Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Flaw Shows Users' IP Addresses

Posted by Soulskill on from the illusion-of-privacy dept.

AHuxley writes "A VPN flaw announced at the Telecomix Cyphernetics Assembly in Sweden allows individual users to be identified. 'The flaw is caused by a combination of IPv6, which is a new Internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. ... The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to the connection broadcasting information that can be used to identify it. It's also relatively easy to find a MAC address (which identifies a particular device) and a computer's name on the network that it's on.' The Swedish anti-piracy bureau could already be gathering data using the exploit."

3 of 124 comments (clear)

  1. Wait, IPv6+PPTP+IPSEC only? by drinkypoo · · Score: 5, Informative

    You don't need PPTP if you're using IPSEC and IPv6. Even Microsoft clients don't need it any more.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:Any Network Admin worth his weight... by drinkypoo · · Score: 4, Informative

    Any Network Admin worth his weight has not been using pptp for vpn for quite some time. IPSEC (AES) anyone? Just sayin.

    IPSEC doesn't have to use AES, it supports other ciphers. Further, PPTP does not specify encryption, but Windows clients use MPPE, which is RSA RC4.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Re:garbage in, garbage out... by quantumplacet · · Score: 4, Informative

    assigning a second IP address, that you also control, to an interface is not 'spoofing' in any sense of the word. If you assign an IP address that I control, then you're spoofing, at which point you have the same problem in IP6 that you have in IP4.