VPN Flaw Shows Users' IP Addresses

← Back to Stories (view on slashdot.org)

VPN Flaw Shows Users' IP Addresses

Posted by Soulskill on Monday June 21, 2010 @05:22AM from the illusion-of-privacy dept.

AHuxley writes "A VPN flaw announced at the Telecomix Cyphernetics Assembly in Sweden allows individual users to be identified. 'The flaw is caused by a combination of IPv6, which is a new Internet protocol due to replace the current IPv4, and PPTP (point-to-point tunneling protocol)-based VPN services, which are the most widely used. ... The flaw means that the IP address of a user hiding behind a VPN can still be found, thanks to the connection broadcasting information that can be used to identify it. It's also relatively easy to find a MAC address (which identifies a particular device) and a computer's name on the network that it's on.' The Swedish anti-piracy bureau could already be gathering data using the exploit."

9 of 124 comments (clear)

Min score:

Reason:

Sort:

Wait, IPv6+PPTP+IPSEC only? by drinkypoo · 2010-06-21 05:27 · Score: 5, Informative

You don't need PPTP if you're using IPSEC and IPv6. Even Microsoft clients don't need it any more.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:garbage in, garbage out... by dotgain · 2010-06-21 05:28 · Score: 5, Insightful

And it's just as sensible as spoofing your home address when ordering pizza that you ultimately want to eat.
Re:Tor by Rijnzael · 2010-06-21 05:29 · Score: 4, Insightful

I seriously doubt any reasonable level of donations will ever allow the Tor network to add the kind of capacity required to torrent. I think it has many more important needs than that anyway.
IPv6 by Perl-Pusher · 2010-06-21 05:30 · Score: 4, Funny

IPv6, which is a new internet protocol due to replace the current IPv4

My grand kids will probably be saying that to their grand kids.
1. Re:IPv6 by DdJ · 2010-06-21 05:58 · Score: 4, Funny
  
  Actually by then, it'll be IPv6.1 ...
  ...unless you're running on a Microsoft operating system, in which case it'll be "IPv6.11 for Workgroups".
Re:Tor by TheRealMindChild · 2010-06-21 05:33 · Score: 4, Insightful

Not only that, but Tor isn't nearly as secure as most people think it is

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Re:Any Network Admin worth his weight... by drinkypoo · 2010-06-21 05:34 · Score: 4, Informative

Any Network Admin worth his weight has not been using pptp for vpn for quite some time. IPSEC (AES) anyone? Just sayin.
IPSEC doesn't have to use AES, it supports other ciphers. Further, PPTP does not specify encryption, but Windows clients use MPPE, which is RSA RC4.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Cipher Conference Video by SJ2000 · 2010-06-21 05:58 · Score: 3, Informative

The conference video apparently.
Re:garbage in, garbage out... by quantumplacet · 2010-06-21 06:03 · Score: 4, Informative

assigning a second IP address, that you also control, to an interface is not 'spoofing' in any sense of the word. If you assign an IP address that I control, then you're spoofing, at which point you have the same problem in IP6 that you have in IP4.