Privacy Vulnerability Exposes VPN Users' Real IP Addresses

An anonymous reader writes: A major security flaw which reveals VPN users' real IP addresses has been discovered by Perfect Privacy (PP). The researchers suggest that the problem affects all VPN protocols, including IPSec, PPTP and OpenVPN. The technique involves a port-forwarding tactic whereby a hacker using the same VPN as its victim can forward traffic through a certain port, which exposes the unsuspecting user's IP address. This issue persists even if the victim has disabled port forwarding. PP discovered that five out of nine prominent VPN providers that offer port forwarding were vulnerable to the attack.

Clever but not earthshaking.

[houstonbofh]

Essentially, you are having the user connect to the internal address of the VPN server for your forwarded port, and therefore you do not go through the VPN or NAT. A good VPN service will have bound your port to the external address only, and this would not work. And the bad ones will fix this quickly, I bet.

Bigger problems

[ilsaloving]

The only requirement is that the attacker has port forwarding enabled on the same VPN network as its target. A phishing link or laced image file, for example, is then sent to the victim which leads the traffic to a port under the hacker’s control.

So... using a social engineering attack can expose the victim's IP address. Am I missing something? Cause to me this falls under the category of "Well no shit, Sherlock!" If you can convince a user to run a malicious payload, then having an IP address exposed is the least the victim's problems.

Re:Bigger problems

If someone obtains a VPN connection and routes all of their traffic over that connection, it's reasonable for them to assume that their real IP address won't "leak." Masking one's origin is often the entire purpose of a VPN, at least from a consumer standpoint. Even if the user opens malware or clicks a specially crafted link, there should still be an expectation that any resulting traffic won't reveal the user's true IP. Some of the commercial VPN services are obviously doing it properly, as the exploit doesn't work on their networks.

Re:Bigger problems

So:

"A major security flaw which reveals VPN users' real IP addresses has been discovered by Perfect Privacy (PP). The researchers suggest that the problem affects all VPN protocols, including IPSec, PPTP and OpenVPN"

Is a misleading scare tactic opening, and "Privacy Vulnerability Exposes VPN Users' Real IP Addresses" is a scare tactic title, when it should really be "poorly implemented VPNs can leak users real IP"

Re:Bigger problems

[AHuxley]

For that a list of who kept the IP would be needed so the product offered can be better understood.
Is it having all servers in one nation under one brands internal control?
Servers in a lot of nations but under total control of the brand?
Some internal network with a way in and a totally different server network out?
An external wired router passing the totality of all OS, app network traffic to a VPN should not be leaking any ISP ip.

Re:Bigger problems

[turbidostato]

"Masking one's origin is often the entire purpose of a VPN, at least from a consumer standpoint."

Uhhh... nope, why should that be the case?

The purpose of a Virtual Private Network is to, well, Virtually making a Private Network, as if it was Local (LAN is another interesting acronim here) over other non-local networks.

And then, the article states " The technique involves a port-forwarding tactic whereby a hacker using the same VPN as its victim can forward traffic through a certain port, which exposes the unsuspecting user's IP address."

The same VPN! Why talking about "unsuspecting users"? The very purpose of a VPN is that those using it can get in touch to begin with!

Re:Bigger problems

[undecim11]

The point is that a VPN is used to hide your IP address, but with this vulnerability, a single web page can subvert that. All the attacker needs to trick you into doing is opening a single TCP connection. This can be done with a single img or iframe tag on a page. It's not running a malicious payload, it's browsing the internet

Re:Bigger problems

[whoever57]

The term VPN has been co-opted by providers that provide VPN and routing services. People pay for this service so that they can mask their true location -- for example, to use video services not available in their country.

Individual users are not using the VPN to connect to each other, but instead to connect to the VPN endpoint, from where their encapsulated packets are routed to the destination website (and obviously, the replies are routed back the same way)

Re:Bigger problems

[Antique+Geekmeister]

>> "Masking one's origin is often the entire purpose of a VPN, at least from a consumer standpoint."

> Uhhh... nope, why should that be the case?

To avoid a subpoena for the records of the connecting IP address, or to fool geo-IP based content restrictions from blocking people outside the UK from watching BBC programs, or to evade the "Great Firewall" of China, or to avoid tracking a command control center for a botnet, or to avoid detection of the "amazing offer" as coming from Nigeria, or simply to send spam from IP addresses which are not in public blacklists.

Re:Bigger problems

[bingoUV]

Duh, attacker is a script.

