Jump to content
Not connected, Your IP: 52.15.217.86
Sign in to follow this  
rbecenti

USA site detected that I was not in USA.

Recommended Posts

Have you ever managed to disclose a real IP address from a client behind an OpenVPN server with Flash? If so, in which environment?

If you're behind a VPN, even if your DNS is leaking, your IP cannot be determined directly. If a site manages to find out your real IP, that's because it was likely done via cookies. Other mechanisms exist as well, via Javascript, Java and Flash. There may be other ways, as well. If you clear out your cache and cookies, then install a bunch of gatekeeper add-ons via Firefox, you should be alright.

Maybe I'll write another guide on how to do this...

Share this post


Link to post

Have you ever managed to disclose a real IP address from a client behind an OpenVPN server with Flash? If so, in which environment?

If you're behind a VPN, even if your DNS is leaking, your IP cannot be determined directly. If a site manages to find out your real IP, that's because it was likely done via cookies. Other mechanisms exist as well, via Javascript, Java and Flash. There may be other ways, as well. If you clear out your cache and cookies, then install a bunch of gatekeeper add-ons via Firefox, you should be alright.

Maybe I'll write another guide on how to do this... ;)

Hello!

Javascript by itself does not allow to read your network cards.

If you accept to run .NET, Java and Flash code with administrator/root privileges, they can read your network cards. However, this operation by itself in general is not sufficient to disclose your real IP address with OpenVPN in routing mode, because none of your network cards know the real IP address assigned to you by your ISP: the tun adapter has the internal VPN address, while the IP address of the physical network adapters is the one assigned to the computer by the router (if the system is behind a router NAT, a very common situation).

You can imagine malware which tries to read the router configuration, but then again you must provide the malware with root privileges AND give it the password to access the router configuration, unless the router is totally unprotected, or unless the router publishes on the home page of its web interface the assigned ISP IP address, in which case the malware can detect the router IP address by reading your network cards and then access the router http interface and parse it to extract the real IP address.

If your router publishes on its home page the IP address assigned by your ISP, a trivial but effective protection against such malware is dropping packets toward your router IP address port 80. For example, in Comodo, defining a top global rule (before the Allow rules in our guide) like the following:

Block TCP Out From IP In [Home Network] To IP Where Source Port Is Any And Destination Port Is 80 (remember to delete this rule when you need to access your router configuration page via http).

Important: if any of your network cards contains the IP address assigned to you by your ISP (for example if your computer is directly connected to the ISP network without any NAT router) then letting root privileges to any unknown application is an unacceptable risk. But also in general no application that you don't know very well should be authorized to run with elevated privileges and it is mandatory, as a general rule, not to leave the configuration router settings accessible without a password.

Kind regards

Share this post


Link to post

Thank you for the clarification. It is well noted. I guess that defeats Javascript, Java and Flash with respect to determining your real IP. However, my comment about cookies still stands. If you accept cookies and you don't have a method of gatekeeping access to them, then it's very possible that a cookie could have been set while you were NOT connected to the internet via VPN. Your IP would've been logged and would report it back to the site which set it in the first place when you visited it again. This underscores the importance of throwing out ALL of your cookies and starting from scratch, then employing a gatekeeping add-on (preferably in Firefox) to control access for sites which set cookies. And if you're really paranoid, you would do this for all of your connected devices if your VPN is enabled at the router level.

Share this post


Link to post

Thank you for the clarification. It is well noted. I guess that defeats Javascript, Java and Flash with respect to determining your real IP. However, my comment about cookies still stands. If you accept cookies and you don't have a method of gatekeeping access to them, then it's very possible that a cookie could have been set while you were NOT connected to the internet via VPN. Your IP would've been logged and would report it back to the site which set it in the first place when you visited it again. This underscores the importance of throwing out ALL of your cookies and starting from scratch, then employing a gatekeeping add-on (preferably in Firefox) to control access for sites which set cookies. And if you're really paranoid, you would do this for all of your connected devices if your VPN is enabled at the router level.

Hello!

Yes, of course. If you connect to the same service with the same account with and without VPN, even without session cookies the service administrators can successfully perform a correlation. Another way to perform such correlation attacks against those who connect to the same service while connected and not connected to the VPN is via Flash cookies, which are not deletable by the browser. BetterPrivacy for Firefox takes care of Flash cookies ("supercookies") and allows their full deletion.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...