After Route delete command, the route added itself back?? => *privacy breach*

Discussion in 'privacy technology' started by illumins, Apr 4, 2011.

Thread Status:
Not open for further replies.
  1. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Okay, as you all know using a simple "Route Delete" Command can protect your real ip address from leaking if your VPN connection drops (OpenVPN).

    My internet service was not working and then it started to work again. However, when looking at my routing table I noticed that the route I deleted came back! (Which meant that my real ip address would have leaked if I didn't notice.)

    Does anyone know how to permanently delete a route so it can't come back?
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    You have to shut off DHCP after deleting a route (switch your method from dhcp to static addressing), otherwise the service will send all the routing updates again.
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If someone is going to be doing local security attacks, they will have no problem spoofing mac addresses from the arp domain. fyi but not related.
     
  4. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Hi Steve, E483FFF6

    Thank you for your help! I am new to this (DHCP vs static, etc etc.), so please let me know if I am doing this correctly: (Changing DHCP to static address // permanently deleting a route)

    I think I have found the instructions how to do this here: (Under obsolete methods: Manual Method) (https://forum.perfect-privacy.com/showthread.php?t=702)

    Install NetSetMan (Screenshots are attached)
    1. Tab #1: Choose Profile> Get current settings. (IP/DNS addresses should appear)
    Tick "IP" and "DNS Server" and select "Use the following IP address" and "Use the following
    DNS Server addresses" (Leave the addresses untouched)
    2. Tab #2: Tick only 'Use the following DNS Server addresses'. 'Preferred' and 'Alternate'
    should be blank.
    3. Tab #3: Tick only 'IP' and 'DNS Server'. Select 'Obtain an IP address automatically' and
    'Obtain an DNS address automatically'

    Here is what I do to secure my VPN (DNS leaks + connection dropping leaks)
    1) Before connecting VPN, open Netsetman, select the first Tab and click 'Activate'
    2) Immediately after establishing a VPN connection, select the second Tab then Activate.
    + Route delete command
    3) After disconnecting VPN select third tab and Activate.

    Is this the correct way to prevent routes from being re-added? (Static IP address usage vs dhcp)


    (Notes: I am using Win XP SP2 + I am behind a router + "DHCP Client" Service is on since if i turn it off, all network connections become d/c)
     

    Attached Files:

  5. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Does anyone know??

    I am trying to learn this myself, and I believe that by activating first tab (NetSetMan) before connecting to the VPN, I am using a static IP address. (Since "obtain an ip address automaticaly" is no longer ticked on my real NIC)

    Given that "DHCP client" service is still running, does assigning a static IP address to my real NIC prevent the route from being added back?

    And if not how would I correctly convert from DHCP to static (to prevent routes from being added back), as Steve suggested?

    Would appreciate some help, thank you.
     
  6. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Yes I have seen these instructions before. So basically those instructions would prevent a deleted route from being added back? (So there would be a ZERO chance leak from a VPN connection drop)

    But I also believe I am doing the same thing using a different method (With NetSetMan) but I am not sure. Would the NetSetMan method (assigning a static ip address to my real NIC) also prevent a deleted route from being added back?
     
    Last edited: Apr 7, 2011
  7. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    FYI, the best way to prevent a VPN leak in Windows is by using a firewall and setting up the proper rules. It's not necessarily the easiest to learn, but it is the easiest to use on a daily basis once you've figured it out.

    I don't know specifically how effective route deletions are, but I do know that paul's method outlined on the perfect-privacy forum and on the Xerobank site are only partially effective because they only protect again leaks where DNS lookups are made. If the application you're using already knows the IP address it wants to connect to, then you're not protected. For instance, torrent applications won't be protected.

    Then there's this method by jacko32 which may work, but I haven't tried it (or even looked very thoroughly at it):

    https://forum.perfect-privacy.com/showthread.php?t=1877


    My method is to simply us Comodo firewall as outlined in these links:

    http://forums.ivacy.com/index.php?topic=136.0
    http://forum.hidemyass.com/showthread.php?tid=1462

    What I usually do is use a separate Firefox/utorrent/opera/etc. for connecting with a VPN and one for connecting without a VPN. I give each application a different name depending on if it's secure or not. For instance "VPN Firefox" for VPN connections. I just create the rules once in Comodo, and it will always be protected without any further effort or even thinking about it. I usually write the rules to allow "VPN Firefox" to connect either through a VPN or Tor (or JAP) but not to connect when at least one isn't running.

    I'm addicted to the Firewall technique because it always works, contrary to what InternetMeltdown says, and it works for Tor, VPNs, and any other application with only a slight tweaking of the rules. :thumb:
     
  8. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358

    Well, I wouldn't want to get on your wrong side InternetMeltdown, because I truly do respect you and everything you've brought to this forum over the last few years.

    However, this was your statement.

    It was a generalized statement that I took to cover all techniques. I apologize if I was incorrect.
     
