Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Flaw Shows Users' IP Addresses

Posted by Soulskill on from the illusion-of-privacy dept.

AHuxley writes "A VPN flaw announced at the Telecomix Cyphernetics Assembly in Sweden allows individual users to be identified. 'The flaw is caused by a combination of IPv6, which is a new Internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. ... The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to the connection broadcasting information that can be used to identify it. It's also relatively easy to find a MAC address (which identifies a particular device) and a computer's name on the network that it's on.' The Swedish anti-piracy bureau could already be gathering data using the exploit."

24 of 124 comments (clear)

  1. garbage in, garbage out... by Michael+Kristopeit · · Score: 2, Informative

    it's also relatively easy to spoof an IP address or MAC address.

    1. Re:garbage in, garbage out... by dotgain · · Score: 5, Insightful

      And it's just as sensible as spoofing your home address when ordering pizza that you ultimately want to eat.

    2. Re:garbage in, garbage out... by Rijnzael · · Score: 2, Informative

      MAC address sure, since your device's MAC address isn't used after your packets reach the ISP's border. However, I invite you to try to establish a full duplex connection using a spoofed IP. Sure, you can send packets using a spoofed IP provided your ISP allows you to send packets for IP's which they don't announce, but you're not getting the response to that packet back. This is actually the basis for DDoS reflection attacks.

    3. Re:garbage in, garbage out... by Rijnzael · · Score: 2, Interesting

      Definitely an interesting thought, though with a MITM attacker (presumably the person one is using Tor/VPN/whathaveyou to hide from) it would be pretty obvious that one isn't actually establishing true communication, as the TCP sequence numbers et al wouldn't make any sense, and the remote machine wouldn't be sending back any data packets. With UDP it might be less obvious, though it would be clear one is only sending and not receiving.

    4. Re:garbage in, garbage out... by quantumplacet · · Score: 4, Informative

      assigning a second IP address, that you also control, to an interface is not 'spoofing' in any sense of the word. If you assign an IP address that I control, then you're spoofing, at which point you have the same problem in IP6 that you have in IP4.

    5. Re:garbage in, garbage out... by vlm · · Score: 2, Informative

      Kind of two separate arguments.

      Lets look at the original posters claim

      MAC address sure, since your device's MAC address isn't used after your packets reach the ISP's border. However, I invite you to try to establish a full duplex connection using a spoofed IP.

      Now his point is that your MAC is irrelevant beyond your layer 2 link. OK, correct on ipv4.

      However, what if you use ipv6 and RFC 2462 "Stateless Address Autoconfiguration" which basically picks your ipv6 address based on your MAC address. Wedging a 48 bit mac address into, say, a /28 of ipv4 space isn't going to work too well, but wedging a 48 bit mac address into a /64 LAN of ipv6 works pretty well.

      http://www.ietf.org/rfc/rfc2462.txt

      Now the argument is that no matter which ISP you connect to, or which starbucks you connect to, etc, you can always correlate that large collection of 128 bit ipv6 addresses in a log by trashing the upper 64 bits and figuring out which 48 bit mac addresses map into the /64 ipv6 addresses.

      Even worse, the top 24 bits of the mac define the device manufacturer, so no matter where you go in the world, people know you've got an apple, or whatever.

      So, "your device's MAC address isn't used after your packets reach the ISP's border" isn't really true if your layer 3 address depends directly on your layer 2 address.

      On the other hand, if instead of using your autoconfigured address, you fake or "spoof" some other random /64 on the LAN, then you can't be tracked. Now if you do this at work, your local net nanny is going to get all teed off that some "unknown" mac address is online, because look at that ipv6 address that doesnt match any known inventoried hardware MAC address.

      You can insist that using a "fake" MAC is not spoofing, or whatever, but then you're getting into pointless naming games.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  2. Any Network Admin worth his weight... by bagboy · · Score: 2, Informative

    has not been using pptp for vpn for quite some time. IPSEC (AES) anyone? Just sayin.

    1. Re:Any Network Admin worth his weight... by drinkypoo · · Score: 4, Informative

      Any Network Admin worth his weight has not been using pptp for vpn for quite some time. IPSEC (AES) anyone? Just sayin.

      IPSEC doesn't have to use AES, it supports other ciphers. Further, PPTP does not specify encryption, but Windows clients use MPPE, which is RSA RC4.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Wait, IPv6+PPTP+IPSEC only? by drinkypoo · · Score: 5, Informative

    You don't need PPTP if you're using IPSEC and IPv6. Even Microsoft clients don't need it any more.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Tor by Rijnzael · · Score: 4, Insightful

    I seriously doubt any reasonable level of donations will ever allow the Tor network to add the kind of capacity required to torrent. I think it has many more important needs than that anyway.

