Security Measures configuring router and using Proton VPN
What is DNS Servers 1.1.1.1 and 9.9.9.9?
Why should you use them?
These Doman Name Servers protect you from your Internet service Provider by redirecting you through a different DNS.
The Proton VPN protects you multiple ways.
What is DNS?
Every website lives at a numerical IP address. Your Domain Name Server, or DNS, translates these numerical IP addresses into readable domain names we all know and remember. If your DNS settings are not working correctly, or you’re still using defaults, you may be at risk for cybercrime and performance issues. Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system’s performance, plus, it preserves and protects your privacy. It’s like an immunization for your computer.
2M
~ 2 Million
Daily Average Blocks
18+
Number of Threat
Intelligence Providers
(All data as of 5/6/18)
118
Active
Resolver Clusters
How Quad9 works
Quad9 routes your DNS queries through a secure network of servers around the globe. The system uses threat intelligence from more than a dozen of the industry’s leading cyber security companies to give a real-time perspective on what websites are safe and what sites are known to include malware or other threats. If the system detects that the site you want to reach is known to be infected, you’ll automatically be blocked from entry – keeping your data and computer safe.
Without VPN
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
Modem Parameter
Status
Firmware Version:
CAB003-31.30L.94
Model Number:
C1900A
Hardware Revision:
3B
Serial Number:
CCAA6020909439
WAN MAC Address:
a0:a3:e2:cf:27:21
Downstream Rate:
29.433 Mbps
Upstream Rate:
2.198 Mbps
ISP Protocol
IPoE
Let's run a test ping 1.1.1.1
For those of you who don't know about DNS I will explain in next post
Results using 1.1.1.1 instead of my ISP DNS
Pinging 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=61 time=0.950 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=61 time=0.988 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=61 time=1.03 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.950/0.991/1.036/0.043 ms
Now let's ping quad 9 which I will explain in next post
Pinging 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=61 time=1.80 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=61 time=1.84 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=61 time=1.82 ms
--- 9.9.9.9 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.806/1.823/1.844/0.038 ms
Not bad
Now I will Ping 9.9.9.9 which is not my static set DNS remind you I'm doing all this wifi on cell.
ProtonVPN
Pinging 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.
64 bytes from 9.9.9.9: icmp_seq=1 ttl=61 time=1.72 ms
64 bytes from 9.9.9.9: icmp_seq=2 ttl=61 time=1.81 ms
64 bytes from 9.9.9.9: icmp_seq=3 ttl=61 time=1.82 ms
--- 9.9.9.9 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.728/1.788/1.827/0.065 ms
This running secure core with DNS Leak prevention
Ping 1.1.1.1 over VPN secure core
IAM using this as my DNS
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=61 time=0.941 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=61 time=0.929 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=61 time=0.981 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 0.929/0.950/0.981/0.033 ms
Amazing ping
Now let's see what I get on a speed test using 1.1.1.1 as my DNS on router and ProtonVPN going through 3 VPNs- Securecore
Now here's some info on DNS 9.9.9.9 and 1.1.1.1
My firewall settings
the 1.1.1.1 address is currently assigned to APNIC labs (as it was when the question has been asked). However, until January 2010, the 1.0.0.0/8 network block, of which 1.1.1.1 is part, was unassigned and therefore (ab)used for local use in several cases.
Although the network block has been now assigned to APNIC (and addresses starting with 1. are now definitely in use), several old pieces of equipment persist in using 1.1.1.1 for local purposes, and perhaps in consequence of this, a small block of 256 IP addresses (1.1.1.0 to 1.1.1.255) has been reserved for research purposes by APNIC labs.
No route for the 1.1.1.0/24 prefix containing 1.1.1.1 has ever been announced on BGP (see https://stat.ripe.net/1.1.1.1#tabId=at-a-glance for details, in particular 1.1.1.1 was never globally visible as exact match in BGP by any of the RIS peers since beginning of 2004. No less-specific covering prefixes.), which means that the address has never been used for a publicly-facing service. This of course does not mean that this will never happen.
The fact that you can have a traceroute to 1.1.1.1 that responds with the gateway address can come from two sources:
The gateway figures out that the address can't be routed because there is no route announcement for it, and therefore answers with an ICMP "unreachable" message -- however your traceroute should in this case display a specific marking (e.g. !H). I would say that this explanation is not very probable, because your gatweay will probably only forward packets to the next router.
The 1.1.1.1 address is still used locally by some equipment (see below).
Among unofficial uses of the 1.1.1.1 address, or of an address block containing it:
Some equipment from several manufacturers (including Cisco and ZyXel) is still using the 1.1.1.1 address for local purposes (for example, login portals for public WiFi connections, local management networks, etc.). You can perhaps see what the equipment is by going to https://1.1.1.1/ with your browser. Also check the address of your DHCP or DNS server to see if one of those is 1.1.1.1.
