"IP leak affecting VPN providers with port forwarding"

SanyaIV · November 26, 2015, 10:36pm

"Perfect Privacy":

Vulnerability “Port Fail” reveals real IP address

We have discovered a vulnerability in a number of providers that allows an attacker to expose the real IP address of a victim. “Port Fail” affects VPN providers that offer port forwarding and have no protection against this specific attack. Perfect Privacy users are protected from this attack.

This IP leak affects all users: The victim does not need to use port forwarding, only the attacker has to set it up.

We have tested this with nine prominent VPN providers that offer port forwarding. Five of those were vulnerable to the attack and have been notified in advance so they could fix this issue before publication. However, other VPN providers may be vulnerable to this attack as we could not possibly test all existing VPN providers.

[…]

"0x27":

Practical Exploitation of the VPN ‘PortFail’ IP Leak against Torrent Users.

Today there was a critical vulnerability in various VPN providers disclosed by the Perfect Privacy VPN’s security team. This vulnerability can lead to “unmasking” or “decloaking” of VPN users under certain conditions, and after some analysis of how it works, I determined that this issue is of utmost importance to those who use VPN services to mask their bittorrent traffic from MAFIAA ■■■■, as it can allow for ‘uncloaking’ of Bittorrent users quite readily.

In the spirit of openness, and now that the bugs details are public, I have decided to outline an example attack which would allow for someone to decloak Torrent users hiding behind vulnerable VPN’s. While I am not providing some automated deanonymizing toolkit for getting the job done, the instructions below should suffice for someone else to reproduce the attack and demonstrate its effectiveness in deanonymizing users.

[…]