How to secure a VPN/tell if there are leaks?

Discussion in 'privacy problems' started by channel_zero, Mar 10, 2010.

Thread Status:
Not open for further replies.
  1. channel_zero

    channel_zero Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    4
    So, I recently subscribed to a VPN and, regarding torrent leaching and seeding, how can I tell if my true IP address is leaking torrent activity?

    I've done a lot of searches and looked all over a bunch of forums, and I've learned a lot, but haven't found any clear cut answers to this question, so any help would be appreciated!
     
  2. bangle40

    bangle40 Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    23
    Which VPN did you subscribe to?

    What type of software does it use to connect, what Operating system are you on? Etc..details will help further your answers..

    http://www.checkmytorrentip.com/

    This website generates a legal torrent that connects through the torrent client you are using, and it displays the IP you are projecting.

    FWIW, I have no idea who runs/controls that site.
     
  3. channel_zero

    channel_zero Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    4
    Thanks so much for your response! I've been recommended here from two other forums, and I was worried that I wasn't going to get any response here.

    So, to answer your questions, the VPN I am using is IPREDator (click here to see the set-up configuration), my OS is Windows 7 Professional, and http://www.checkmytorrentip.com has been very helpful, but hasn't answered all of my questions.

    To be specific, these are the questions I still have:

    1. I'm using regular ol' uTorrent 2.0, to prevent leaks, do I need to disable UPnP and NAT-PMP port mapping in its settings? 1b. Do I also need to disable DHT (network and for new torrents)? 1c. Additionally, do I need to disable Local Peer Discovery and Peer Exchange? 1d. Anything other settings with uTorrent or my firewall or Windows, etc. that I need to change? 1e. And, if I just disable "UPnP port mapping" on uTorrent is that sufficient, or do I need to disable it on my router, too? 1f. Do I still need to disable all these things, even though my VPN anonymizes all web traffic?

    2. What program or service can I use to easily and reliably monitor whether or not I am leaking my real IP address (that includes some alert or logging/history feature)? 2b. And how do I use the program/service and where and what do I look for in the program/service to tell if my real IP address is leaking?

    3. Right now, in case my VPN drops unexpectedly, I have Windows Firewall blocking uTorrent on my local internet connection (i.e. my real IP address), but, when I disconnect my VPN (to test the settings), I think my real IP address still leaks. At least, this shows up under uTorrent in Netlimiter and it shows upload amounts for awhile before stopping:

    Outgoing connection to remote host 239.255.xxx.xxx and remote port 3702

    Node Properties
    Protocol: Udp
    User: Ben
    --------------------------------------------------------------------------------
    Local Address: 192.168.x.xxx
    Local Zone: local
    --------------------------------------------------------------------------------
    Remote Address: 239.255.xxx.xxx
    Remote Zone: internet


    4. I also have a lot of allowed traffic on PeerBlock, like:

    Source: 127.x.x.x:1900 to destination: 239.255.xxx.xxx (UDP)
    ...and...
    Source: 192.xxx.x.x:1900 to destination: 239.255.xxx.xxx:1900 (UDP)
    ...and...
    PeerBlock is also showing a lot of allowed "unknown" protocol (not UDP or TCP, then?) traffic from 192.168.x.xxx (my real IP address) to 93.182.xxx.x, which is not my IPREDator (VPN) address, but another IPREDator address... Netlimiter doesn't show any evidence of this traffic, as far as I can tell...

    Do you know what might be going on in any of these cases here and if these things are leaks?
     
    Last edited by a moderator: Mar 14, 2010
  4. bangle40

    bangle40 Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    23
    Channel_Z,

    I mean this with no disrespect, but I would rather answer questions 1-4 after you have found a more suitable VPN Provider.

    How much research have you done into IPread? I will admit, I do not know how their network is setup, but have you looked into their Privacy Policies?
     
  5. channel_zero

    channel_zero Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    4
    No disrespect taken, but, to be honest, I don't really understand what you mean. Is IPREDator not a perfectly suitable VPN? If not, why not?

    Yup, I have--they're on their website (I'll post a link when I get to my home computer). They're just not very extensive. I've also e-mailed their tech support, but haven't gotten a response from them yet.

    Huh? Were my links changed because the site is in Swedish? If so, you just have to choose the little language pull-down menu on the right-hand side of their website to change it to English...
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    IPREDator is simply rebranded Relakks. Relakks leaks 100% of your DNS, and a lot of your data traffic. PPTP is not suitable for anonymity.
     
