Menu
What's new
By:
Filters Better Search

DNS spoof attack with strongvpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

CrazyCanuck

Occasional Visitor
There seems to be a dns spoofing attack with strong vpn. How do I know this because I went from using strongvpn and dns advantage. Strognvpn refusing to make security changes to their dns server so I am letting people know. I suggest people use 156.154.70.1 and 156.154.71.1

You can do a dns spoofing test on grc.com/dns. Strong vpn doesn't block external pings which could make it make possible for hackers to spoof their dns server.

Here is the scan for my local isp and dns advantage. If you are using strong dns you will see it doesn't block external pings.

http://imgur.com/a/Dr0ND

the admin says i'm wrong however I had the same issue with my isp yet 3 years later they fix the issues. So clearly i wasn't wrong.
 
I am a bit confused. From what I know you should use the DNS of the VPN provider otherwise you are leaking your DNS. This DNS that you are suggesting people use is a public DNS and if you want to have any privacy or security from the VPN provider, using a public DNS in my opinion could be a security issue.
can you please elaborate why you would use a public DNS instead of private DNS as your VPN provider supplies.
I have PIA and I ran that grc test, it came out as excellent but I have concerns now that you mentioned this because it replies to External pings as the image supplied shows.
Does PIA look bad as well?
PIA.jpg
 
Last edited:
When i try this spoofability test from GRC with OpenDNS, Google DNS or Norton DNS, they fail miserably.
Are you saying that we are at risk when using Local ISP with google or OpenDNS and its safer to use DNS advantage instead?
or this applies only to VPN?
Tons of people are using Google DNS and OpendDNS along with Norton when on their local ISP, is everyone at risk for DNS Spoof?
please explain a little better thanks :)
 
Last edited:
yorgi said:
I am a bit confused. From what I know you should use the DNS of the VPN provider otherwise you are leaking your DNS. This DNS that you are suggesting people use is a public DNS and if you want to have any privacy or security from the VPN provider, using a public DNS in my opinion could be a security issue.
can you please elaborate why you would use a public DNS instead of private DNS as your VPN provider supplies.
I have PIA and I ran that grc test, it came out as excellent but I have concerns concerns now that you mentioned this because it replies to External pings as the image supplied shows.
Does PIA look bad as well?View attachment 5637
Click to expand...


The dns server should reject external ping. Everything else is ok. I told my ISP many years and they claimed their dns server are secure. However a few years after I scanned with grc and they fixed the issues. I am not a security expert however just by observing that was the case. Someone was poisoning the dns cache server.
 
yorgi said:
When i try this spoofability test from GRC with OpenDNS, Google DNS or Norton DNS, they fail miserably.
Are you saying that we are at risk when using Local ISP with google or OpenDNS and its safer to use DNS advantage instead?
or this applies only to VPN?
Tons of people are using Google DNS and OpendDNS along with Norton when on their local ISP, is everyone at risk for DNS Spoof?
please explain a little better thanks :)
Click to expand...

From what I know it applies to vpn or un encrypted connection. I used to use google dns and the hacker used to play games with me. He would direct the traffic to his fake web site and do crazy things. I learned as I experienced stuff and he kept on following me. On my router I use dns advantage as the default.
 
CrazyCanuck said:
The dns server should reject external ping. Everything else is ok. I told my ISP many years and they claimed their dns server are secure. However a few years after I scanned with grc and they fixed the issues. I am not a security expert however just by observing that was the case. Someone was poisoning the dns cache server.
Click to expand...
That makes sence but when you use a public DNS with your VPN, that is a big problem. Basically what you are doing is using a tunnel that is encrypted so that you can spoof your IP and then at the same time you are advertising all your moves to the Public DNS server. I wouldn't suggest you do that. Change VPN provider or something. For them to allow pings it must mean they have to because of all kinds of configurations.
Do another test with GRC go on your VPN and do a firewall test you will see all your ports are closed but not stealth. but when you do a test with local ISP everything is stealth.
I think there are reasons why they do that. I will complain to PIA and see what they have to say about this.
What you are saying deserves merit but at the same time you are shooting yourself in the foot by using a public DNS server.
 
