how can i test my VPN ssl security?

Discussion in 'privacy technology' started by lasho, Feb 5, 2011.

Thread Status:
Not open for further replies.
  1. lasho

    lasho Registered Member

    Joined:
    Feb 5, 2011
    Posts:
    3
    hello,

    i have purchased a vpn service that establish a 256bit ssl tunnel from my pc and their server. This is what they say... however i want to test if they are saying the truth. Is there a way that i can personally test if my isp can monitor my internet activity or not while i am connected to internet via my vpno_O

    thnx a lot...
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, apart from other methods, if you use firefox as i do, you could install Calomel which shows lots of info about whether a www is SSL/HTTPS or not. Also it shows the SSL strength etc etc :)

    cal.gif

    Another useful feature is the visual display icon which changes various colours in real time, from Green right through to Red depending on strength = :thumb:

    I wrote a thread about it on here https://www.wilderssecurity.com/showthread.php?t=285561&highlight=Calomel

    Other threads with it mention it too https://www.wilderssecurity.com/search.php?searchid=3954128
     
  3. lasho

    lasho Registered Member

    Joined:
    Feb 5, 2011
    Posts:
    3
    thnx for the answer mate but this only works for https sites...

    the thing i want to do is to test if i am secure while i am connecting to internet via my VPN.

    for example i want to go www.wilderssecurity.com
    without vpn...my isp can see that i am surfing on it


    while i am connected via VPN it says secure online aes 256bit...so my isp shouldnt see that i am surfing on www.wilderssecurity.com

    thats what i want to test. my isp can see me or not??

    is there a way to do it?
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  5. katio

    katio Guest

    CloneRanger,
    TLS doesn't equal https ;)

    lasho,
    This is more relevant to your interest:
    https://secure.wikimedia.org/wikipedia/en/wiki/Transport_Layer_Security#Security

    AES 256 is strong crypto for all intends and purposes, TSL is a tried and trusted protocol. Your biggest risk is in the further implementation and side channel attacks for example DNS leaking and of course, can you trust your VPN provider more than your ISP?
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    AFAIK, the strongest public anonymity test is still Metasploit's <decloak.net>. For checking DNS leakage, you can use <www.grc.com/dns>. It'll list all of the DNS servers that your computer accesses.

    Also, it's not just deciding whether you trust your VPN provider more than your ISP. Without the VPN, you're also trusting everyone with access to your connection to your ISP (e.g., higher level ISPs, dishonest employees and governments).
     
  7. katio

    katio Guest

    And using VPN changes that how again?
    They have an ISP too,
    they have employees too,
    they have a physical location in a state with a (probably friendly to yours) government too.
     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I knew that someone was going to say something like that ;)

    Yes, of course, your VPN provider could be just as vulnerable as your ISP, or even more so. It could even be a honeypot. And so it's important to choose a good one.

    Here are some key criteria for a good VPN provider. They'd have entry and exit nodes in multiple jurisdictions. They'd have routing protocols that complicate connection tracing, even by themselves. They'd hire multiple anonymous admins to manage components, to prevent treachery and coercion. And they'd multiplex and share nodes with other friendly VPN providers. And perhaps most importantly, they'd have a reputation that you can verify from multiple sources.
     
  9. axle00

    axle00 Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    92
    If you just want to see if you're connection really is encrypted, just use Wireshark.
     
  10. lasho

    lasho Registered Member

    Joined:
    Feb 5, 2011
    Posts:
    3
    thank ypu for replys ppl...

    axle00, can you pls telle me the use of that program? I am a newbie =)
     
  11. katio

    katio Guest

    In wireshark there's a columns named Protocol, make sure DNS doesn't show up (put "dns" without the quotes into the filter search box at the top).

    You should only see TLS/SSL and maybe TCP (I'd need to test that or have a look at the data inside, is it encrypted?) traffic and local networking. The latter you can determine by looking at source and destinations, both should be part of a private IP range:
    http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
    or a multicast address:
    http://en.wikipedia.org/wiki/Multicast_address
    or local MAC address:
    http://en.wikipedia.org/wiki/MAC_address

    I think that's all you need to know to get started.
     
    Last edited by a moderator: Feb 7, 2011
Loading...
Thread Status:
Not open for further replies.