  7. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    How is it not secure, The website says it is 100% secure as in your IP is totally masked. Is this an outright lie? I was gonna go with this one based on them not keeping logs of any sort which other VPN do. :doubt:

    Also what about something like this?

    http://www.securstar.com/products_ssolo.php#up3

    This part erks me : "* Monthly traffic limit - 20GB"

    Also is there a OpenVPN that does not log like Ipredator?
     
    Last edited: Jul 9, 2010
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    1) Run the Metasploit Decloaking Engine to check for IP address leaks. You should see only your VPN's exit IP address.

    2) Run Steve Gibson's DNS Nameserver Spoofability Test to see what DNS servers you're using (and how spoofable they are). You should see only your VPN's DNS server(s). If you're using other DNS servers, tweak routing or configure the firewall to prevent that. Your VPN provider should have instructions for doing that.

    3) Don't use a wireless router -- unless you're inside a Faraday cage :D

    4) Spend your free time reviewing Wireshark captures ;)
     
  9. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Mullvad and Darknet are both OpenVPN providers that offer unlimited traffic for €5. Both are in Sweden and do not keep logs. Mullvad has a custom client that guards against leaks in case of VPN drop out.
     
  10. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I see that Mullvad accepts Bitcoin.

    Please share experience and opinions re Bitcoin.
     
  11. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    They both seem great! Are they trusted ones, since I know that everything routes through them now instead of my internet provider right? Where does it state they do not keep logs, I see it on the Darknet one but this one isn't as specific, is Mullvad better because of the VPN dropout feature or can I set Darknet to do this anyways? Also what kind of encryption does darknet use...does not list it sadly...


    Oh and about these? http://www.avinashtech.com/internet/15-best-free-vpn-for-secure-anonymous-surfing/ Is this for real? Free..how? This one looks neat https://www.ultravpn.fr/
     
    Last edited: Jul 10, 2010
  12. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    From https://www.mullvad.net/en/faq.php

    How do you protect against IPRED? What if a court orders you to divulge sensitive user information?

    We don't collect or store such information. There is nothing to divulge.



    EU data retention laws only apply to ISPs.

    If you use a standard OpenVPN client you will need to run something like VPNCheck or VPNetMon to protect against a VPN drop, or else configure your firewall. Also if they are not using the latest client you can download it yourself from OpenVPN. You just need to grab the "config" and "key" folders from their client and copy (overwrite) them to your client.

    I have never managed to get UltraVPN to work.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    But they don't tell you the rest of the story.....

    Mullvad.net is a VPN which is hosted at - GoDaddy!

    Domain servers in listed order:
    NS49.DOMAINCONTROL.COM
    NS50.DOMAINCONTROL.COM

    GoDaddy keeps logs. GoDaddy is based in Phoenix, AZ in the USA.

    Easy traffic analysis if TLA/Law Enforcement is interested in you.
     
  14. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    So that one is a lie...Guess the other one is fine then...?
     
    Last edited: Jul 11, 2010
  15. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    No, it's not a lie, it's just not telling you everything.

    As for Darknet, they're hosted by a Swedish webhost. So, same thing.

    Again, I'm not talking about direct IP connections being logged, I'm talking about traffic analysis by web forensics specialists.
     
  16. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    Would companies and government(Not to sound crazy, I just like privacy) go through measures to even look at what I do over these VPN Networks from there various host such as godaddy? Darknet seems more professional, well there site at least.
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Fair question. I think the answer is you world have to already be an active subject of investigation before they went to the trouble of traffic analysis.
     
  18. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    Thanks, that seems to make sense...Wish there was one that kept no logs at all...Thanks for the answer though.
     
  19. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Mullvad is hosted by LeaseWeb and appear to have servers in Netherlands and Sweden which are randomly assigned. I don't know why their website is hosted in the US. Darknet uses Portlane and you will always appear to be in Sweden.
     
  20. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    So that would be a safe bet then If I am located in the U.S? Since Its not run by the same government, Plus companies & government have no authority there I would think.
     
    Last edited: Jul 12, 2010
  21. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    The legal issues for a VPN in Sweden is explained on the Ipredator site. Mullvad also has an "exclude Swedish traffic" option in case things turn ugly in Sweden. It goes without saying that all your drives should be fully encrypted with DiskCryptor or Truecrypt.
     
  22. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    I understand the Sweden problem but since I do not reside there but in the U.S would I not be fine? o_O

    Thanks for all the info and help thus far btw guys, really nice of you.
     
  23. nightrace

    nightrace Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    159
    Nothing would happen to you unless there was cooperation between Swedish and US authorities.
     
  24. DemonSlash

    DemonSlash Registered Member

    Joined:
    Jul 9, 2010
    Posts:
    9
    Thanks, I think I found my VPN provider then! :D
     
  25. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Oh please.
     
Loading...
Thread Status:
Not open for further replies.