Veep Peep 13 Posted ... I use AirVPN when working from home. I rdp into a work computer.Question: How do I get all the exit_ips from AirVpn? How do I know the exit ip of my session. I did not remember the server I was using. But always use a Canadian as, as that has the lowest latency and are physically closer to me. I think it was titawin and tried: nslookup ca.all.vpn.airdns.org dns1.airvpn.org (but these and nslookup titawin_exit.airvpn.org (I think I was using the server, and the log was gone next morning when I started up. This one did not match 184.75.221.171 My work IT security sent this notice to me:Threat Intel: VT:https://www.virustotal.com/gui/ip-address/184.75.221.171 2 detections Anomali: Severity: LOW Confidence: 100 Hi:100 Lo:7 Avg:62 Status: Active Type: IP (TOR Node IP) Indicator 184.75.221.171 Tags: Actions on ObjectivesAPTCommand & Control (C2)DeliveryExploitationInstallationmalwareransomwareReconnaissanceWeaponizationzero-dayFastnode_name=tobor8888Runningtcp-0tcp-46410tor_version=0.4.5.10Valid#italy#netwire#rat#remcosratAction: BlockAction: QradarExhangeGeneric Malwarehttps://twitter.com/JAMESWT_MHT/status/1450064258184720388https://twitter.com/pr0xylife/status/1447556826451611649https://twitter.com/pr0xylife/status/1450365853430603783https://twitter.com/pr0xylife/status/1450378118905147395IranianJAMESWT_MHTMalwareO365pr0xylifeBlocklist-Brute-Force-IPs URL: https://ui.threatstream.com/detail/v2/ip?value=184.75.221.171 Just trying to confirm an AirVPN ip is not triggering this for work. 184.75.221.171 (that ip is a server in Toronto Ont) Thoughts? Thanks, Veep Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 7 hours ago, Veep Peep said: How do I get all the exit_ips from AirVpn? Not entirely sure it's possible. 7 hours ago, Veep Peep said: This one did not match 184.75.221.171 This one is Alya. Its primary TLS-Auth IP is .170 and comes up if you query ca.all.vpn.airdns.org. 7 hours ago, Veep Peep said: Type: IP (TOR Node IP) Well, it's not forbidden to run exit nodes behind AirVPN servers, only recommended against to avoid exactly these kinds of incidents. But egoists gotta be egoists. 7 hours ago, Veep Peep said: Just trying to confirm an AirVPN ip is not triggering this for work. 184.75.221.171 I can neither confirm nor deny it, but it's a strong indication that it is triggering it. Also, please don't try to use VPNs at your workplace if they are expressly forbidden or you can otherwise be held accountable for using one. 1 Veep Peep reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Veep Peep 13 Posted ... Hello @OpenSourcerer I use AirVpn on my home computer, but then log into an RDP (Microsoft Remote Desktop) session. Thoughts about that? Thanks, Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Not sure what you want to read here. Whether it works? Whether it's advisable? What thoughts are you interested in? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Veep Peep 13 Posted ... Hello Again, At work, I am constantly getting messages from our security group about Tor warnings from their systems. And they send an IP address that matches the exit IP of my AV session So I let them know I use a vpn (AV) at home, and sent the the list of AV servers that is public to see. (Servers - AirVPN) and yes, infact that exit ip they define as 'tor' is me. Not some attack. It is just when IT Sec says 'tor' ....does not sound like a good thing. Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer? Just looking to your thoughts here. If you have any about this. Thanks, Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 16 hours ago, Veep Peep said: Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer? Makes you wonder? You should probably arrange for yourself to work for a week or two in their department to raise awareness for their troubles. Your usage of xVPN is not helping in that regard. They are sensitive for a reason. 16 hours ago, Veep Peep said: It is just when IT Sec says 'tor' ....does not sound like a good thing. Yeah, typical. People still run Tor exits behind their VPN connections, servers get flagged, and then they're Tor exits, simple. Useless then, useless now.. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
ss11 20 Posted ... There quite some private blacklists that gather information about major VPN providers and blacklist the exit IP addresses. It's quite simple to do and easy to automate, with just one subscription (available for any VPN provider). They append them to the same list of Tor exit relays, for them it's just "multiple anonymous people use this internet address, thus it is a red flag / high risk IP address". The error for them could be the same as "Tor", but it's not mandatory that someone was running a Tor exit relay under that AirVPN exit server. I get often same captchas / error messages as if I'd be using Tor all the time. If you use your Internet Provider, regardless it's the same thing, they will have a false sense of security yes, because that IP address from your ISP is most probably not shared between thousands of people and thus not marked as high risk / red flag by dumb automated firewall scripts. Of course technically speaking it's exactly the same thing and it's not more safe, if you have the credentials you connect, if you brute force you have the same probability to match them regardless if it's VPN on or not, but they might ban requests coming from the VPN faster because they use the said blacklist... Quote Share this post Link to post