Date: Fri, 27 Nov 2015 17:01:08 +0100 From: Terje Elde <terje@elde.net> To: Mario Lobo <lobo@bsd.com.br> Cc: freebsd-questions@freebsd.org Subject: Re: VPN security breach Message-ID: <63A85255-F131-406C-998D-AD9FB3670E4C@elde.net> In-Reply-To: <20151127104401.7fdfd5fd@Papi> References: <20151127104401.7fdfd5fd@Papi>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 27 Nov 2015, at 14:44, Mario Lobo <lobo@bsd.com.br> wrote: >=20 > Any comments on this? >=20 > https://thehackernews.com/2015/11/vpn-hacking.html Unless I'm missing something, this is not only entirely possible, but it's a= lso completely obvious.=20 In order for it to work, you depend on letting attackers "book" port mapping= s on the same IP that other customers "dial in" to. "Dial in" and "exit" IPs= needs to be the same.=20 That's such a broken concept that any serious service couldn't possible come= up with it. In fact, in order to do that, you more or less have to take ext= ra precautions towards making sure you fail.=20 Terje
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63A85255-F131-406C-998D-AD9FB3670E4C>