Jump to content
Not connected, Your IP: 3.145.97.235
Sign in to follow this  
worric

Security on the PtP interface

Recommended Posts

Hi!

Upon noticing that programs like spotify and dropbox use the 10.x.x.x interface for their normal operation (like Dropbox broadcasting its LanSync on udp 17500, and spotify listening on udp 1900), I started to wonder how important it is to protect the interface with a firewall even from the AirVPN PtP peer.

I mean, surely, with ports open and no firewall on tun/tap interface it would be possible for the other peer to browse shared folders/printers and even initiate an exploitation attack to gain control over the machine connecting to AirVPN. Would I be correct in that?

Of course, in all the time I've used your service I haven't encountered a single incoming packet from the peer IP (maybe save for DHCP, but I don't log those), and, being a security/anonymization service, attacking/exploiting connected clients may not be all that great for business . But as a paying customer putting my trust in your hands, so to speak, I have to consider these things.

Now, I guess in the case of broadcasts, they don't really work in a PtP environment, but that doesn't mean that the netbios ports/whatever aren't open.

Are my concerns valid in the least?

Share this post


Link to post

Hi!

Upon noticing that programs like spotify and dropbox use the 10.x.x.x interface for their normal operation (like Dropbox broadcasting its LanSync on udp 17500, and spotify listening on udp 1900), I started to wonder how important it is to protect the interface with a firewall even from the AirVPN PtP peer.

I mean, surely, with ports open and no firewall on tun/tap interface it would be possible for the other peer to browse shared folders/printers and even initiate an exploitation attack to gain control over the machine connecting to AirVPN. Would I be correct in that?

Of course, in all the time I've used your service I haven't encountered a single incoming packet from the peer IP (maybe save for DHCP, but I don't log those), and, being a security/anonymization service, attacking/exploiting connected clients may not be all that great for business :). But as a paying customer putting my trust in your hands, so to speak, I have to consider these things.

Now, I guess in the case of broadcasts, they don't really work in a PtP environment, but that doesn't mean that the netbios ports/whatever aren't open.

Are my concerns valid in the least?

Hello!

We understand your concerns. However, it is not possible for two or more clients to communicate between them if they're connected to the same VPN server. This is an additional security feature that we implemented since the beginning of our activity. While it makes our VPN not a "fully connected" VPN (in the sense that clients on the same server can't communicate with each other inside the private network), this is a feature that should answer to your concerns.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...