anon
24.12.15, 06:40
This is not new, but worth posting nonetheless.
A newly discovered vulnerability can expose the real IP-addresses of VPN users with relative ease. The issue, which affects all VPN protocols and operating systems, was uncovered by Perfect Privacy who alerted several affected competitors to the threat before making it public.
Huge Security Flaw Can Expose VPN Users' Real IP-Adresses - TorrentFreak (https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/)
You can read all the details on that article and here (https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/), but I'll give a quick summary. An attacker must be using the same VPN provider and server as you. They must then dupe you into opening a connection to that server, but on a port that is forwarded to them - so that it gets done with your real address. It's a pretty clever trick. Removing the default gateway for your adapter and adding routes for the VPN servers only won't solve this, but a set of firewall rules disallowing connections to those servers on ports other than the ones required to connect does.
A newly discovered vulnerability can expose the real IP-addresses of VPN users with relative ease. The issue, which affects all VPN protocols and operating systems, was uncovered by Perfect Privacy who alerted several affected competitors to the threat before making it public.
Huge Security Flaw Can Expose VPN Users' Real IP-Adresses - TorrentFreak (https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/)
You can read all the details on that article and here (https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/), but I'll give a quick summary. An attacker must be using the same VPN provider and server as you. They must then dupe you into opening a connection to that server, but on a port that is forwarded to them - so that it gets done with your real address. It's a pretty clever trick. Removing the default gateway for your adapter and adding routes for the VPN servers only won't solve this, but a set of firewall rules disallowing connections to those servers on ports other than the ones required to connect does.