What does the Wireless ISP (WISP) "see" when I'm using VPN fromhome?

Discussion in 'Wireless Internet' started by Yaroslav Sadowski, Sep 5, 2014.

  1. I start a new job next Monday, and my new company requires me to use
    their VPN server but my wireless ISP contract was for personal use only.

    I realize that the WISP can see all my unencrypted traffic, but, what
    does any future VPN /encrypted/ traffic look like to my WISP?

    Specifically, can the WISP tell I'm using VPN?
    Or does everything just look like https encrypted traffic to the WISP?
     
    Yaroslav Sadowski, Sep 5, 2014
    #1
    1. Advertisements

  2. It might be, if you connect to the appropriate port (443, I think) on
    hosts (IP addresses) which are conceivably HTTPS servers. Figuring that
    last bit out includes some amount of discretionary decision-making on the
    part of WISP (i.e. is this usage pattern consistent with someone who uses
    a lot of video steaming from a single HTTPS server during work hours or
    is there something fishy going on?).
     
    Aleksandar Kuktin, Sep 5, 2014
    #2
    1. Advertisements

  3. Yaroslav Sadowski

    Jasen Betts Guest

    You need your ISPs definition of personal.

    Net traffic being sent to and from you personally strikes me a being
    personal, in that it is to and from you personally. If someone is
    paying you to participate is that any business of your ISP?
    If they care to look it's a persistent encrypted stream to a single
    endpoint. what it resembles most is traffic to a VPN node.
    If they probe the VPN node or reason from it's IP address they could
    be pretty sure. dunno what lawyers would make of that.
    they can't read the content, but they can examine the frequency and
    size of the transfers.
     
    Jasen Betts, Sep 5, 2014
    #3
  4. Yaroslav Sadowski

    John Hasler Guest

    Connecting to one's employer's VPN via a residential "personal use only"
    internet service is commonplace. Don't worry about it. Your ISP just
    doesn't want you running a Web store or a paid subscription newsletter
    service or somesuch.
     
    John Hasler, Sep 5, 2014
    #4
  5. Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 00:32:45 +0000:
    What does my VPN traffic look like that "tells" them I'm
    using VPN?
     
    Yaroslav Sadowski, Sep 5, 2014
    #5
  6. Jasen Betts wrote, on Fri, 05 Sep 2014 12:18:19 +0000:
    I've never "seen" encrypted traffic, but I assume it's just a
    bunch of numbers to an IP address (presumably of the VPN server).

    Does the WISP see that IP address of that VPN provider?
     
    Yaroslav Sadowski, Sep 5, 2014
    #6
  7. Yaroslav Sadowski

    Caver1 Guest

    Yes
     
    Caver1, Sep 5, 2014
    #7
  8. Caver1 wrote, on Fri, 05 Sep 2014 12:35:01 -0400:
    I was afraid of that.

    So, just so that I understand, what you're telling me is that
    the WISP can "see" that I'm going to go to a certain IP address,
    on various ports, which he can reverse DNS to figure out that
    this IP address corresponds to a VPN provider.

    The various ports would include everything, such as nntp, smtp,
    http, ssh, telnet, https, pop, imap, etc.

    Can the ISP also tell what PORT that traffic is on, or does all
    traffic to a VPN go over a single encrypted port?
     
    Yaroslav Sadowski, Sep 5, 2014
    #8
  9. Yaroslav Sadowski

    Caver1 Guest

    I don't think they see the port. When you first connect it is
    unencrypted. More then likely it is encrypted once you login. They can
    see your IP and the IP that you are connecting to. WISP probably doesn't
    look at your traffic unless there is a problem, In which case they look
    at the load of traffic not necessarily the IPs unless they narrow it
    down to a certain user. Or if the Gov't comes after it.
     
    Caver1, Sep 5, 2014
    #9
  10. Well, there is a lot of it, it is encrypted, and the remote end is on a
    host:port pair that is "unusual".

    When browsing through SSL, there is normally only little data coming from
    your machine and a lot of data coming from the remote machine. Your VPN
    connection will probably be more symmetrical.

    Encryption of traffic gets all sorts of fascists worked up. It is also a
    normal part of VPN operation.

    Host:port pair is not necessarily specific to VPNs, but it will probably
    be unusual enough that any sane admin in your WISP will suspect a VPN.
    Provided he cares enough about it.