Your suggestion to use a public server is wrong, so please people who ever reads this don't put those public DNS servers when you are using a VPN huge risk!!!!!!!!!!!

You may choose to use these public DNS if you are using your Local ISP but in my opinion this test is not really useful because if you do the same test with Google, OpenDNS or Norton they all fail miserably so what does that mean?
anyone using those huge servers is vulnerable to DNS spoofs?
Families trust Norton DNS for porn and other malicious attacks and now they are vulnerable to hacks by using this? I am very concerned but at the same time very confused.
Can anyone else join in and shed some light on this topic?
 
yorgi said:
That makes sence but when you use a public DNS with your VPN, that is a big problem. Basically what you are doing is using a tunnel that is encrypted so that you can spoof your IP and then at the same time you are advertising all your moves to the Public DNS server. I wouldn't suggest you do that. Change VPN provider or something. For them to allow pings it must mean they have to because of all kinds of configurations.
Do another test with GRC go on your VPN and do a firewall test you will see all your ports are closed but not stealth. but when you do a test with local ISP everything is stealth.
I think there are reasons why they do that. I will complain to PIA and see what they have to say about this.
What you are saying deserves merit but at the same time you are shooting yourself in the foot by using a public DNS server.
Click to expand...

I couldn't use the vpn provider's dns because a hacker poisioned it. He was playing games so I had to find another vpn provider and i was getting a warning message in my logs that make me think twice of dealing with them.


This is warning on my log when I was with them.

Mar 2 21:05:50 openvpn[774]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Not sure if that means anything but they didn't tell what it meant only that I was wrong.
 
CrazyCanuck said:
I couldn't use the vpn provider's dns because a hacker poisioned it. He was playing games so I had to find another vpn provider and i was getting a warning message in my logs that make me think twice of dealing with them.


This is warning on my log when I was with them.

Mar 2 21:05:50 openvpn[774]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Not sure if that means anything but they didn't tell what it meant only that I was wrong.
Click to expand...
I don't doubt that you may have issues with your provider but please stop using public DNS with VPN.
Get better informed don't just try some test and put all your eggs in that basket because you trust GRC.
Lets see what other people have to say about this. there are a lot of amazing network gurus here.
 
yorgi said:
Your suggestion to use a public server is wrong, so please people who ever reads this don't put those public DNS servers when you are using a VPN huge risk!!!!!!!!!!!

You may choose to use these public DNS if you are using your Local ISP but in my opinion this test is not really useful because if you do the same test with Google, OpenDNS or Norton they all fail miserably so what does that mean?
anyone using those huge servers is vulnerable to DNS spoofs?
Families trust Norton DNS for porn and other malicious attacks and now they are vulnerable to hacks by using this? I am very concerned but at the same time very confused.
Can anyone else join in and shed some light on this topic?
Click to expand...

i don't think you understand when I have my vpn enabled it will use the vpn provider's vpn but I still use advantage as the default.
 
yorgi said:
I don't doubt that you may have issues with your provider but please stop using public DNS with VPN.
Get better informed don't just try some test and put all your eggs in that basket because you trust GRC.
Lets see what other people have to say about this. there are a lot of amazing network gurus here.
Click to expand...


I trust grc because of my experiences. I told you a hacker was playing games with me. All I can say is with experience it is what I believe to be true. Do whatever you want. I'm just sharing a little knowledge and experience.
 
CrazyCanuck said:
i don't think you understand when I have my vpn enabled it will use the vpn provider's vpn but I still use advantage as the default.
Click to expand...
I understand totally but this is what you are saying.

"Strognvpn refusing to make security changes to their dns server so I am letting people know. I suggest people use 156.154.70.1 and 156.154.71.1"

that sounds to me like you are suggesting that people use these ip address for their DNS when they connect to their VPN provider.
I just want to make things clear.
You should also do a test with your VPN provider and see what you get with GRC when using the the VPN DNS
 
CrazyCanuck said:
I trust grc because of my experiences. I told you a hacker was playing games with me. All I can say is with experience it is what I believe to be true. Do whatever you want. I'm just sharing a little knowledge and experience.
Click to expand...
No one says you can't share you knowledge.
Just be clear on how you phrase your points :)
and be a little more thorough by at least providing DNS Spoofablity on your VPN providers side.
Because if someone hacked you from VPN Dns whos to say they wont hack you when your on Google or any other services.
I could be wrong.
 
yorgi said:
No one says you can't share you knowledge.
Just be clear on how you phrase your points :)
and be a little more thorough by at least providing DNS Spoofablity on your VPN providers side.
Because if someone hacked you from VPN Dns whos to say they wont hack you when your on Google or any other services.
I could be wrong.
Click to expand...

