encryption over the shared segments already.

ADSL is sufficiently complex and would fail to work if another ADSL modem was tapped physically onto the line, same for VDSL.

In theory with the the RF services a clamp could grab the data, but again it needs to deciphered from the algorithms.

We are in the realms of the security services (not police who would request wire tap at ISP) and foreign powers.

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Administrator MrSaffron
(staff) Mon 25-Feb-13 11:49:54
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Data injection to produce a rogue web page from a wire tap would be pretty special particularly carried at by local thieves.

Rogue pages sounds like someone using security speak to talk about the annoying pop-up/under advertising that exists on the web.

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Ignitionnet
(knowledge is power) Mon 25-Feb-13 12:11:53
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
The issue with the IP of the VPN gateway being in clear text (servers have to know where a packet is going) - I found when I connected to an overseas gateway my broadband speed was being throttled down to about a quarter, yet when I connected to a national gateway, it was back to 100%. Applying some deduction, and I think I have a MITM problem.


Applying some deduction it's far more likely that there was a congested link in between you and the VPN end point or you were seeing the effects of latency.

These are the exact same reasons why a speed test to London or Amsterdam should be pretty good, while one to the Far East or Australasia not so much.

Seems far more likely than a local gang wiretapping you.
Standard User Ignitionnet
(knowledge is power) Mon 25-Feb-13 12:15:55
Print Post

Re: Wire tap?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
Well it's not factually correct is it? I have the right to worry about having my privacy invaded, and I do worry about having my privacy invaded, and I am not a pedophile or terrorist.


Then it's just as well I didn't say or imply that, isn't it?

I said that unless fitting one of those descriptions there's probably nothing to worry about, which is perfectly accurate.
Standard User Ignitionnet
(knowledge is power) Mon 25-Feb-13 12:37:56
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
In reply to a post by cerberus2:
If we can get the prejudice out of the way, I'm neither a "jihadist or paedophile" - I think that essentially the higher the value a crime target you are then the more likely local area thieves will put time and resources otherwise into the exercise. Please have some respect for high value crime targets :|


OK, apologies, after reading the rest of the thread I can see that you were actually serious.

You aren't being wire tapped. It would be far more practical to either compromise your PC directly and install a keylogger, thus obtaining credentials in the clear, or compromise the PC physically.

If you were being wiretapped there is no way for you to hide that you are using the internet or not short of flooding your line with spurious traffic all the time, however I'm not sure what hiding whether you are using the internet or not would accomplish.

If you are still determined that you're the recipient of an MITM attack I'd recommend a Faraday cage, as if tapping your broadband is an option so is this.

Also be aware that your electricity supply is also a source of compromising emanations and you'll need to attend to that too, as well as soundproofing everything.

So you'll need to be jamming your broadband line with spurious traffic, attenuating or flooding the RF spectrum around your workstation and flooding your electricity supply with noise or again attenuating frequencies as a start.

If you really are such a high value target you shouldn't be working at home, but from a secure office location, or at very least if you must work from home work via a dedicated optical link to the Internet, meaning electrical tapping isn't possible, using TEMPEST certified hardware throughout.

Ensure you are behind a stateful firewall and never access the public Internet via your work computer. Ensure that it is on a completely different home and broadband network from anything you browse the internet with and never mix the two.

If you use a VPN to connect to work ensure that everything on the secure machine routes via the VPN, you can do this via static routing of everything through the VPN with a lower metric than the default route.

It's really all about how high value this is to you. A very high level of security costs.
Standard User clyde123
(learned) Mon 25-Feb-13 22:35:44
Print Post

Re: Wire tap?


[re: Ignitionnet] [link to this post]
 
What an amazing thread ! Never seen anything like this before.
I wouldn't think any criminal lot would get involved with anything like what's being suggested here - you'd need a heist like breaking into the Bank of England to make it worthwhile.
The only people remotely with the capacity to do this sort of stuff are the security services.
This has been more fun than watching reruns of Star Trek smile
Standard User XRaySpeX
(eat-sleep-adslguide) Mon 25-Feb-13 23:02:23
Print Post

Re: Wire tap?


[re: clyde123] [link to this post]
 
Yes, it's a laugh, isn't it?

It would seem to be the case of someone willing the entire world to fit into his so-called field of expertise, namely in this case security of his identity and activities.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC

Edited by XRaySpeX (Mon 25-Feb-13 23:15:15)

Standard User Pipexer
(eat-sleep-adslguide) Mon 25-Feb-13 23:25:19
Print Post

Re: Wire tap?


[re: clyde123] [link to this post]
 
What you say is true, the effort and expertise required to wire tap etc etc would only be worth putting in for a very large enterprise worth millions. A small to medium business, even a large business, this is not worth the effort - and there are less expensive (expensive as in time, effort etc) ways of hacking in even then.

Zen 8000 Pro
Standard User sjs87
(newbie) Thu 05-Mar-15 08:53:59
Print Post

Re: Wire tap?


[re: cerberus2] [link to this post]
 
Last night I was the victim of a Man-In-The-Middle (MITM) attack by what appears to be the UK Government.

I first noticed that Netflix was acting strange, like when your Sky satellite box is having signal problems. After I finished watching my program on Netflix I was having difficulty loading web pages and found that internet was incredibly slow, even though I have an 80Mbps\20Mbps connection.

whatsmyip.org revealed that I was using a 'UK Government Department for Works and Pensions' IP address, 51.96.x.x

I work for an Internet Service Provider and was in the process of performing out of hours maintenance when I discovered my connection was being hijacked. Is this legal?
Standard User Malwaremike
(committed) Thu 05-Mar-15 11:09:07
Print Post

Re: Wire tap?


[re: clyde123] [link to this post]
 
In reply to a post by clyde123:
What an amazing thread ! ... This has been more fun than watching reruns of Star Trek smile

We used to have discussions like this on TBB before we filled the forum with speculation on when fibre would reach our cabinets, if we are getting cabinets at all etc.

I am considering a scenario in which a leading computer security company supplying millions of users becomes compromised in some way. Even vast companies in (let's say) the oil industry, in (let's say) Russia have been leant upon.

Couldn't happen, could it?
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread

Jump to