Port shadow: Yet another VPN weakness ripe for exploit
- by nlqip
The core discovery by the researchers is that connection tracking features don’t always isolate processes from each other, especially with those VPNs that run on top of Linux and make use of Netfilter implementations, a typical internal connection tracking routine. Without this isolation, connections could be shared across other machine resources. “This approach can pose potential security risks to any applications dependent on these frameworks,” stated the paper. They found that if an attacker was using the same VPN server, they could de-anonymize a valid user’s connection, decrypt and snoop their network traffic, and scan a user’s ports to do more damage. Again, this points to a potential issue among corporate VPN users that are sharing the same VPN infrastructure.
Part of the problem is that Netfilter and other tools such as IPFW and IPfilter aren’t well documented for this particular use case. “The documentation doesn’t explicitly discuss the behavior when used by IP obfuscating VPNs,” wrote the authors, who list the various system details and use cases, and included a table (page 10 or 118) with the vulnerabilities found across all three VPN protocols and across two typical Linux-based OSes.
Not all public VPN providers are susceptible to port shadow, including three of the more popular ones: NordVPN, ExpressVPN, and Surfshark, all of which block port shadow. NordVPN confirmed to CSO that they aren’t vulnerable.
Source link
lol
The core discovery by the researchers is that connection tracking features don’t always isolate processes from each other, especially with those VPNs that run on top of Linux and make use of Netfilter implementations, a typical internal connection tracking routine. Without this isolation, connections could be shared across other machine resources. “This approach can pose…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA