From owner-freebsd-questions@freebsd.org  Fri Nov 27 16:08:57 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 82887A39BF9
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 27 Nov 2015 16:08:57 +0000 (UTC) (envelope-from terje@elde.net)
Received: from rand.keepquiet.net (keepquiet.net [144.76.43.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "keepquiet.net", Issuer "PositiveSSL CA 2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4A67615CB
 for <freebsd-questions@freebsd.org>; Fri, 27 Nov 2015 16:08:55 +0000 (UTC)
 (envelope-from terje@elde.net)
Received: from [10.145.43.255] (2.150.57.17.tmi.telenormobil.no [2.150.57.17])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: terje@elde.net)
 by rand.keepquiet.net (Postfix) with ESMTPSA id 2087B57;
 Fri, 27 Nov 2015 16:01:10 +0000 (UTC)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: Re: VPN security breach
From: Terje Elde <terje@elde.net>
X-Mailer: iPhone Mail (13B143)
In-Reply-To: <20151127104401.7fdfd5fd@Papi>
Date: Fri, 27 Nov 2015 17:01:08 +0100
Cc: freebsd-questions@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <63A85255-F131-406C-998D-AD9FB3670E4C@elde.net>
References: <20151127104401.7fdfd5fd@Papi>
To: Mario Lobo <lobo@bsd.com.br>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 16:08:57 -0000


> On 27 Nov 2015, at 14:44, Mario Lobo <lobo@bsd.com.br> wrote:
>=20
> Any comments on this?
>=20
> https://thehackernews.com/2015/11/vpn-hacking.html

Unless I'm missing something, this is not only entirely possible, but it's a=
lso completely obvious.=20

In order for it to work, you depend on letting attackers "book" port mapping=
s on the same IP that other customers "dial in" to. "Dial in" and "exit" IPs=
 needs to be the same.=20

That's such a broken concept that any serious service couldn't possible come=
 up with it. In fact, in order to do that, you more or less have to take ext=
ra precautions towards making sure you fail.=20

Terje