    There may also be other things: maybe the VPN setup is dead giveaway,
    maybe link teardown.
     
    Aleksandar Kuktin, Sep 5, 2014
    #10
  11. Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 18:37:03 +0000:
    I am unfamiliar with VPN, so, may I just ask if the VPN connection uses
    a particular port (such as 23, or 443, or whatever), or, if they use
    any port that they want?
     
    Yaroslav Sadowski, Sep 5, 2014
    #11
  12. Yaroslav Sadowski

    alexd Guest

    There are standard ports [eg 4500 for IPsec NAT traversal], but really, any
    port they want.

    --
    <http://ale.cx/> (AIM:troffasky) ()
    21:19:03 up 5 days, 11:34, 7 users, load average: 0.28, 0.38, 0.40
    "If being trapped in a tropical swamp with Anthony Worral-Thompson and
    Christine Hamilton is reality then I say, pass the mind-altering drugs"
    -- Humphrey Lyttleton
     
    alexd, Sep 5, 2014
    #12
  13. And if your ISP notices and starts to hassle you (which I also doubt
    that they are going to do) , switch ISPs or
    persuade you company to buy you the commercial use service.
     
    William Unruh, Sep 5, 2014
    #13
  14. Once the connection is made, it looks like random garbage. It is in the
    making of the connection there there may be enough info for them to
    decide it is a VPN connection attempt. (for example for ssh, you connect
    to port 22-- although you can change that, to, for example, port 80 in
    which case it will look like encrypted http data. For openvpn it is prot
    1194.)
     
    William Unruh, Sep 5, 2014
    #14
  15. Of course. They have to deliver the packets to the right place.
     
    William Unruh, Sep 5, 2014
    #15
  16. No. He can figure out that that address is your company's address. He
    has not idea what they provide.
    Depends. There are "standard"ports for those, but you and they can agree
    on any port you want.
    It goes over a single port. Remember each packet has to be delivered by
    your ISP and others along the route, to the right computer, and that
    computer has to figure out what to do with that packet (port). It has to
    differentiate between a packet which is supposed to go to the VPN and
    which goes to ntpd say.
     
    William Unruh, Sep 5, 2014
    #16
  17. alexd wrote, on Fri, 05 Sep 2014 21:24:20 +0100:
    Just to be clear, does that mean that, say, if I'm on port 119 on the
    computer while connected to the VPN server, that the WISP has no idea
    that I'm on port 119 because they only "see" the VPN server port?

    Likewise, if I then switched to port 1000 or to port 2000 (or whatever),
    is the switchover likewise invisible to the WISP because all they see is
    the VPN port (whatever that may be)?
    I think that answered the question above.
    Is this summary correct?

    1. The WISP can "see" the IP address of the VPN server.
    2. The WISP can "see" the port of the VPN server.
    3. All "traffic" is garbage to the WISP.
     
    Yaroslav Sadowski, Sep 5, 2014
    #17
  18. William Unruh wrote, on Fri, 05 Sep 2014 20:34:18 +0000:
    That confuses me since, it seemed, people said that the way VPN works is
    that all traffic (no matter which port it's on) is all on a *single* port
    to and from the VPN server.

    So, that would mean that nntp, smtp, http, ssh, telnet, https, pop, imap,
    etc. traffic, on my side, would be on whatever single port the VPN
    connection was on, from the standpoint of the WISP in the middle.

    Is that not correct?
     
    Yaroslav Sadowski, Sep 5, 2014
    #18
  19. Yaroslav Sadowski

    Char Jackson Guest

    In this case, "the right place" is the next hop. :)
     
    Char Jackson, Sep 5, 2014
    #19
  20. William Unruh wrote, on Fri, 05 Sep 2014 20:31:05 +0000:
    Given all these answers, it seems the WISP sees this:
    1. The IP address of the VPN server.
    2. The (single) port used by the VPN server.
    3. The sheer amount of bits to and from that VPN server.

    It seems, I think, from the answers, that the WISP does not see:
    a. The port (e.g., nntp, smtp, http, ssh, telnet, https, pop, imap, etc.).

    Is that correct yet?
     
    Yaroslav Sadowski, Sep 5, 2014
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.