First some background.

Recently, a friend of mine switched ISPs. His previous one was slow and had no intentions of improving their infrastructure. What really made him pull the plug on them was the fraudulent charges on his invoice and their poor (non existent) customer service.

His current ISP (which I won’t reveal), provides him with a much cleaner and faster (though not symmetric) connection. You know, a real broadband connection.

While no mechanism is invulnerable or impenetrable, I try to implement at least some basic security measures on a home network. As soon as the installers leave, I begin tinkering with things.

Connecting devices (PCs, tablets, cellphones, you name it) directly to the ISP’s gear is a big no no, so the first thing I do is disable the WiFi on the ISP router and only hookup a router (which I own and can setup to my liking). That way a barrier is created between the ISP and the internal network. Double NAT is not an issue since ISPs these days are going the Carrier Grade NAT route anyways.

One of the settings I always customize on my routers is the DNS servers. In my experience I can obtain better performance and reliability while using custom DNS servers. Also, it doesn’t matter if the ISP DNS servers go down and the ISP doesn’t get to log any DNS activity.

After setting things up, I visit some websites like IPLeak for example to make sure things are working the way they’re supposed to. Well, to my surprise (or shuld I say to my horror) I see the ISP DNS servers and not the ones I specified. I rechecked settings, tried different DNS servers, same result, there is a dns leak.

What this means is, the ISP is actively intercepting DNS requests and redirecting them to their own DNS servers. DNS can be a powerful tool (weapon) for an ISP to keep logs of your activities, block websites (or substitute them).

The best way to protect your activities from the prying eyes of your ISP is to subscribe to a good VPN service and setting it up on the router, that way, every device on the local network will connect to the internet via the VPN tunnel.