Fastweb, an Italian ISP (but probably other providers too), was in the past assigning IPs in the 1.0.0.0/8 network to their customers, but since that network range became public, they switched to a more classic private IP range (10.0.0.0/8).
UPDATE (April 11th 2018) — As per Bob's comment to another message, there is now a public DNS service on 1.1.1.1. See also https://1.1.1.1/ for more information about what this is. So this address is now definitely off-limits for private use! (as it should always have been).
$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_req=1 ttl=57 time=4.67 ms
64 bytes from 1.1.1.1: icmp_req=2 ttl=57 time=4.20 ms
64 bytes from 1.1.1.1: icmp_req=3 ttl=57 time=4.19 ms
64 bytes from 1.1.1.1: icmp_req=4 ttl=57 time=4.17 ms
^C
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3030ms
rtt min/avg/max/mdev = 4.179/4.313/4.677/0.210 ms
And there's Quad 9 9.9.9.9
Windows quad 9 setup
MAC setup
DNS lookup for dns.quad9.net
(reverse DNS of 9.9.9.9)
Type Host Class TTL Data
A dns.quad9.net IN 1200 ip = 149.112.112.112
A dns.quad9.net IN 1200 ip = 9.9.9.9
AAAA dns.quad9.net IN 1200 ipv6 = 2620:fe::fe
ProtonVPN and ProtonMail
ProtonMail + Tor
Tor is free software for enabling anonymous communication.
ProtonMail now has an official onion site:
https://protonirockerxow.onion/
Using Tor
To use our Tor hidden service (also known as an onion site), you must have Tor installed or use Tor browser. Instructions on how to set up Tor to access your encrypted mailbox can be found here.
https://protonmail.com/blog/tor-encrypted-email
Using Tor to access ProtonMail is optional, but in some situations, it may bring additional security benefits. More information about how ProtonMail utilizes Tor to protect your privacy can be found here.
https://protonmail.com/support/knowledge-base/tor-setup/
Protonmail Droid
https://play.google.com/store/apps/details?id=ch.protonmail.android
ProtonVPN
Why use VPN
SECURITY
Our secure VPN sends your internet traffic through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even over public or untrusted Internet connections.
PRIVACY
Keep your browsing history private. As a Swiss VPN provider, we do not log user activity or share data with third parties. Our anonymous VPN service enables Internet without surveillance.
FREEDOM
We created ProtonVPN to protect the journalists and activists who use ProtonMail. ProtonVPN breaks down the barriers of Internet censorship, allowing you to access any website or content.
Unique Features for a more secure VPN
Unlike other VPN services, ProtonVPN is designed with security as the main focus, drawing upon the lessons we have learned from working with journalists and activists in the field.
SecureCore Icon
SECURE CORE
Regular VPN services can be compromised if their servers are under surveillance. ProtonVPN prevents this by first passing user traffic through our Secure Core network in privacy friendly countries like Switzerland and Iceland. Thus, even a compromised VPN endpoint server will not reveal your true IP address. Learn more
PFS Icon
PERFECT FORWARD SECRECY
ProtonVPN exclusively uses ciphers with Perfect Forward Secrecy, meaning that your encrypted traffic cannot be captured and decrypted later, even if an encryption key gets compromised in the future.
SWISS BASED
We are headquartered in Switzerland which has some of the world's strongest privacy laws. Switzerland is also outside of EU and US jurisdiction and is not a member of the fourteen eyes surveillance network.
No Logs Icon
NO LOGS
ProtonVPN is a no logs VPN service. We do not track or record your internet activity, and therefore, we are unable to disclose this information to third parties.
TOR over VPN
ProtonVPN also integrates with the Tor anonymity network. With a single click, you can route all your traffic through the Tor network and access Onion sites
FREE VPN
We believe privacy and security are fundamental human rights, so we also provide a free version of ProtonVPN to the public. Unlike other free VPNs, there are no catches. We don't serve ads or secretly sell your browsing history. ProtonVPN Free is subsidized by ProtonVPN paid users. If you would like to support online privacy, please consider upgrading to a paid plan for faster speeds and more features.
EASY TO USE
The best security tools in the world will only protect you if used correctly and consistently. We have extensively simplified the ProtonVPN interface to make it as intuitive as possible – so you can stay protected every day, hassle free.
FAST VPN SPEEDS
We deploy high-end servers with high bandwidth links to ensure fast connection speeds for our users. Connect to ProtonVPN and continue browsing the web, streaming music and watching videos like always.
MULTI-PLATFORM SUPPORT
ProtonVPN is available on all your devices including PC, MacOS, mobile, and even your router. A secure internet connection which you can trust is essential every day - for your PC at home, for your mobile device on the road, or your workstation at the office. ProtonVPN works on Windows and MacOS via our application, or on iOS, and Android using any OpenVPN client.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://superuser.com/questions/970371/what-is-1-1-1-1-why-does-it-work-for-traceoute-but-not-ping
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit