What does the Wireless ISP (WISP) "see" when I'm using VPN from home?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I start a new job next Monday, and my new company requires me to use  
their VPN server but my wireless ISP contract was for personal use only.

I realize that the WISP can see all my unencrypted traffic, but, what  
does any future VPN /encrypted/ traffic look like to my WISP?

Specifically, can the WISP tell I'm using VPN?
Or does everything just look like https encrypted traffic to the WISP?

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
On Thu, 04 Sep 2014 23:37:45 +0000, Yaroslav Sadowski wrote:

Quoted text here. Click to load it

Yes.


It might be, if you connect to the appropriate port (443, I think) on  
hosts (IP addresses) which are conceivably HTTPS servers. Figuring that  
last bit out includes some amount of discretionary decision-making on the  
part of WISP (i.e. is this usage pattern consistent with someone who uses  
a lot of video steaming from a single HTTPS server during work hours or  
is there something fishy going on?).

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 00:32:45 +0000:

Quoted text here. Click to load it

What does my VPN traffic look like that "tells" them I'm  
using VPN?


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
On Fri, 05 Sep 2014 16:21:28 +0000, Yaroslav Sadowski wrote:

Quoted text here. Click to load it

Well, there is a lot of it, it is encrypted, and the remote end is on a  
host:port pair that is "unusual".

When browsing through SSL, there is normally only little data coming from  
your machine and a lot of data coming from the remote machine. Your VPN  
connection will probably be more symmetrical.

Encryption of traffic gets all sorts of fascists worked up. It is also a  
normal part of VPN operation.

Host:port pair is not necessarily specific to VPNs, but it will probably  
be unusual enough that any sane admin in your WISP will suspect a VPN.  
Provided he cares enough about it.

There may also be other things: maybe the VPN setup is dead giveaway,  
maybe link teardown.

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 18:37:03 +0000:

Quoted text here. Click to load it

I am unfamiliar with VPN, so, may I just ask if the VPN connection uses
a particular port (such as 23, or 443, or whatever), or, if they use
any port that they want?


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Yaroslav Sadowski (for it is he) wrote:

Quoted text here. Click to load it

There are standard ports [eg 4500 for IPsec NAT traversal], but really, any  
port they want.

--  
 <http://ale.cx/ (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
 21:19:03 up 5 days, 11:34,  7 users,  load average: 0.28, 0.38, 0.40
 "If being trapped in a tropical swamp with Anthony Worral-Thompson and
 Christine Hamilton is reality then I say, pass the mind-altering drugs"
     -- Humphrey Lyttleton

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Quoted text here. Click to load it

Once the connection is made, it looks like random garbage. It is in the
making of the connection there there may be enough info for them to
decide it is a VPN connection attempt. (for example for ssh, you connect
to port 22-- although you can change that, to, for example, port 80 in
which case it will look like encrypted http data. For openvpn it is prot
1194.)



Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Quoted text here. Click to load it

You need your ISPs definition of personal.

Net traffic being sent to and from you personally strikes me a being
personal, in that it is to and from you personally.  If someone is
paying you to participate is that any business of your ISP?

Quoted text here. Click to load it

If they care to look it's a persistent encrypted stream to a single
endpoint. what it resembles most is traffic to a VPN node.

Quoted text here. Click to load it

If they probe the VPN node or reason from it's IP address they could
be pretty sure.   dunno what lawyers would make of that.

Quoted text here. Click to load it

they can't read the content, but they can examine the frequency and
size of the transfers.

--  
umop apisdn



Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Yaroslav Sadowski writes:
Quoted text here. Click to load it

Connecting to one's employer's VPN via a residential "personal use only"
internet service is commonplace.  Don't worry about it. Your ISP just
doesn't want you running a Web store or a paid subscription newsletter
service or somesuch.
--  
John Hasler  
jhasler@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Quoted text here. Click to load it

And if your ISP notices and starts to hassle you (which I also doubt
that they are going to do) , switch ISPs or
persuade you company to buy you the commercial use service.


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Jasen Betts wrote, on Fri, 05 Sep 2014 12:18:19 +0000:

Quoted text here. Click to load it

I've never "seen" encrypted traffic, but I assume it's just a  
bunch of numbers to an IP address (presumably of the VPN server).

Does the WISP see that IP address of that VPN provider?

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
On 09/05/2014 12:23 PM, Yaroslav Sadowski wrote:
Quoted text here. Click to load it

Yes

--  
Caver1

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Caver1 wrote, on Fri, 05 Sep 2014 12:35:01 -0400:

Quoted text here. Click to load it

I was afraid of that.  

So, just so that I understand, what you're telling me is that
the WISP can "see" that I'm going to go to a certain IP address,  
on various ports, which he can reverse DNS to figure out that  
this IP address corresponds to a VPN provider.  