Re:Bigger problems

[turbidostato]

"The term VPN has been co-opted by providers that provide VPN and routing services. People pay for this service so that they can mask their true location -- for example, to use video services not available in their country."

Oh, I see now! People got fooled into buying a VPN service when they wanted and anonymizer service.

"Individual users are not using the VPN to connect to each other, but instead to connect to the VPN endpoint, from where their encapsulated packets are routed to the destination website"

And then, the protocol works as designed instead of how an ignoramus thought it worked. Surprise, surprise!

Re:Bigger problems

[Bengie]

If you're running a dragnet rather than spear-fishing, you just need to put the link out there somewhere

Then everyone in the world will hit that with their public IP. How can you tell the difference between the public IP of your targets and the 1,000,000,000 other IPs?

Re:Bigger problems

[turbidostato]

"To avoid a subpoena for the records of the connecting IP address, or to fool geo-IP based content restrictions"

No. That's -maybe, what a consumer would want, not what a VPN offers.

VPN offers seamless connectivity between two non-topologically contiguous data networks, not anonymity.

Re:Bigger problems

[turbidostato]

"VPN means "encrypted proxy". Nothing more, nothing less, at least in this context."

Yeah, well... and RAID means backup. But then, surprise, surprise!

Re:Bigger problems

[turbidostato]

"In other words, masking one's origin to make it appear you're part of a different network..."

Sorry no, but no. Masking oneself to look like coming from a different network is -who would imagine, "masquerading". VPN is tunneling so you don't see the multiple hops between your network and the one on the other side of the tunnel so, in fact, it more helps than hinders, the other side to know your real IP address.

Re:Bigger problems

[dave420]

VPNs and anonymous proxies are both used for avoiding geo-blocking. Saying someone should only use the latter is somewhat silly, considering anonymous proxies are even more leaky than a well-configured VPN.

Re:Bigger problems

[dave420]

They don't want anonymity! They want to bypass geo-blocking. That is a perfect use for a VPN.

Re:Bigger problems

[dave420]

You really should read up about VPNs as you seem woefully misinformed about how they work and what they are used for. Seriously. It was funny before, but now it's kind of embarrassing.

Re:Bigger problems

[turbidostato]

"They want to bypass geo-blocking. That is a perfect use for a VPN."

No, it isn't, or else, this full Slashdot article wouldn't exist.

Re:Bigger problems

[Slashdot+Parent]

If you can convince a user to run a malicious payload, then having an IP address exposed is the least the victim's problems.

It's not as hard as you'd think. All you have to do is convince a user to make a connection to the VPN provider's IP at a specific port.

In a common VPN use case where the VPN user doesn't want his IP known to the world, torrenting, it's pretty easy to convince a torrent client to connect to a specific IP/port: just join the swarm on that specific IP/port and wait for your target's torrent client to connect to you! It doesn't matter how savvy the computer operator is when the torrent client is a dumb piece of software.

If I were to torrent via VPN, I'd definitely be blacklisting my VPN connection's external IP address from my torrent client!

Untold requirement?

[manu0601]

TFA says that it is possible to trigger a request to the VPN gateway itself, by embedding a link to its address (example: <img src=”http://1.2.3.4:12345/x.jpg”>, and that request will show the real IP.

But in order to get the real IP? the attacker must be able to eavesdrop the traffic between the victim and the VPN gateway, right?

Re:Untold requirement?

[undecim11]

No. The attacker forwards a port on the VPN gateway. This means that the attacker recieves any traffic on that port already, including the victim's IP. All the attacker needs is the same level of VPN access that the victim is paying for.

Re: Damn people are getting dumb

[RubberDogBone]

This is a mistake, then. If you want to torrent and avoid copyright holders, you need to use a SEED BOX somewhere overseas where they don't keep records. And then VPN from your home or whatever into that seed box. The box runs your torrents for you. The only traffic your IP sees is the encrypted transfers of completed files between you and the seed box. NOT VPN'd torrents.

This is of course not foolproof but it adds a nice layer between your own IP and the infringing activity. It also helps if you are on a bandwidth capped account as your connection doesn't have to support all the torrent traffic. And for cost, a seed box with VPN is not a lot more than a VPN alone. So it's not a big deal.

Well, a lot of people use vpns to hide their torrenting, and IP addresses are how copyright trolls find you and send you letters, so it kinda is an issue if you're paying for a VPN to hide your torrenting, and thus not get caught

Is that a secret?

