Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.

[ValdikSS <iam () valdikss org ru>]

Please also note that my kind of attack could be performed over the Internet, without direct
connectivity between the attacker and victim, Wi-Fi network or anything.

It has been tested in a real-world Internet environment in 2015, and it worked flawlessly.


On 06.12.2019 16:07, ValdikSS wrote:
> Please also check my article on this topic from 2015
> https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2
>
> I used the same technique but with UDP, and it works (at least worked) with Linux, OS X, Windows and Android.
>
> I used it with old p2p Skype, which allowed to get users' IP address using special "resolver" software or services,
> by user nick name. After getting IP address, you could send UDP packet to the user from your IP address (without
> spoofing) and receive the reply from Skype user, but with VPN source IP address, which allowed to detect
> whether the exact Skype user is connected to the VPN, and to which one, given that his connection is direct (without 
> NAT).
>
> This also (still) applies to Bittorrent uTP protocol.
>
>
> On 05.12.2019 05:38, unknown wrote:
> > Posted by William J. Tolley on Dec 04
> >
> > Hi all,
> >
> > I am reporting a vulnerability that exists on most Linux distros, and
> > other *nix operating systems which allows a network adjacent attacker
> > to determine if another user is connected to a VPN, the virtual IP
> > address they have been assigned by the VPN server, and whether or not
> > there is an active connection to a given website. Additionally, we are
> > able to determine the exact seq and ack numbers by counting encrypted
> > packets and/or...

Attachment: signature.asc
Description: OpenPGP digital signature