Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.

Related Vulnerabilities: CVE-2019-14899  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: ValdikSS &lt;iam () valdikss org ru&gt;

Date: Fri, 6 Dec 2019 16:07:21 +0300

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Please also check my article on this topic from 2015
https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2

I used the same technique but with UDP, and it works (at least worked) with Linux, OS X, Windows and Android.

I used it with old p2p Skype, which allowed to get users' IP address using special "resolver" software or services,
by user nick name. After getting IP address, you could send UDP packet to the user from your IP address (without
spoofing) and receive the reply from Skype user, but with VPN source IP address, which allowed to detect
whether the exact Skype user is connected to the VPN, and to which one, given that his connection is direct (without 
NAT).

This also (still) applies to Bittorrent uTP protocol.

On 05.12.2019 05:38, unknown wrote:
Posted by William J. Tolley on Dec 04

Hi all,

I am reporting a vulnerability that exists on most Linux distros, and
other *nix operating systems which allows a network adjacent attacker
to determine if another user is connected to a VPN, the virtual IP
address they have been assigned by the VPN server, and whether or not
there is an active connection to a given website. Additionally, we are
able to determine the exact seq and ack numbers by counting encrypted
packets and/or...

Attachment:
signature.asc
Description: OpenPGP digital signature

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. Colm MacCárthaigh (Dec 05)

&lt;Possible follow-ups&gt;
Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS (Dec 06)

Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. ValdikSS (Dec 06)

 

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started