[Marc_Hawke]

I don't know that VPN's are supposed to hide the end IP addresses. They made a tunnel through the Internet so you can 'pretend' to be on the same Local network as the remote host. (That's the Virtual part.) They also encrypt that traffic so the Internet doesn't get to listen to what you say. (That's the Private part.)

No where in VPN do I see that it's an 'anonymizing proxy' or something else that's supposed to obfuscate either of the end-points. Sure a lot of people started using VPN's for that purpose, but claiming there's a vulnerability or flaw in IPSec or OpenVPN because it's not 'anonymizing' seems like you've missed the mark a bit.

Re:Is that a secret?

[AHuxley]

The "anonymizing" part is that the VPN becomes your IP for that session.
The ip found on the net should always stop back at the VPN provider. Thats the idea of the router for a system like openvpn. Your entire OS, all apps, web use can only connect via the VPN, no leaking an ISP IP out. The idea that anyone looking back from the VPN IP can see the users ISP is not the best news.

Re:Is that a secret?

[turbidostato]

"The "anonymizing" part is that the VPN becomes your IP for that session. "

That's a side effect at most.

"Your entire OS, all apps, web use can only connect via the VPN, no leaking an ISP IP out"

Sorry, but seemingly you don't understand what you are talking about. Once stablished, your Virtual Private Network is a Network just like any other else: you can route it, bridge it, masquerade it... In fact, that's the very goal of a VPN: making two topologically disconnected networks look like connected through a topologically local network (single hop).

"The idea that anyone looking back from the VPN IP can see the users ISP is not the best news."

Well, it isn't even news: that's the exact feature that allows, for instance, to connect two distant offices' networks as if they were one hop away.

Re:Is that a secret?

[AHuxley]

Re 'Well, it isn't even news: that's the exact feature that allows, for instance, to connect two distant offices' networks as if they were one hop away."
This is more about the services offered to show a VPN providers IP vs an ISP rather than a traditional "two distant offices" secure networking.

Re:Is that a secret?

[turbidostato]

" This is more about the services offered to show a VPN providers IP vs an ISP rather than a traditional "two distant offices" secure networking."

So what? The expectation is exactly the same: what happens on a node working as ending point for a VPN with regards other networks that node has access to is up to the node, not the VPN.

So if a VPN ends in my computer I'll give for granted all other networks on my computer are visible to the other end unless I'm taking positive steps for that not being the case.

Re:Is that a secret?

[AHuxley]

The idea is the rest of the world will only ever see the VNP ip, not the users ISP ip. The leak exposed the users original ISP ip from the VPN ip.

Re:Is that a secret?

[AK+Marc]

It's not a VPN. They just use VPN protocols to connect two machines, one is the user, and the other is a proxy. VPN is used incorrectly for 90% of "VPN services" out there.

Security services vs VPN?

[AHuxley]

Ideas like this show why VPN use was not a huge issue "Revealed: how US and UK spy agencies defeat internet privacy and security" (6 September 2013)
http://www.theguardian.com/wor...
".. decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to
provide secure remote access .."
or under the new UK net laws "Snooper's Charter: Why aren't VPNs and Tor mentioned in the Investigatory Powers Bill?" (November 5, 2015)
http://www.ibtimes.co.uk/snoop...
".. but surprisingly, nowhere in the proposal does it mention the use of Virtual Private Networks (VPN)."

What can be done? Some creative way for an internal double VPN?
This could also show that VPN use is vulnerable at a city, state, private sector or federal level/budget rather than just a shorter list of advanced nations with a domestic collect it all capability.

Re:Security services vs VPN?

[AHuxley]

The issue is that your isp ip from the VPN ip could be discovered at a low cost and by a lot of different interested groups.
A good wired modern router with OpenVPN support will often offer a fast, newer dual core cpu that can support the needed encryption.
That should cover any leaking from within the users OS, apps, software, malware.

This is absolutely nothing

[dilvish_the_damned]

Exposing internal IP addressses to other entities inside the VPN would be the 'N' part of VPN. The Private, or 'P' part is really meant for everone else. Why are these people short a whiteboard on this?

Re:This is absolutely nothing

This isn't about exposing internal IP addresses.

The idea is that the victim's routing table allows access to the VPN's server, in order to route your encrypted traffic there.

The attacker set's up port forwarding on the VPN, and gets you to connect to that forwarded port somehow.

Because your traffic to the VPN isn't tunneled through the VPN, your real IP address is used to connect to the VPN server on that port, which then gets forwarded to the attacker and then they can see your real IP address.

correct, there is always a host route to the vpn-provide, which must bypass the tunnel. So the solution is to block all outgoing ports to the vpn server, except 1194 or whatever vpn port is used, and possibly DNS (however I'd rather use my own DNS server, which connects through a different vpn to 8.8.8.8)
Also, by cascading two vpn-tunnels this attack is easily foiled

How it actually works

[itsme1234]

First of all this assumes the VPN incoming and outgoing IP is the same. This would be expected if you're using your home router as your VPN as you have only one IP but I don't think it should be for larger commercial providers, especially if you're using them to "hide you".

Then it assumes the attacker can open ports on that IP (as a feature offered by the provider). If you connect to that IP:port you'll be doing it over your normal non-encrypted interface because of the way the routing table is configured on your machine.

This is easy to prevent and if you are using the VPN to "hide" you should already have such mechanisms in place (mostly to make sure you aren't leaking packets over your normal interface once your VPN and the network interface/route associated with it is down). One way is to personal-firewall-limit your "problem" apps (like browser or torrent client) to the VPN interface so they can never talk over your normal network. This can still leak via more advanced attacks (is flash spawned as separated process?) so probably the only safe way would be to block in your (external to VPN machine) firewall EVERYTHING except vpn_ip:port.

Re: Damn people are getting dumb

[dotancohen]

This is a mistake, then. If you want to torrent and avoid copyright holders, you need to use a SEED BOX somewhere overseas where they don't keep records.

Or how about a more novel idea: Instead of paying to avoid copyright, either actually pay for the movies you watch or don't watch them. Seriously, I use a VPN and I use bittorrent for legitimate purposes, and you are ruining my ability to use my tools responsibly.

Just like the idiots that shine laser pointers at landing airplanes so now I cannot use a laser pointer to responsibly teach my daughters astronomy, you are abusing and ruining a tool for nothing of value. If you are so addicted to movies that you cannot even afford to pay for your habit, then you need counseling.

Re: They embed Linux and you get that

PPTP is from Microsoft, champ. -PCP

Re: Damn people are getting dumb

[Linux+Freak]

What about the many, many movies that never actually get released where I live (likely 20% or more never get released here, as a way of "protecting" the domestic movie producing market here)? Oh, I get it, you want me to wait until they are released on DVD and have me import them, right? Too bad about region encoding, apparently I am a "thief" for wanting to buy & watch DVD's in a different region.

I am happy to pay for content, but don't make it impossible to do so and I'll stop circumventing. Hell, the money I pay for a VPN could go to the content provider instead.

Re: Damn people are getting dumb

[thegarbz]

Or you could take the low-hanging fruit principle. Are studios likely to go after people who obfuscate their presence or likely to just record IP addresses and John Doe them to their nearest ISP?

I think VPN torrenters or those using SOCKS proxies will be relatively safe until everyone starts doing it.

Re: Damn people are getting dumb

[thegarbz]

Or how about a more novel idea: Instead of paying to avoid copyright, either actually pay for the movies you watch or don't watch them.

I tried that. No one would take my money. And 6 months later when they did want to take my money they wanted to take twice as much as normal because... well I assume they had the added cost of dubbing the original so people said "aluminium" instead of "aluminum" and had to put the missing 'u' back into various words in the subtitles. Maybe they even edited the footage so the toilets flushed in the opposite way, that would justify the cost.

that's what a proxy is for, not a VPN

[raymorris]

If that's your goal, you should be using a SOCKS proxy. VPNs are designed for an entirely different purpose.

So while there is some truth to your statement, some people do that, their actions make about as much sense as:

Inserting a screw is often the entire purpose of a hammer, at least from a clueless standpoint.

You CAN hammer a screw in, and many people have done it. I have, once. Sometimes it works. But it would be stupid to say that a hammer is broken because it's not very good for inserting screws. It's the wrong tool for the job. If you want to install screws, use a screwdriver. If you want to have traffic for a particular application (such as browsing or BitTorrent) come through a different IP, use a proxy. If you want to securely access a LAN remotely, use a VPN.

Re:that's what a proxy is for, not a VPN

[sims+2]

As far as I can tell from the first page of google "incoming connections socks proxy" socks doesn't really allow for incoming connections. However I see many vpn providers support port forwarding.

I've been wanting to setup a ftp server at home for a while but I don't want to pay the extra cash for a static ip.

How would you go about it?

Vpn?
Web hosted ftp?
Or something else?

Re:that's what a proxy is for, not a VPN

[sims+2]

The reason I mention static ip is that's the only thing my isp offers that will bypass their Nat. While a permanent static ipv4 address would be handy it would also cost about the same as 10 years of vpn service.

I would hope that I will be able to get real broadband within 10 years. But att has been saying they would for the last 15 years or so.

Re: Damn people are getting dumb

[dotancohen]

I tried that. No one would take my money.

When regional exclusion comes into account, I for all means support copyright infringement. My comments were addressed to those who circumvent copyright when moral (not necessarily legal) means are available to them, in order to save money.

If the producers and distributors of the media do not see you as a potential customer and refuse to offer their product in your area, then you are doing no moral harm by acquiring the media by alternative distribution channels.

Re: Damn people are getting dumb

[Hognoxious]

now I cannot use a laser pointer to responsibly teach my daughters astronomy

Must be pretty powerful if it can illuminate the moon.

Not what VPNs are for

[Tony+Isaac]

The point of a VPN is not to keep your local IP address secret. The point is to establish a secure connection between your computer, and a remote private network. I would argue that if a VPN kept your local IP address a secret, this would itself be a security vulnerability, from the perspective of the owner of the private network!

Re: Damn people are getting dumb

Self-righteous preaching is also incredibly patronizing.

Stats consistently show that not only do most pirates pay for content but tend to pay more than average. The primary reason why content gets "stolen" (MPAA/RIAA corporate propaganda) is due to the following

1. Most of the stuff people downplay they wouldn't have paid for.

2. Convenience. You can instantly get whatever you want without running through hoops of DRM and delays due to royalites.

3. A work was originally copyright protected to encourage content creation. It is not protected solely to make some guy sitting on his ass rich for doing nothing because he was lucky enough to inherit royalites. Not was it ended for some actor with a highschool diploma to make 30M a year while a doctor that saves lives makes 400K. Big media companies are behaving rotten these days. They preach values to others than milk the public dry with royalities for films, music and software that often should be in the public domain.

I'm sure plumbers, and every one else in the world whose efforts aren't protected by licensing, would like to be paid for every flush of a toilet but there comes a point where the plumber would be gouging the public.

SpearPhishing only?

[Fencepost]

Reading through this, it seems like it's much more likely to be useful for targeted attacks against people who are known to be actively moving all their traffic over VPNs.

Basically if the attacker is able to host a service (via port forwarding) on the IP of the same VPN endpoint that the target is going out through, then when the target visits that service (via phishing email, malicious website linked images, etc.) the VPN service will allow the attacker to see the origin of the request.

Re: Damn people are getting dumb

Bold sections and everything...

You know that no one actually cares if you use a laser pointer responsibly, right? It's a null issue. Same for your legitimate use of BitTorrent... no one is stopping you or making it harder. P2P is not illegal and there are so many trackers out there that even if it were the powers that be would never be able to stop them all. Even if they did THAT someone would just come up with something different enough to avoid the wording of law but similar enough so that you can still use it like you want to.

I think you're over reacting somewhat.

Re: Damn people are getting dumb

[thegarbz]

While you're on the topic of morals what's your view on the producers endlessly locking up content in copyright, forever milking the customer for every cent they can bare while passing on almost none of the profits to the people who created that work, all the while taking people to court for ludicrously over inflated payouts?

Even if I would be pirating due to financial reasons I would justify it to myself as "doing no moral harm" quite comfortably.

Re: Damn people are getting dumb

[dotancohen]

While you're on the topic of morals what's your view on the producers endlessly locking up content in copyright, forever milking the customer for every cent they can bare while passing on almost none of the profits to the people who created that work, all the while taking people to court for ludicrously over inflated payouts?

Even if I would be pirating due to financial reasons I would justify it to myself as "doing no moral harm" quite comfortably.

That is not the doing of the producers, rather it is the doing of the politicians. Now ask yourself what did the politicians give to the people when they took away works that should be in the public domain?

I'm all for rebelling against unjust laws, but the truth is that I'll support copyright infringement for an informative work, but not for an entertainment work. One could argue that the entertainment works become culture, to that I answer: when you pirate you are actively basing your culture on non-free works. So the society-benefiting conclusion remains: don't pirate. Just ignore the copyrighted works and base your culture upon ideas and stories that you are free to share.

what's this goal? vps or dyndns and sftp/scp

[raymorris]

> How would you go about it?
> Vpn?
> Web hosted ftp?
> Or something else?

