Jump to content
Not connected, Your IP: 18.204.2.146
BKK20

Vulnerability because of Port Forwarding

Recommended Posts

I am using Port Forwading linked to a specific Exit IP . Imaging that someone else from the AirVPN folks scan all open ports on a specific Exit IP of an AirVPV Server. 
Is he able to get my VPN IPv4 adress and try to hack my network with my open ports?

Share this post


Link to post

A port is only open if something is listening on that port and properly responding. In other cases ports would either be closed or, the far more common case, simply time out when contacted. Assuming you did not publish the socket info (IP:port combination) for anyone to know what exactly is behind it, this is my math on this:

AirVPN has got 243 servers, assuming he/she doesn't know to which of these you're connected – if you're even connected! One could make an educated guess and say "hmm, victim might be in EU because the forums profile says "Germany" (like in my case), so EU servers might be a priority". I'm an exception because that info is public, the vast majority don't publish that info. But let's just assume this for the model – it brings down the server list to 157 with a small percentage of assumption error. After all, could be that the victim breaks all rules and actually connects to servers across the globe all the time. (Or, one could assume "hmm, he might only use servers in his/her own country and its neighbours, latency and all that", that would bring the server list down to exactly 100 but also increase the risk of a false assumption.)

As there is no way to know to which of these servers your account is connected unless you a) are a team member with admin access to everything, a natural thing to have, as you'd agree, or b) enabled the API on your account (another little rabbit hole because the attacker needs the API key to access your info like that), the attacker needed to find out which of the 63000+ ports actually respond to connections – on every server. And if that doesn't deter one from scanning 100 * 63000 ports the fact that you will never know if the port you found was you or someone else running a Nextcloud behind it, then the fact that you will need to hack the hosted Nextcloud instance to know for sure most likely will.
And of course: How should the attacker know what exactly you're hosting?

Oh, and if that's not enough, know that no one in his/her right mind scans 63000 ports at once, like, in one batch. This would trigger even the simplest intrusion detection system, probably even that murky little shell script you wrote in haste without any form or quality control because you desperately needed it, and you needed it now. Once you started scanning from the lowest possible port, by the time you reach 9000 scanned ports someone could've connected and began listening on an already scanned port. That someone could have been you.

It's so resource-intensive that I'd rather opt to send you spam mails with phishing links than trying that because I know I'll have way more success with stupid mails promising you enlargements of certain body parts. Still, whoever goes through all those hoops and additionally manages to abuse some vulnerability in the listening application, and it was his/her target to hack me all along, that will be the day I will willingly sell myself to slavery, out of respect for that kind of skill.

All that falls apart if you published that socket info somewhere publically, like a game server list, under the same name as on these forums for example. Now they know who is hosting what, and the only challenge remaining is to exploit a vulnerability in that game to, I don't know, take over your game world, I suppose. Some things are simply not worth hacking into.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Thank you for so a outstanding answer!!

But one question again. If someone use Open Port Check Tool on a Exit IP of a specific server and he find a open port e.g. 45678 on this exit ip.
Is he not able to start a attack on this open port even he is not interested who this person is?

Share this post


Link to post
4 minutes ago, BKK20 said:

Is he not able to start a attack on this open port even he is not interested who this person is?


The attacker is in principle able to do that, yes. But on a dynamic port such as 45678 anything could listen. A Nextcloud, a Postfix or something niche as an Arma 3 game server. So if he/she finds an open port, the first thing is always to identify what is hosted there. There are approaches to automatically identify it by sending some packets and see what comes back, then comparing the returning packets to patterns of what well-known software would send. But this is only for well-known software. Most of the time the software is more niche and requires manual detection, and this will be the moment where any normal attacker will look for other targets unless he/she knows the target is lucrative (and so knowing that the time invested will pay off, usually in $$$).

Crackers do things just like your average CEO of a company: A careful calculation of gains and losses. What would a CEO do to cut losses? Automate his/her business, and if it doesn't work, scrap it.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...