Date: Fri, 27 Nov 2015 17:01:08 +0100 From: Terje Elde <terje@elde.net> To: Mario Lobo <lobo@bsd.com.br> Cc: freebsd-questions@freebsd.org Subject: Re: VPN security breach Message-ID: <63A85255-F131-406C-998D-AD9FB3670E4C@elde.net> In-Reply-To: <20151127104401.7fdfd5fd@Papi> References: <20151127104401.7fdfd5fd@Papi>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 27 Nov 2015, at 14:44, Mario Lobo <lobo@bsd.com.br> wrote: > > Any comments on this? > > https://thehackernews.com/2015/11/vpn-hacking.html Unless I'm missing something, this is not only entirely possible, but it's also completely obvious. In order for it to work, you depend on letting attackers "book" port mappings on the same IP that other customers "dial in" to. "Dial in" and "exit" IPs needs to be the same. That's such a broken concept that any serious service couldn't possible come up with it. In fact, in order to do that, you more or less have to take extra precautions towards making sure you fail. Terje
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63A85255-F131-406C-998D-AD9FB3670E4C>