What's the purpose, the goal? A $5 vps might be a solution, Google Drive might be. For being just like running an ftp server at home, dyndns solves the dynamic IP problem , sftp simplifies port forwarding and makes it more secure, but doesn't 100% solve the NAT issue. Some sort of vpn, possibly via an ssh port forward, to an external service may be needed if you must accept remote connctions conveniently. I suppose the actual purpose determines the best solution.

Re:what's this goal? vps or dyndns and sftp/scp

[sims+2]

The root of the problem is I have one of those iPads with only 16GB of memory. So I can only fit a small amount of my library (after apps and whatever else only about 2GB left for media) if i had gotten one of those 128GB iPads or a expandable android tablet I wouldn't have have much of an issue.

So my goal is to be able to in the fewest steps possible be able to transfer files to the oplayer app on the ipad as needed the app only supports http,samba,ftp,Dropbox and wd wifi storage.

The http support is flakey and afaik samba is considered to be unsafe to use as an online sever (not that I haven't seen it done anyway). I've never used Dropbox but I looked at the prices today it seems rather high even compared to a vps. Wd wifi storage sounds like some proprietary mess I'm not going to bother looking up.

If I get a vpn with port forwarding I think I will be able to locally host ftp as well as other services in the future if needed. Same as with a static ip.

A vps running a ftp sever and btsync would also do fine.

Afaik google drive has no ftp access and id rather not invite g+ to any other part of my life as google is clingy enough as it is gah.

I've run services before on my home connection using afraid.org dyndns with a dynamic ip back before isp switched to nat'ed addresses.

Ssh port forward through an external service? What type of external service are you talking about? A vps? Sounds slightly more difficult to setup. But last year I was tunneling my dns traffic through the connection at work as my isp intercepts dns traffic. The line at work has a uplink speed of 1mbps so its pretty useless for forwarding anything high bandwith.

Reasonable speed is a requirement I have roughly 7mbps upload at home a us based vps should be faster as my downlink speed varies depending on where I am from 12 to 40mbps but most of my stuff is in the 100 to 300MB range so even with 7mbps the transfer times are reasonable but 1mbps is friggin ridiculous.

Also I have used a wifi drive in the past but now that have 10mbps+ pretty much everywhere I just don't see the need for it as its one more thing to keep up with and charge.

Gah how do these allways end up so long.
Thank you for your advice anyway.

Re:Damn people are getting dumb

[kmoser]

Yes it's probably your friend or neighbor, nobody cares about your IP address anymore.

And doxers

That's interesting

[raymorris]

That's an interesting situation. I can certainly see a VPN with a port forward as being a reasonable solution, especially if you need a lot of storage. I'm assuming your ISP doesn't -also- offer IPv6 as well as the NAT IPv4.

SSH port forwarding is a fast, easy way to set up a VPN with port forwarding in one command. Even if you don't use it for this purpose, it's a good tool to have in your toolbox. It requires that you have a shell account internet-facing box, which might be a $5/month web hosting account. On Linux, Mac, Unix, BSD etc the command is:
ssh -R 2121:localhost:21 ShellAccountHost.com

That means connecting to port 2121 on ShellAccountHost.com actually connects to port 21 on your local machine. On Windows, you can use puTTY to SSH, including port forwards:
http://howto.ccs.neu.edu/howto...
SSH port forwarding is very flexible and you can set up new ports with one quick command. That flexibility does mean the syntax takes some getting used to. For a long time I used a script like this on my Mac to make it accessible from an internet-facing IP:

while ssh -R 2222:localhost:22 ShellAccountHost.com
do
      sleep 30
done

If you have a recent iPad, there are Lightning flash drives that clip over the iPad.

A 50 GB "web hosting" account from Amerinoc.com provides FTP and http for $5-$10/month.

Re: Damn people are getting dumb

[Slashdot+Parent]

Instead of paying to avoid copyright, either actually pay for the movies you watch

I can't tell you how many times I've sat there throwing money at my television and nobody would take it. If the copyright holder won't let me buy it, then I feel no guilt about torrenting it.

Re: Damn people are getting dumb

[dotancohen]

I can't tell you how many times I've sat there throwing money at my television and nobody would take it. If the copyright holder won't let me buy it, then I feel no guilt about torrenting it.

I agree with you 100%. I was addressing those who do have proper channels to acquire media.