  5. IPv6 by Perl-Pusher · · Score: 4, Funny

    IPv6, which is a new internet protocol due to replace the current IPv4

    My grand kids will probably be saying that to their grand kids.

    1. Re:IPv6 by xanadu113 · · Score: 2, Interesting

      Right after we get switched to the metric system!

      In elementary school, they ONLY taught me the metric system, because it was going to replace the english system by the time I graduated high school... I'm still waiting...

      --
      -Myke
    2. Re:IPv6 by DdJ · · Score: 4, Funny

      Actually by then, it'll be IPv6.1 ...

      ...unless you're running on a Microsoft operating system, in which case it'll be "IPv6.11 for Workgroups".

  6. Re:Tor by TheRealMindChild · · Score: 4, Insightful

    Not only that, but Tor isn't nearly as secure as most people think it is

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  7. Re:Tor by Rijnzael · · Score: 2, Interesting

    Good point, anyone can host a Tor node, and I'm sure we can bet the bad guys are hosting just as many or more than the good guys. Web of trust for Tor, anyone?

  8. Re:Tor by bsDaemon · · Score: 2, Insightful

    In order to have a web of trust, don't you need to be able to establish the identity of the other people in your web to a reasonable degree of certainty? Wouldn't verifiable identities undermine the concept of anonymity that is the whole purpose of Tor?

  9. Re:Tor by Rijnzael · · Score: 2, Informative

    The Tor nodes themselves are actually quite identified, as you can see by the hostnames/IP's of the nodes themselves. The clients are the ones who are anonymous, as is intended.

  10. User flaw shows dilluded sense of privacy on net by Bob_Who · · Score: 2, Interesting

    The only flaw is when people believe that VPN or any other network technology streaming on the public superhighway via telecoms and satellite networks is absolutely private and secure 100% of the time. Once you fix that defect, the rest won't matter anymore. Too bad our national security experts are having so much difficulty with that concept, since its bad for business to accept reality or to tell the truth, in general.

  11. So, what's the move? by b0bby · · Score: 2, Interesting

    What, then, is the best way to preserve anonymity when using, for instance, BitTorrent? I have looked at services like BTGuard & Predator, but there's always a little spidey-sense tingle of lack of trust...

  12. Cipher Conference Video by SJ2000 · · Score: 3, Informative

    The conference video apparently.

  13. Re:Tor by Rijnzael · · Score: 2, Interesting

    I think persistently sending a file over SSL over Tor to wikileaks might be somewhat suspicious to a malicious man in the middle listening for as much. Hiding who one is talking to is still as important as hiding what is said.

  14. Re:doesen't IPv6 drop some of need for VPN? by vlm · · Score: 2, Interesting

    My thinking is that NATing on IPv6 will continue to be OK for security reasons

    My thinking is we're going to see massive namespace pollution in the marketing world. Since most people use "nat security" as basically a complicated as heck one way valve, and its "expensive" to do nat compared to simple state based firewalls, I suspect the marketing droids are going to get simple state based firewalls that only allow outgoing connections from engineering, and then sell them as "ipv6 NAT" even though theres no address translation going on.

    After all, its the same as ipv6 NAT because it allows you to connect your lan to the internet and it only allows outgoing connections, so it must be marketed with the same name.

    Who cares if the engineers know that NAT actually means something.

    And when it happens, you can say you saw it here on slashdot, first.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  15. Re:Tor by Tacvek · · Score: 2, Informative

    Somebody who listens to your tor traffic at your end has absolutely no way of telling who you are communicating with. so who you are talking to is just as hidden as what you say. All packets in the tor network are encrypted in such a way that the contents are only ever known by the exit node. There is little point in using SSL if sending a file to wikieaks via tor, since only wikileaks and the exit node would see the plaintext even over plain old http, and neither would be able to determine who or where the sender was. If wikileaks is going to publish what you sent anyway, so the exit node could see it upon publication, there is little reason to hide anything, unless there is identifying information in your submission that wikileaks has agreed not to republish. In that case using SSL over tor to talk to wikileaks makes good sense.

    You would use SSL over Tor only if there was some reason why the it would be undesirable for the exit node to hear what you are saying, and you also want to hide your identity or perhaps only your location from the server you are talking to.

    --
    Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
  16. Re:Tor by Hatta · · Score: 2, Informative

    The exit node might know that there's an SSL connection going through his computer that terminates at wikileaks. If everything is configured properly he should be unable to determine where that SSL connection originated.

    --
    Give me Classic Slashdot or give me death!