Oksana Luda 1 Posted ... Has anyone read the article below, AirVPN is included... Article : http://www.theregister.co.uk/2015/06/30/worlds_best_vpns_fall_flat_in_security_tests/ Brit boffins' test of 14 prominent privacy tunnels finds leaks galore thanks to IPv6 mess 30 Jun 2015 at 06:32A team of five researchers from universities in London and Rome have identified that 14 of the top commercial virtual private servers in the world leak IP data.Vasile C. Perta, Marco V. Barbera, and Alessandro Mei of Sapienza University of Rome, together with Gareth Tyson, and Hamed Haddadi of the Queen Mary University of London say vendor promises of user privacy and security are often lies that put users at risk."Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage," the authors wrote in the paper A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients [PDF]."Our findings confirm the criticality of the current situation: many of these [14] providers leak all, or a critical part of the user traffic in mildly adversarial environments."The reasons for these failings are diverse, not least the poorly defined, poorly explored nature of VPN usage, requirements and threat models."The team probed the top client software versions of providers including Hide My Ass, PrivateInternetAccess, and IPVanish. They established a campus dual stack OpenWrt IPv6 through IPv4 tunnel wifi network with updated Ubuntu, Windows, OSX, iOS 7, and Android clients. This simulated the environment where users would trust VPNs to protect them from a hostile network, they said. All but provider Astrill were open to IPv6 DNS hijacking attacks and only four did not leak IPv6 data.None were resistant to both threats. Here's how the authors summarise the situation:They found the most common VPN tunnelling technologies relied on outdated technologies like PPTP with MS-CHAPv2 which could be trivially broken with brute-force attacks."Whereas our work initially started as a general exploration, we soon discovered that a serious vulnerability, IPv6 traffic leakage, is pervasive across nearly all VPN services. In many cases, we measured the entirety of a client’s IPv6 traffic being leaked over the native interface. A further security screening revealed two DNS hijacking attacks that allow us to gain access to all of a victim’s traffic."The "vast majority" of commercial VPNs suffer from data leakage in dual stack IPv4 and IPv6 networks in a way the exposes "significant amounts" of traffic to public detection in contradiction to vendor claims."Most importantly we find that the small amount of IPv6 traffic leaking outside of the VPN tunnel has the potential to actually expose the whole user browsing history even on IPv4 only websites," they wrote in the paper. Here's the paper's explanation of the IPv6 mess:All of the DNS configurations used by the providers could be overcome by DNS hijacking attackers."... whereas all VPN clients manipulate the IPv4 routing table, they tend to ignore the IPv6 routing table. No rules are added to redirect IPv6 traffic into the tunnel. This can result in all IPv6 traffic bypassing the VPN’s virtual interface. Although not a serious issue some years ago, increasing amounts of traffic is now IPv6, bringing the problem to criticality."Recommended countermeasures included altering IPv6 routing tables to capture all traffic, and ensuring the DNS server can only be accessed through the tunnel. Quote Share this post Link to post
Dec 0 Posted ... So, is this still part of the WebRTC leaks? And didn't AirVPN announce somewhere that IPv6 leaks are not to worry about? At least not more than IPv4 leaks. Quote Share this post Link to post
go558a83nk 362 Posted ... I've read the article before. Air's client now has IPv6 leak protection. Regarding the DNS hijacking, it seems that it requires the attacker to have control of your machine anyway. So, what's the point of DNS hijack at that time? Much worse has already happened. Do I misunderstand? Quote Share this post Link to post
Staff 9972 Posted ... I've read the article before. Air's client now has IPv6 leak protection. Regarding the DNS hijacking, it seems that it requires the attacker to have control of your machine anyway. So, what's the point of DNS hijack at that time? Much worse has already happened. Do I misunderstand? Hello, it's not necessary to control your machine. Anyway this is just talking about gender of angels since AirVPN setup has the same IP address for VPN DNS server and VPN gateway and the attack can't even start. Kind regards 2 NbK and rickjames reacted to this Quote Share this post Link to post
rickjames 106 Posted ... It wasn't long ago when the only thing you got after signing up with any vpn provider was config files.Client side security was the responsibility of the user. -grr @ the push button generation. 3 go558a83nk, NbK and Staff reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... I also agree that AirVPN is not vulnerable.Even for those who don't use Eddie and network locks. For the second attack (IPv6 leak) to happen, the user must have a routable IPv6 address to begin with.According to surveys only 10% of users do have it, and this % is probably much lower on "Shared" systemslike public hot-spots where this attack vector can take place. If you just have a link-local IPv6 in your system, it doesn't mean that you can start sending AAAA DNS queries.I am not sure why it is not mentioned in the paper. 2 Staff and rickjames reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
PortlyNinja 17 Posted ... Geez i thought the world had ended. How much for the kick me t-shirts? 1 mcurrale reacted to this Quote Share this post Link to post
Anonymous_13 31 Posted ... Let me tell anyone a few things: 1. I have NO ip leak. Tested on dnsleak.org advanced search, only AirVPN is shown.2. I have UNLIMITED bandwith while on VPN3. I have UNLIMITED country changes4. I have FULL SPEED on VPN (3mb/s down and 1mb/s upload)5. I have an OPEN-SOURCE(!!!!!!) client software, hell NO ONE offers that except AirVPN6. I have PORT-FORWARDING7. I have a Speed-test of Airvpn testing in and outside tunnel8. I have an account that last 762 days and for the CHEAP price of 54€/year I extend every year for sure9. I have a CONFIG GENERATOR for ALL platforms You complain about AirVPN? Show me ANY other provider that can offer the same quality for the same price. There is none. AirVPN is the best, POINT.I trust AirVPN more than any other provider because its EU based and they TALK to us. They inform us about every step behind the scene. They not sit down and count the money, they look forward and take of things before they happened. I've been a member for more than a year. I've never regret this membership, it was one of the best decisions in my life. If you want freedom and security for a FAIR price, go for AirVPN. You don't trust my words? Fine, compare with other providers and decide on your own like I did. AirVPN is worth the money, you will find out on your own. 10 itsmefloraluca, red58888, mcurrale and 7 others reacted to this Quote Share this post Link to post
zhang888 1066 Posted ... You forgot the most important one that you have NO LOGS, or at least that's why I want to believe,but great points, well said. I guess everyone and his priorities 1 NbK reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
OpenSourcerer 1435 Posted ... Mr. Anonymous_13, this should go into the Reviews forum Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post