tls – Does the DNS change help prevent MITM at the ISP?

A few days ago, the Government of Kazakhstan passed a law allowing it to apply with the help of SSL certificates signed by the government all https traffic from all (or almost) Internet Service Providers. For example, when you visit, your browser warns you that the certificate is not approved and that you must trust these certificates or install them manually.

In short, you use government-issued certificates to encrypt your traffic, which is then decrypted again at the ISP level to be encrypted again by the service provider. original certificates (valid) before being sent to the websites you access. Which basically means that ISPs can do what they want with your data as if you were using HTTP from the beginning.

As far as I know, one solution would be to use a trusted VPN service. However, this greatly aggravates the experience of use and essentially requires you to trust the VPN provider (that the majority does not care to check).

So my question is: if I had to change my DNS to say, by Cloudflare, will it prevent my ISP from acting as an intermediary?

Edit: if that does not help, what can I do to protect my privacy?

can a top ofric of isp access my information from my IP address

Suppose that a rich person knows my ip. Can a rich person pay a senior official working in an Internet provider to give him the name and information about the owner of that IP address? suppose the official is the friend of the rich people. can he find information about the owner of this IP address and give it to the rich man? Is not it illegal? I have read that it is illegal to give information to anyone without a police warrant. so the official will do it illegally when he gives it. but my question is: can the official find the information? And if he can, will he find out and put it back? or is it out of reach and very expensive and difficult? ignore the errors in the question and answer me. how difficult is it for an ISP official to access the info?

$ 0.25 / IPv4 IP White Label ISP [LOA][ARIN/RIPE][rDNS][RPKI]

+ IP addresses for North America and Europe
+ White ISP WHOIS white label: suitable for both hosting providers and behemoths.
+ Reverse DNS transfer or hosting included
+ Own IP area only: never used for spam
+ Only 25 ยข per IP and per month
+ Long-term contracts available

How to offer a value-added service to your customers:
+ Offer a movable portable IP address assignment between datacenters
+ Provide a dedicated IP address for each account to mitigate the impact of denial of service attacks or null routes.
+ Host game servers and VoIP applications on the default port
+ Our customers generally charge a profit margin of 100 to 400% (50 to 80% margin)

+ For reputable service providers only. No spam, analysis or scams.
+ No broker or "purchasing manager" please (B2B only).
+ One year term, monthly payments

Please contact us at for promotional pricing. or visit for more information.

network – the local subnet of the ISP is 192.168.1.x, which causes a VPN access problem

I did not understand why I was disconnecting a client-based VPN connection to a remote site with a 192.168.1.x subnet until I understood the ISPs modem runs a 192.168.1.x subnet for their own purposes.

I would prefer not to add routing statement on my own workstations as I anticipate that it would cause a lot of trouble and loss of productivity. I would like to add a roadmap to my firewall (the gateway before the subnet of my ISP) to correct the situation. .

However, I have no idea how to do that, nor even the wording of google search to get close to what I want to do. Do I want a zero route instruction, an instruction that sends packets to loop? I do not know, but we have the impression of a "division by zero".

In the end, I would like any device from my internal private subnet behind my firewall to think it's not there. subnet there. This should force all the traffic on the VPN.

What can be done to adjust this?

  • Internal private subnetwork:
  • Internal GW: (PFsense fw)
  • ISP provided internal subnet:
  • FAI GW: (Modem VZ)
  • Subnet of equipment provided by the ISP:

Traceroute without active VPN:

Tracking up to on up to 30 hops
1 8 ms 12 ms 4 ms kcactc-fw []
  2 10 ms 8 ms 5 ms
3 10 ms 9 ms 13 ms

network – Can I change the user name and password of the router provided by the ISP?

When I tried to connect to the interface of my router today, I noticed that the default user name and password were set. I want to change it because of the obvious dangers of exposure to my home network. Should I just log in and change the username and password without waiting for any kind of ISP complaint?

PS: The router was provided by the ISP as part of its Internet package.

wifi – How secure are the default random passwords that come with ISP routers?

