Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[CVE-2019-14899] hijacking VPN-tunneled TCP connections
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
e3k
Guru
Guru


Joined: 01 Oct 2007
Posts: 517
Location: Inner Space

PostPosted: Wed Dec 11, 2019 11:13 am    Post subject: [CVE-2019-14899] hijacking VPN-tunneled TCP connections Reply with quote

[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.
Quote:
We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS,
iOS, and Android which allows a malicious access point, or an adjacent
user, to determine if a connected user is using a VPN, make positive
inferences about the websites they are visiting, and determine the
correct sequence and acknowledgement numbers in use, allowing the bad
actor to inject data into the TCP stream. This provides everything that
is needed for an attacker to hijack active connections inside the VPN
tunnel.

_________________
CLOSED|||||||||||LISTEN
SYN-SENT --> SYN-RECEIVED
ESTABLISHED <-- SYN-RECEIVED
ESTABLISHED --> ESTABLISHED
ESTABLISHED --> <DATA> --> ESTABLISHED
Back to top
View user's profile Send private message
Anon-E-moose
Advocate
Advocate


Joined: 23 May 2008
Posts: 4513
Location: Dallas area

PostPosted: Wed Dec 11, 2019 12:50 pm    Post subject: Reply with quote

Quote:
Most of the Linux distributions we tested were vulnerable, especially
Linux distributions that use a version of systemd pulled after November
28th of last year which turned reverse path filtering off. However, we
recently discovered that the attack also works against IPv6, so turning
reverse path filtering on isn't a reasonable solution, but this was how
we discovered that the attack worked on Linux.

Adding a prerouting rule to drop packets destined for the client's
virtual IP address is effective on some systems, but I have only tested
this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23).


So if not using ipv6 then turning the filtering back on works fine.
_________________
PRIME x570-pro, 3700x, RX 550 & 560
Acer E5-575 (laptop), i3-7100u - i965
---both---
5.5.18 zen kernel, gcc 9.3.0, profile 17.1 (no-pie & modified) amd64-no-multilib, eudev, openrc, openbox, palemoon
Back to top
View user's profile Send private message
A.S. Pushkin
Guru
Guru


Joined: 09 Nov 2002
Posts: 368
Location: dx/dt, dy/dt, dz/dt, t

PostPosted: Thu Jan 02, 2020 2:27 am    Post subject: ExpressVPN Reply with quote

I have just signed up for ExpressVPN. Am I wasting my time and creating more security problems?
I'm not using it with Gentoo yet, but with a laptop running Linux Mint. I note that when trying
to access the Gentoo Forum with the laptop the Forum webpage says "You've been banned from this web site.

Is this VPN a problem, are there others that users would prefer?


TIA
_________________
ASPushkin

"In a time of universal deceit - telling the truth is a revolutionary act." -- George Orwell
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3653
Location: Illinois, USA

PostPosted: Thu Jan 02, 2020 8:35 am    Post subject: Re: ExpressVPN Reply with quote

A.S. Pushkin wrote:
, but with a laptop running Linux Mint.TIA

Mint uses systemd unless you are running a very old (years old) Mint.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45383
Location: 56N 3W

PostPosted: Thu Jan 02, 2020 9:56 am    Post subject: Reply with quote

A.S. Pushkin,

The forums gets lots of spam via VPN. We can and do set IP bans to keep the noise and work down.
Its possible that a spammer had the IP you are using to connect to the forum and it got banned.
You will need to test with something like https://whatismyipaddress.com/

Do not post more information here. email forum-mods @ g.o (spoilt) with the detail.

Having VPN exit points blocked is a feature of using a public VPN.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
davewoski
n00b
n00b


Joined: 16 Mar 2020
Posts: 1

PostPosted: Mon Mar 16, 2020 9:36 am    Post subject: Re: ExpressVPN Reply with quote

A.S. Pushkin wrote:
I have just signed up for ExpressVPN. Am I wasting my time and creating more security problems?
I'm not using it with Gentoo yet, but with a laptop running Linux Mint. I note that when trying
to access the Gentoo Forum with the laptop the Forum webpage says "You've been banned from this web site.

Is this VPN a problem, are there others that users would prefer?


TIA


Dude, I just signed up again because it showed that I have been banned so I tried a different vpn because with last vpn I was using, my ip wasn't changing after connecting as well.
Sometimes, ip tools show a cache version but this time, it was real because I received a ban message.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3653
Location: Illinois, USA

PostPosted: Mon Mar 16, 2020 2:21 pm    Post subject: Reply with quote

I inadvertantly tried to access the forum with my VPN. I got "forum.gentoo.org" is not responding. Shut off the tunnel and all is fine.
Actually, this morning I couldn't connect to anyone. Maybe Torguard is having problems. Maybe everywhere I go they are banning VPN.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18434

PostPosted: Mon Mar 16, 2020 9:38 pm    Post subject: Reply with quote

Tony0945 wrote:
I inadvertantly tried to access the forum with my VPN. I got "forum.gentoo.org" is not responding. Shut off the tunnel and all is fine.
Actually, this morning I couldn't connect to anyone. Maybe Torguard is having problems. Maybe everywhere I go they are banning VPN.
You may want to (re?)read NeddySeagoon's earlier post in this thread.

VPN is itself not banned. Although it is possible some IPs used by VPN services may have been banned due to spam. Also at one time, tor was blocked. For a period, that was not true for technical reasons, but I don't know the current status on whether or not tor is allowed or blocked.
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3653
Location: Illinois, USA

PostPosted: Mon Mar 16, 2020 10:04 pm    Post subject: Reply with quote

pjp wrote:
You may want to (re?)read NeddySeagoon's earlier post in this thread.

No, I'm aware that you can't access the foruns with VPN. "Inadvertantly". I used to be able to contact my banks and my broker with VPN. Why should my ISP eavesdrop on my financial business?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15294

PostPosted: Tue Mar 17, 2020 2:08 am    Post subject: Reply with quote

If your bank and broker are at all competent, all their traffic will be over https, so the only thing your ISP can see is that you are interacting with the bank/broker, but not what you are doing.

Remember that a VPN just changes who gets to see your traffic. If your VPN provider wants to snoop, they can see all the things that your ISP would have seen if you had not used the VPN.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3653
Location: Illinois, USA

PostPosted: Tue Mar 17, 2020 3:21 am    Post subject: Reply with quote

@Hu
True.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum