In order to maintain anonymity and also to maintain privacy many users uses VPN (Virtual Private Network) which uses encrypted transmission of messages. Recently a vulnerability has been found that affects almost all the VPN providers.
The simple concept behind VPN is that the sender will be connected to the destination like a secret tunnel and all the communication that flows through the tunnel is encrypted such as to avoid sniffing.
There are many VPN providers who provides free as well as some are paid services. The new vulnerability #Port Fail allows attackers to reveal the real IP address of the victim.
Discovered by VPN provider Perfect Privacy (PP) is a simple port forwarding trick. Port Forwarding is nothing but diverting all the traffic to a user defined port so as to sniff the packets.
This vulnerability requires that the attacker and the victim needs to be in the same network and the protocols that are vulnerable are
OpenVPN and IPSec (Which provides security to the IPv6).
This vulnerability can be exploited by simply forwarding the traffic and for that he / she must know the exit IP address. Some vendors has patched this vulnerability and users are recommended to update their software to avoid further attack.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment