1

I suspect that I am being targeted in a man-in-the-middle attack from the ISP or in-between of the fiber cable transit or the node by sniffer hardware that detects and injects the malicious packets.

I am using a VPN service and it's encrypted end-to-end but whenever I disconnect the VPN for a local streaming service, for example, those attackers are back at it again.

Are they using an ARP-spoofing mechanism for the mac address redirection or some other form of NTP attack? Asking for help in diagnosing the issue and what are the best practices to follow?

CATALUNA84
  • 111
  • 3
  • I'm not sure that the network time protocol (NTP) has to do with this. And ARP spoofing in the local network can be seen if you are doing a packet capture on your local machine. And since your title asks about prevention: you are doing this already properly by using a VPN. – Steffen Ullrich Jul 24 '20 at 06:56
  • Maybe I am wrong, but NTP can be used to serve up pages with a clock synchronised packets making the server or client believe that the time of creation of the packets or the travel time is actually different than the original – CATALUNA84 Jul 24 '20 at 07:04
  • You can't prevent a man in the middle. You can only use protocols that are immune or resistant to man in the middle. – john doe Jul 24 '20 at 13:39

0 Answers0