VPN Security

RTGHM · Feb 1, 2015

Just a few days after learning that the Canadian Government is tracking visitors of popular file-sharing sites security researchers have discovered a major security flaw that reveals Windows VPN users real IP address through WebRTC. Linux and Mac OS X users are not affected by this vulnerability as it is specific to Windows users running Google Chrome and Firefox.

With a few lines of code websites can make requests to STUN servers and log users’ VPN IP address and their true IP address, as well as local network addresses.

A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.

How to block?

Chrome users can install the WebRTC block extension or ScriptSafe, which both reportedly block the vulnerability.

Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false. The Tor Browser Bundle includes the NoScript addon with Firefox but Windows users will want to verify that NoScript is configured properly.

Information source: http://www.deepdotweb.com/2015/02/01/major-windows-security-flaw-leaks-vpn-users-real-ip-address/

zed · Feb 1, 2015

One source was overheard saying "oh, were you guys using vpns to hide your real ips? LOL".

(kidding)

lowesthost · Feb 3, 2015

I noticed this little flaw couple days ago using our VPN noticed that our live chat software logged the reverse PTR of the real IP

The flaw came in handy today when two back to back fraud orders came in using a VPN it revealed the scammers real IP

OOPs

HalfEatenPie · Feb 4, 2015

Haha. Yeah it's useful but at the same time... ehh....

RTGHM · Feb 4, 2015

lowesthost said:
I noticed this little flaw couple days ago using our VPN noticed that our live chat software logged the reverse PTR of the real IP

The flaw came in handy today when two back to back fraud orders came in using a VPN it revealed the scammers real IP

OOPs

It can come in handy with that, since most skids "script kiddies" won't bother to get any patch for it.

Abdussamad · Feb 26, 2015

I don't know why everyone on the web keeps saying this only affects Windows users. It does affect linux users as well.

drmike · Feb 27, 2015

I use Linux and mortified by this leaking.

What gets leaked in Chrome isn't my real IP, but identifiable nonetheless are static internal LAN IP and VPN internal IP. Both are static and unique enough when swiped together along with browser finger print to make more than certifiable match.

Abdussamad · Feb 27, 2015

If they want to fingerprint you they could just use the unique hash of the audio device that chrome also provides

drmike · Feb 27, 2015

Abdussamad said:
If they want to fingerprint you they could just use the unique hash of the audio device that chrome also provides

Proof of concept or more info, please.

Abdussamad · Feb 27, 2015

drmike said:
Proof of concept or more info, please.

See this site:

https://www.browserleaks.com/webrtc

Click on what about device ids

VPN Security

RTGHM

New Member

zed

Member

lowesthost

Member

HalfEatenPie

The Irrational One

RTGHM

New Member

Abdussamad

New Member

drmike

100% Tier-1 Gogent

Abdussamad

New Member

drmike

100% Tier-1 Gogent

Abdussamad

New Member