SecurityKISS VPN servers and my computer

Discussion in 'privacy technology' started by Jarmo P, Jun 2, 2015.

  1. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    After a 90 days trial of FSecure Freedome, I became back to using SecurityKiss even though it as a paid program is a bit more expensive than some competition. Always liked the Exclusive Tunnel feature if that possibly could help against MITM stalkings and attacks. And the "kill switch" that naturally comes with it. Freedome has not these features.

    From https://www.securitykiss.com/faq/index.php#dnsserv :
    "I don't want my DNS queries to be resolved by Internet Service Provider's (ISP) servers, which may result in the ISP being able to log data. Does SecurityKISS offer anonymous DNS servers?

    Yes, by default every SecurityKISS server has its own DNS software server which resolves users' DNS queries when they are connected in the tunnel. These DNS servers operate on the local tunneled network 10.x.x.x and are not accessible from outside. All DNS queries travel encrypted inside the tunnel. We don't log DNS traffic."

    Now to test the servers with https://www.dnsleaktest.com/

    Using Poland Warsaw VPN server I get the results that are Google servers (Google Business according to ipleak.net alternative test). Not 1 or 2 but quite many DNS servers. So not the what is told above.

    To most VPN servers I use, I get no results from either dnsleaktest or ipleak.net alternative test. The tests are left showing some running icon and nothing happens. Is this as it should be or should maybe the 10.x.y.z result be shown?

    Running dnsleaktest without SecurityKISS VPN i get 2 danish openDNS servers. That should be ok I guess, because I have set in my local network adapter, Internet Protocol version 4 (TCP/IPv4), Properties the DNS servers 208.67.222.222, 208.67.220.220.

    I tried to post screencaps I took, but seems Chrome is not uploading them properly. I remember being able to post pics with only Firefox, with using a sandboxied browser or whatever that was. Anyways you should not be needed any pics to understand my questions and findings.

    And the main purpose of this post is of course to try confirm that my VPN connection is OK and not compromised (hacked).
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I recommend using https://grc.com/dns/ for discovering all DNS servers being used. It's very good at that.

    With any private DNS server with a VPN tunnel IP address, https://grc.com/dns/ will show you the public IP addresses that it redirects to.
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Unfortunately I am not able to understand the results that I get from 'initiate the standard DNS spoofability test' at all. And I am sure not the only one.

    I used the swedish Stockholm VPN server and results:

    "Analysis of 128 queries from 10 IP addresseshttps://www.grc.com/image/external.gif in [ 74.125.74.* ]
    Anti-Spoofing Safety: Moderate (See Spoofability Mitigation Note below)"

    Then some pics and jargon etc that goes over my head and reluctant to learn lol. But it does not show any IPs except at the end:

    "One or More Nameservers Made Too Few Queries
    ...lines
    ...

    Nameserver IP Queries Server Name, if any
    173.194.98.151 https://www.grc.com/image/external.gif 3 (No domain name is registered)
    173.194.98.149 https://www.grc.com/image/external.gif 6 (No domain name is registered)
    173.194.98.148 https://www.grc.com/image/external.gif 12 (No domain name is registered)
    173.194.98.144 https://www.grc.com/image/external.gif 5 (No domain name is registered)
    74.125.46.146 https://www.grc.com/image/external.gif 10 (No domain name is registered)
    74.125.46.145 https://www.grc.com/image/external.gif 8 (No domain name is registered)
    74.125.46.147 https://www.grc.com/image/external.gif 15 (No domain name is registered)
    74.125.46.148 https://www.grc.com/image/external.gif 8 (No domain name is registered)
    74.125.46.144 https://www.grc.com/image/external.gif 12 (No domain name is registered)
    173.194.98.145 https://www.grc.com/image/external.gif 8 (No domain name is registered)
    173.194.98.147 https://www.grc.com/image/external.gif 4 (No domain name is registered)
    173.194.98.150 https://www.grc.com/image/external.gif 4 (No domain name is registered)
    173.194.98.146 https://www.grc.com/image/external.gif 3 (No domain name is registered)"

    What I cared to check, those are Google IPs.
    Note that dnsleaktest is left running and can't show those IPs.
     
    Last edited: Jun 2, 2015
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Aggregating, that's telling you that the Stockholm VPN server redirected your DNS lookups to at least 23 IPs:

    74.125.74.* (10 IPs): 128 queries
    74.125.46.* (5 IPs): 53 queries
    173.194.98.* (8 IPs): 45 queries

    There are probably more minor ones. But I'm guessing that they're all Google DNS servers.

    The "pics and jargon" are telling you stuff about DNS server security. As GRC sees it, anyway. But all that we care about here (for this point) is that it finds all of them.
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    I just did another test, connected to a SecurityKiss french server. The only results the test gave are:

    "
    One or More Nameservers Made Too Few Queries
    During the DNS Nameserver Spoofability test, the nameserver(s) listed below failed to emit a sufficient quantity of queries to allow a reliable and accurate appraisal of the nameserver's spoofability. This is an unusual occurrence that typically means that some form of network intermediation, such as a bandwidth or query load-balancer may be interposed between the nameserver and the public Internet. The results from such low-query nameservers can typically be ignored since they are very likely spurious. However, since we did receive some queries, they are listed below in the interest of accuracy and completeness:
    Nameserver IP Queries Server Name, if any
    74.125.181.85 https://www.grc.com/image/external.gif 8 (No domain name is registered)
    74.125.47.19 https://www.grc.com/image/external.gif 5 (No domain name is registered)
    74.125.73.22 https://www.grc.com/image/external.gif 3 (No domain name is registered)
    74.125.47.17 https://www.grc.com/image/external.gif 9 (No domain name is registered)
    74.125.181.83 https://www.grc.com/image/external.gif 9 (No domain name is registered)
    some more servers all Google I think
    "

    No charts or degree of spoofability given. And same server, dnsleaktest does not give any information. Perhaps VPN is really hiding the DNS servers and even this test is not much value in testing the VPN service?

    Testing my conncetion without the VPN, I get an Excellent degree. Perhaps one should run this test when suspecting something is wrong with the ISP provided connection and leave VPN testing alone?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    The main point of these tests is to be sure that you're not hitting your ISPs DNS servers while using the VPN service. Because that leaks information about your activity via VPN. From what you've posted, your SecurityKISS setup seems OK.

    There is some cause for concern that private SecurityKISS DNS servers (with VPN tunnel IPs) are simply redirecting to numerous Google DNS servers. I don't think that it's a huge issue, because Google only sees the SecurityKISS server that's forwarding queries, and doesn't know your identity. And it does ensure that DNS requests use the VPN tunnel, because addresses like 10.x.x.x aren't publicly routable. But a better approach for VPN providers is to actually run their own DNS servers.
     
Loading...