  9. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    I no more than u,

    Thank you for your reply, it is very helpful. You know the route delete method is very effective and doesn't leak, until your ISP connection (and wireless) drops. After it drops, routes can be added back.

    I believe that if you can prevent deleted routes from coming back these methods would be 100% effective and the only way for compromise is user error. So that is why I created this thread, I am looking for a way to stop routes from being added back permanently and I feel like I am on to something (I believe the key has to do with turning off DHCP and using static addressing). But I still need to do more configuration, learning and I will try to confirm this with my wireless connection.

    Now as for the firewall method, I completely agree with you. The first time I witnessed my route being added back (after I deleted it), the first thought that came to my head was using a Firewall!

    However, so far I have only found three firewalls that work (Comodo and PC Tools plus, Sygate firewall) and all 3 are problematic for me. Comodo was my fave but it causes too many problems on my PC. Sygate is too old and PC tools I have heard can leak. So I am also working on getting Outpost FW to work secure my apps. However I am not an expert with ports, ip addresses, firewalls etc so for me the most practical way is to continue looking into a permanent route delete solution and go the firewall route (and change my current firewall I have been using for years which can't prevent leaks) only if absolutely necessary.
     
  10. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    It looks like you've tried many techniques, and you have a lot of experience.

    Let me try the jacko32 method on my computer, and I'll let you know how it goes. It may take some time.
     
  11. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    I tried the route delete technique on a Windows XP SP2 system with a router, and I agree with you. Nothing I did prevented the route from coming back under certain circumstances. Switching from DHCP to static didn't work. All I did was unplug the router and plug it back in, and the route was back.

    If anyone has any insights, I and illumins would be glad to hear them. :thumb:

    This might be a good technique if not for the route coming back under certain circumstances. I'll stick to my firewall for now.
     
  12. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    I just wanted to add a couple comments regarding DHCP and DNS.

    My understanding is that when Steve talked about switching from DHCP to static, it wasn't referring to turning off the "DHCP client". When you switch to static addressing on a network adapter and then run "ipconfig /all" you'll see next to "Dhcp Enabled" the word "no"

    1.JPG

    So, this is what I take to mean DHCP off. However, even with DHCP "off" just for this adapter, deleting a route doesn't prevent it from coming back on my system (by unplugging the router and plugging it back in).

    And as you said, disabling the "DHCP client" prevents any internet access at all.

    Regarding DNS, one of the first things I do when setting up a system is disable the "DNS Client". I've found that this helps to prevent leaks in general because it forces applications to do their own DNS requests, instead of sending the requests to the DNS client. Applications become easier to control with a firewall when they do their own requests. This is my own observation anyway, and I've never seen it mentioned before.
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Regarding DHCP on/off:

    DHCP is where the new routes are coming from. Your computer is relatively blind/ignorant of network routing, and relies on DHCP updates from your router/host/isp.

    What you want to do for all or nothing routing is this:

    1. Router: DHCP updates from ISP should be ON (presuming you aren't statically PRE assigned).
    2. Router: Statically assign your home LAN IP addresses.
    3. Home computer: Statically assign your home LAN IP addresses.
    4. OpenVPN Application: Get the DHCP configuration from your VPN provider (using those commands), dump the configuration, turn off DHCP, statically assign the same settings to the VPN connection.

    The connection continues to work, and Windows ignores dhcp route updates from all network sources. The problem, of course, is that if the VPN connection drops or sends a dhcp update, the routing goes dead on your computer and you have to turn on DHCP updates again and convert the dynamic settings to static.

    I was an vpn user experiencing many of these problems before joining an anonymity vendor to solve them, so I am intimately aware of these issues and have posted about them to great detail. It is true that I've used this expertise to integrate these solutions into our software, all of which are open-source and free to use, I don't deny it at all. ;)
     
    Last edited: Apr 11, 2011
  14. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26

    I No More,

    Thank you for taking the time to experiment and post your observations. I agree with you and could not find a way to permanently delete a route and that the best / most practical way to secure VPN connection is using a leak proof FW. (Didn't try Steve's post #26 method yet.)

    So I went looking for a solid firewall that worked and eventually I figured out how to make Comodo FW work on my PC.

    I also took your advice and also disabled DNS client so that I can control/monitor all application traffic (I am wondering if there are any more loose ends?...). I also blocked Svchost from initiating traffic from my LAC #1 (Real NIC) and LAC #2 (VPN). (Tried to block all of SVChost's outgoing traffic but internet did not work.)

    It took me awhile to try to disable the DNS client because I heard it can cause many problems but for some reason everything worked fine. (No other modifications necessary).

    Sorry for the late reply, but thank you again.
     
  15. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26

    Steve, thank you for your instructions. I wanted to try this method but I am behind a router with other computers so didn't want to change every computer. I most likely will be attempting this in the future so thanks again.
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
Loading...
Thread Status:
Not open for further replies.