The various ports would include everything, such as nntp, smtp,  
http, ssh, telnet, https, pop, imap, etc.

Can the ISP also tell what PORT that traffic is on, or does all
traffic to a VPN go over a single encrypted port?


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
On 09/05/2014 01:04 PM, Yaroslav Sadowski wrote:
Quoted text here. Click to load it

I don't think they see the port. When you first connect it is  
unencrypted. More then likely it is encrypted once you login. They can  
see your IP and the IP that you are connecting to. WISP probably doesn't  
look at your traffic unless there is a problem, In which case they look  
at the load of traffic not necessarily the IPs unless they narrow it  
down to a certain user. Or if the Gov't comes after it.

--  
Caver1

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Yaroslav Sadowski (for it is he) wrote:

Quoted text here. Click to load it

The traffic encapsulated inside the encryption? No.

Quoted text here. Click to load it

Every VPN implementation I've seen carries the payload over one port.  
Actually that's not 100% true - IPsec when there's no NAT involved doesn't  
use TCP or UDP so there's no "port", but for the use case of someone running  
a VPN client on their PC connecting through their router to the internet,  
it's going to be on one TCP/UDP port or another.

--  
 <http://ale.cx/ (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
 21:21:18 up 5 days, 11:37,  7 users,  load average: 0.43, 0.43, 0.41
 "If being trapped in a tropical swamp with Anthony Worral-Thompson and
 Christine Hamilton is reality then I say, pass the mind-altering drugs"
     -- Humphrey Lyttleton


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Quoted text here. Click to load it

No. He can figure out that that address is your company's address. He
has not idea what they provide.

Quoted text here. Click to load it

Depends. There are "standard"ports for those, but you and they can agree
on any port you want.

Quoted text here. Click to load it

It goes over a single port. Remember each packet has to be delivered by
your ISP and others along the route, to the right computer, and that
computer has to figure out what to do with that packet (port). It has to
differentiate between a packet which is supposed to go to the VPN and
which goes to ntpd say.

Quoted text here. Click to load it

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
alexd wrote, on Fri, 05 Sep 2014 21:24:20 +0100:

Quoted text here. Click to load it

Just to be clear, does that mean that, say, if I'm on port 119 on the  
computer while connected to the VPN server, that the WISP has no idea  
that I'm on port 119 because they only "see" the VPN server port?

Likewise, if I then switched to port 1000 or to port 2000 (or whatever),  
is the switchover likewise invisible to the WISP because all they see is  
the VPN port (whatever that may be)?

Quoted text here. Click to load it

I think that answered the question above.
Is this summary correct?

1. The WISP can "see" the IP address of the VPN server.
2. The WISP can "see" the port of the VPN server.
3. All "traffic" is garbage to the WISP.
---
4. If I switch from port 80 to port 1000 to port 2000, etc, all those  
ports are invisible to the WISP.

Is that correct?


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
Quoted text here. Click to load it

No idea what this means.  

Quoted text here. Click to load it

No idea what this means. If you switch to port 1000 on your computer,
the message sent out from your computer says it came from port 1000
since that is where the return must be delivered. Ports are addresses.  

What to you does "If I switch from port 80 to port 1000" mean? Tell me
what you would be doing to do that?

Quoted text here. Click to load it

Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
William Unruh wrote, on Fri, 05 Sep 2014 21:59:12 +0000:

Quoted text here. Click to load it

If I'm going to www.google.com from Firefox, that would go out on port 80.
The WISP could see *everything*, including what search I type, and the  
fact that I went to www.google.com.

I assume if I use a VPN server, all that is hidden from the WISP.  

Fast forward, and now I'm connected to a VPN server, which is using some  
port, which we can call port 1000 for this purpose.  

Now, when I bring up Firefox, EVERYTHING goes through port 1000, right?
So, if, in Firefox, I go to www.google.com, doesn't that port 80 HTTP  
traffic actually go out of my computer on the VPN encrypted port 1000?

So, if the WISP were monitoring port 80, wouldn't he see nothing?

Yet, the PC "thinks" it's going out on port 80, but, by some VPN'ish  
magic, isn't that port 80 traffic really going out on port 1000?


Re: What does the Wireless ISP (WISP) "see" when I'm using VPN from home?
On Sat, 6 Sep 2014 04:29:59 +0000 (UTC), Yaroslav Sadowski

Quoted text here. Click to load it

You're describing a full tunnel VPN. It sounds like you hope that's what
this VPN provider offers. If they offer a split tunnel, you won't see the
behavior described above.

Nitpick: when you access http://www.google.com , your traffic doesn't go OUT
from port 80. It goes TO port 80 at www.google.com, but it goes OUT from a
semi random port on your PC, usually somewhere between 1025 and 65535.



Site Timeline