Has not a little research one been unable to find an answer to that. Nowadays, many ISPs offer combined router / modem units. They come with a preconfigured password consisting of a random string of letters and numbers, such as 1kd94nc9. Are these passwords reasonably secure or should the end user change it for his or her own custom password (ignoring the fact that it can be difficult for someone to have one?). In memory)?

google analytics – How do I filter my personal IPv6 address in GA when my ISP constantly reassigns the address?

I want to configure IP address filtering in Google Analytics so that traffic from my home IP address is filtered out and not counted in the actual site traffic. That is to say. I am only interested in the traffic coming from IP addresses that are not those of the IP address of my home.

However, my provider is changing my IPv6 address almost every day. Google Analytics allows some regex matches as a filter parameter with the incoming IPv6 address. I can not include a template that is too specific (that is, a template that directly matches my current IPv6 address, for example 2601: 602: 8a00: d7d: 30c9: 8e0f: ecaf: 3f45 will only match my current IP address until the ISP changes it again.

I do not want to be too broad either. I know that the first 48 bits of an IPv6 address are specific to the ISP, and if I create a filter like 2601: 602: 8a00: * it may incorrectly filter otherwise valid network traffic from another access provider.

Is there a way to do this, or how do other people approach it? Thank you.

ISP – Dynamic IP Addresses: Is there a fix for the blacklist?

My Internet Service Provider (Verizon FIOS) assigns blacklisted IP addresses from various third party spam list services.

I discovered this when I could not create a new account on different email services. One of them 's technical support informed me that using a blacklisted IP address was a common cause of the problem and I was told that given some web addresses that check your IP address against different blacklist services (for example, blacklist-check /? and -blacklist-check.php). Indeed, my IP address was on nine different blacklists.

Verizon has tried to assign me new IP addresses from three different available ranges and address blocks. Everyone was on the same blacklists. Then for weeks, they claimed that they were fixing the problem or that the problem was solved, but nothing has changed.

Finally, one of their staff has informed me that the blacklist goes hand in hand with dynamic IP addresses and that Verizon does not care about anything. However, if I wanted to pay more and get a professional account, they would give me a static IP, which would be clean.

I am aware that a few years ago, problems such as Internet service providers with open relays resulted in the indexing of all their IP addresses. Years ago, I had problems with spammers who used blocks of IP addresses, which resulted in the addresses being blacklisted. Then one of these IP addresses would be assigned to me and I would have to go through the ISP to remove it from the blacklists.

Blacklisted IP addresses are apparently still a problem, but ISPs that do not solve the problem may not be the norm because no one could get online accounts. I try to better understand the problem and know what can be done to solve it.

  • Can I do anything, myself, to manage the blacklist services, collectively, so that my address will be removed from the list each time I get a new one (it does not seem that blacklist services are configured for this?))?
  • Is it reasonable to expect that my ISP will be able to remove its IP addresses from blacklists (that is, it is simply that Verizon has a monopoly in my area and So is there any reason to spend a penny of repairable problem resources or is spam associated with dynamic IP addresses an insoluble problem that Internet service providers no longer deal with?
  • Is the blacklist and its removal regulated by an entity that could be a source of leverage to solve the problem?

Identity theft and ISP – Information Security Stack Exchange

I have had multiple accounts open on my behalf. When I spoke to one of the account holders, this one stated that the order had been placed by my ISP. No one at my house could have opened this account. It is possible that a neighbor uses my ISP to open an account when he has my personal information. Also, is it possible that the fraud detection service of the online store where an account was opened in my name could easily tell me that the order came from my ISP?

network – What ISP does he know about my local network when I use their ONU?

I have FTTP (Fiber to the Premises) and a UN GPON given by my ISP. I know that they can see the host names and MAC devices connected to ONU. If I connect my personal router to this ONU, then connect a PC to my personal router. Will they be able to see the host name and MAC of the PC connected to my personal router? When I go to ONU Admin Webpanel, I see only the router's host name and MAC, and the devices connected to the router are not the same.