At first it was my ISP dns they exploited. Then I started using opendns and eventually google dns. I had problem there and then I eventually found dns advantage and the problems stopped so i tried going back and see if it was a fluke and it wasn't. It's all by trial and error for many months. i just get a headache talking about it, it was a nightmare. lol
 
CrazyCanuck said:
At first it was my ISP dns they exploited. Then I started using opendns and eventually google dns. I had problem there and then I eventually found dns advantage and the problems stopped so i tried going back and see if it was a fluke and it wasn't. It's all by trial and error for many months. i just get a headache talking about it, it was a nightmare. lol
Click to expand...
No worries dude.
But did you do a GRC test with your VPN providers DNS?
I bet it will reply to pings as PIA's did
so are you any safer when you are on your VPN?
 
yeah you're right and I'm going to try to nicely request to block them. Who knows maybe i'm being overly paranoid lol
 
CrazyCanuck said:
yeah you're right and I'm going to try to nicely request to block them. Who knows maybe i'm being overly paranoid lol
Click to expand...
Its ok to be cautious but don't loose sleep over this.
All the huge DNS servers seem to ping to replies according to the GRC test so let them worry about it.
 
I guess I shouldn't have said anything. Now the hackers poisoned the new vpn provider's dns cache. He some how disconnect the tunnel so again now I had go back to dns advantage. it hasn't even been a week yet with the new provider. I guess I'm at the mercy of the vpn provider to fix the issue because it appears very few dns servers are truly secure.
 
DNS security really depends on the DNS network. You have to rely on public DNS because every domain has their own server. For example .com domains could be managed by a few servers and .org could be managed to different servers as well.

The problem lies in the secondary DNS which queries these original servers whether or not they are secure. Every ISP has their own DNS server for performance reasons and for hijacking reasons (its how they block websites by forcing you to use their DNS by hijacking your DNS requests). You can make your own secondary DNS server though but i noticed many ISPs hijack DNS traffic and force you to use their DNS server, something i noticed as my domains arent directed correctly. So if you do make your own DNS server you will have to find a way to bypass ISP hijacking.

Thats not to say that the DNS network can be trusted either. Some providers will knowingly host customers with malicious intent as with some server providers in datacenters, they really have no shame renting out all that resource to people with malicious intent. Its why there has been more botnets.
 
CrazyCanuck said:
I guess I shouldn't have said anything. Now the hackers poisoned the new vpn provider's dns cache. He some how disconnect the tunnel so again now I had go back to dns advantage. it hasn't even been a week yet with the new provider. I guess I'm at the mercy of the vpn provider to fix the issue because it appears very few dns servers are truly secure.
Click to expand...

What information do you have that proves that the DNS was poisoned?

Which domain queries returned incorrect IPs? What was the correct IP (unpoisoned) and what was the IP that you were given (poisoned)?

Also, how does allowing external pings make it possible to for someone to spoof a DNS server? AFAIK, ping has nothing to do with DNS, and is completely unrelated to DNS security.
 
You must log in or register to reply here.

Similar threads

C
N00bs need simple page with outdated stuff & working stuff. Also simple commonly used phrases only people following Merlin for years understand :D
Replies
16
Views
2K
gattaca
G
daviworld
  • Poll
RT-AC5300 Performance & Security Guide
2 3 4
Replies
71
Views
82K
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
K Help with Wireguard Client set up, access local LAN & provider DNS VPN 1
P OPNsense / Adguard / DNS & VPN questions VPN 3
R WireGuard - DNS - Zscaler VPN 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 687 (members: 35, guests: 652)
Top