Exit IP - is this from AirVPN?

[Veep Peep 13]

I use AirVPN when working from home.  I rdp into a work computer.

Question:

How do I get all the exit_ips from AirVpn?

How do I know the exit ip of my session.  I did not remember the server I was using.  But always use a Canadian as, as that has the lowest latency and are physically closer to me.
I think it was titawin and tried:

nslookup ca.all.vpn.airdns.org dns1.airvpn.org (but these
and
nslookup titawin_exit.airvpn.org  (I think I was using the server, and the log was gone next morning when I started up.  This one did not match 184.75.221.171



My work IT security sent this notice to me:

Threat Intel:
VT:
https://www.virustotal.com/gui/ip-address/184.75.221.171
2 detections

Anomali:
Severity: LOW
Confidence: 100
Hi:100 Lo:7 Avg:62
Status: Active
Type: IP (TOR Node IP)
Indicator 184.75.221.171
Tags: Actions on ObjectivesAPTCommand & Control (C2)DeliveryExploitationInstallationmalwareransomwareReconnaissanceWeaponizationzero-dayFastnode_name=tobor8888Runningtcp-0tcp-46410tor_version=0.4.5.10Valid#italy#netwire#rat#remcosratAction: BlockAction: QradarExhangeGeneric Malwarehttps://twitter.com/JAMESWT_MHT/status/1450064258184720388https://twitter.com/pr0xylife/status/1447556826451611649https://twitter.com/pr0xylife/status/1450365853430603783https://twitter.com/pr0xylife/status/1450378118905147395IranianJAMESWT_MHTMalwareO365pr0xylifeBlocklist-Brute-Force-IPs
URL: https://ui.threatstream.com/detail/v2/ip?value=184.75.221.171

Just trying to confirm an AirVPN ip is not triggering this for work.  184.75.221.171
(that ip is a server in Toronto Ont)

Thoughts?

Thanks,

Veep

[OpenSourcerer 1435]

7 hours ago, Veep Peep said:

How do I get all the exit_ips from AirVpn?

Not entirely sure it's possible.
 

7 hours ago, Veep Peep said:

This one did not match 184.75.221.171

This one is Alya. Its primary TLS-Auth IP is .170 and comes up if you query ca.all.vpn.airdns.org.
 

7 hours ago, Veep Peep said:

Type: IP (TOR Node IP)

Well, it's not forbidden to run exit nodes behind AirVPN servers, only recommended against to avoid exactly these kinds of incidents. But egoists gotta be egoists.
 

7 hours ago, Veep Peep said:

Just trying to confirm an AirVPN ip is not triggering this for work.  184.75.221.171

I can neither confirm nor deny it, but it's a strong indication that it is triggering it.

Also, please don't try to use VPNs at your workplace if they are expressly forbidden or you can otherwise be held accountable for using one.

[Veep Peep 13]

Hello @OpenSourcerer

I use AirVpn on my home computer, but then log into an RDP (Microsoft Remote Desktop) session.

Thoughts about that?

Thanks,

[OpenSourcerer 1435]

Not sure what you want to read here. Whether it works? Whether it's advisable? What thoughts are you interested in?

[Veep Peep 13]

Hello Again,

At work, I am constantly getting messages from our security group about Tor warnings from their systems.   And they send an IP address that matches the exit IP of my AV session

So I let them know I use a vpn (AV)  at home, and sent the the list of AV servers that is public to see. (Servers - AirVPN) and yes, infact that exit ip they define as 'tor' is me.  Not some attack.

It is just when IT Sec says 'tor' ....does not sound like a good thing.

Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer?

Just looking to your thoughts here.  If you have any about this.

Thanks,



 

[OpenSourcerer 1435]

16 hours ago, Veep Peep said:

Makes me just wonder that if I don't use a vpn and just my ISP, they would feel safer?

Makes you wonder? You should probably arrange for yourself to work for a week or two in their department to raise awareness for their troubles. Your usage of xVPN is not helping in that regard. They are sensitive for a reason.
 

16 hours ago, Veep Peep said:

It is just when IT Sec says 'tor' ....does not sound like a good thing.

Yeah, typical. People still run Tor exits behind their VPN connections, servers get flagged, and then they're Tor exits, simple. Useless then, useless now..

[ss11 15]

There quite some private blacklists that gather information about major VPN providers and blacklist the exit IP addresses.
It's quite simple to do and easy to automate, with just one subscription (available for any VPN provider).
They append them to the same list of Tor exit relays, for them it's just "multiple anonymous people use this internet address, thus it is a red flag / high risk IP address".

The error for them could be the same as "Tor", but it's not mandatory that someone was running a Tor exit relay under that AirVPN exit server. I get often same captchas / error messages as if I'd be using Tor all the time.

If you use your Internet Provider, regardless it's the same thing, they will have a false sense of security yes, because that IP address from your ISP is most probably not shared between thousands of people and thus not marked as high risk / red flag by dumb automated firewall scripts. Of course technically speaking it's exactly the same thing and it's not more safe, if you have the credentials you connect, if you brute force you have the same probability to match them regardless if it's VPN on or not, but they might ban requests coming from the VPN faster because they use the said blacklist...