Noscript ABE leaked my VPN ip

Is this a misconfiguration issue?


I observed via tcpdump on eth+, Noscript's ABE feature causing 10.x.x.x  to contact the Air server ip on port 80 -- outside the tunnel.  Then the Air external server replied outside tunnel -- port 80 -- to 10.x.x.x.  This should not happen.  Correct? 


This occurred during the usual back and forth to informaction.com and the OCSP response for Noscript's certificate.  Additionally I have my firewall configured so that my local interface *only* connects to the modem/router and Air server ips.  It's the AirVPN recommended firewall settings for linux.


Anyone else experienced this?









This is technically impossible, subnet is reserved for local networks only,

so this will not be routable on the internet, and sending it out of tunnel would result in

it being discarded by your router.


Can you provide a screenshot or a .pcap of what you saw?

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Zhang:  the dump was in terminal and I failed to save it.  Will try to reproduce.  I know it should be impossible -- sounds like I'm being spoofed or my router is owned.  The one reason I am using a VPN is because I have had issues with my local DSL.  Will post back with what I can reproduce.



