Jump to content
Not connected, Your IP: 52.14.100.101
Sign in to follow this  
thigger

Incoming IPs no longer being rewritten

Recommended Posts

Not sure how long this has been going on but I've noticed that I can now see the true IPs of people making incoming connections to my computer (nb for people worried by reading this - this /doesn't/ mean our IPs are being exposed to the outside world, only that in theory our ISP or another entity capable of monitoring our connection might be able to trick openvpn into responding to a forged packet as part of a correlation attack).

Is this deliberate? I note that the potential correlation attack could be foiled (or at least reduced to a timing-only attack) if your server firewall dropped packets with the source address set to the VPN entry ip, so I wonder if the setup has changed to this instead?

(tested with Draconis, Sirius, Omicron)

thanks

Share this post


Link to post

Not sure how long this has been going on but I've noticed that I can now see the true IPs of people making incoming connections to my computer (nb for people worried by reading this - this /doesn't/ mean our IPs are being exposed to the outside world, only that in theory our ISP or another entity capable of monitoring our connection might be able to trick openvpn into responding to a forged packet as part of a correlation attack).

Is this deliberate? I note that the potential correlation attack could be foiled (or at least reduced to a timing-only attack) if your server firewall dropped packets with the source address set to the VPN entry ip, so I wonder if the setup has changed to this instead?

(tested with Draconis, Sirius, Omicron)

thanks

Hello!

The rewriting was "excessive" because packets toward the entry-IP were dropped anyway even before.

Practical consequences:

- eMule KAD no more "firewalled" (+, meeting a widespread requirement from our customers)

- two or more clients connected to the same Air server can't communicate with each other listening services (this is a + or a - according to different points of view).

Timing attacks in theory can't be fully prevented on any low-latency network, but you can make the life of an adversary very, very hard if you use AirVPN over TOR.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...