Go back
VPN's induced to leak your IP

VPN's induced to leak your IP

Science

twhitehead

Cape Town

Joined
14 Apr 05
Moves
52945
Clock
09 Dec 15
Vote Up
Vote Down

Originally posted by robbie carrobie
Probably a private IP address like 192.168.0.1 etc
It is your routers address that is exposed to the internet.

I don't know why you are referencing the IP because what the article talks about is not tracking the IP address but the mac address
Because the article in the OP is referencing the IP address.

rc

Joined
26 Aug 07
Moves
38239
Clock
09 Dec 15
Vote Up
Vote Down

Originally posted by twhitehead
It is your routers address that is exposed to the internet.

[b]I don't know why you are referencing the IP because what the article talks about is not tracking the IP address but the mac address

Because the article in the OP is referencing the IP address.[/b]
yes but I referenced another article

http://thehackernews.com/2014/01/spying-agencies-tracking-your-location_31.html

which is the one you must have been talking about when you were mentioning wifi surely? and which talks not of tracking IP addresses but MAC addresses?

rc

Joined
26 Aug 07
Moves
38239
Clock
09 Dec 15
Vote Up
Vote Down

Originally posted by twhitehead
I am keeping it real. I also have some understanding of the technology involved.
Did you know that every time you connect to public WIFI you are assigned a new IP address? Knowing your IP address simply isn't that useful in that case.
I also don't believe that you are genuinely concerned about being on a government terrorism watch list. (or is all your ...[text shortened]... y need to exploit the bug in the OP, or would it help them in any way? No, almost certainly not.
I am not entirely sure this is valid. An IP address can be traced because ISP's do keep records and in some cases are forced to do so for many months. Not only can they be traced to a geographic location but also the log on time and the size of data packets are probably also recorded. As I understand it details of the MAC address are also transmitted and recorded. Thus from what I understand the best way to protect oneself is to use proxy chains and an open DNS server (to prevent DNS leakage) because not only will your IP be masked several times, every time another connection is made the Mac address will also change.

twhitehead

Cape Town

Joined
14 Apr 05
Moves
52945
Clock
09 Dec 15
Vote Up
Vote Down

Originally posted by robbie carrobie
An IP address can be traced because ISP's do keep records and in some cases are forced to do so for many months.
Yes, that is true, and if necessary they can identify which user had which IP at any given time.
But you appear to be missing the point that the exploit is carried out by the destination website. In other words the website you are looking at must want to know your IP address. What are the chances that some shadowy government agency owns the very website you are visiting - you who is so very privacy concious that you have decided to use a VPN.

Not only can they be traced to a geographic location but also the log on time and the size of data packets are probably also recorded.
Most people are on ADSL or cable or some other permanent connection and do not have a 'log on' time.

As I understand it details of the MAC address are also transmitted and recorded.
That was certainly not mentioned as being the case in the OP article. I am fairly sure it is not the case.

Thus from what I understand the best way to protect oneself is to use proxy chains and an open DNS server (to prevent DNS leakage) because not only will your IP be masked several times, every time another connection is made the Mac address will also change.
Although as I have mentioned before, the mere act of using proxy servers singles you out for special attention by shadowy government agencies. And if they get too interested in you they will merely install a root kit on your PC and get all your data that way without the need for all those fancy exploits.

rc

Joined
26 Aug 07
Moves
38239
Clock
09 Dec 15
1 edit
Vote Up
Vote Down

Originally posted by twhitehead
Yes, that is true, and if necessary they can identify which user had which IP at any given time.
But you appear to be missing the point that the exploit is carried out by the destination website. In other words the website you are looking at must want to know your IP address. What are the chances that some shadowy government agency owns the very website ...[text shortened]... oot kit on your PC and get all your data that way without the need for all those fancy exploits.
If you send 5kb of packets to your ISP your ISP will log those details. It will also log the time and MAC address of the device (router) that is requesting an IP address from its DHCP server. This is irrespective of any website that you may visit.

True they will not be able to see anything beyond the router but if you are pirating software then all they need to do is to be able to trace it to your physical address.

Using proxy servers does nothing to single anyone out and its ludicrous to think that it does and the chances of having a root kit installed on a virtual machine by a government agency on a Linux system are infinitively small, First of all they don't have root, nor can they easily get root especially if you only install from main repositories and regularly update. If you do that then you have very low chance of picking up a rootkit from browsing the internet with Linux.

twhitehead

Cape Town

Joined
14 Apr 05
Moves
52945
Clock
10 Dec 15
Vote Up
Vote Down

Originally posted by robbie carrobie
If you send 5kb of packets to your ISP your ISP will log those details. It will also log the time and MAC address of the device (router) that is requesting an IP address from its DHCP server. This is irrespective of any website that you may visit.
True, but a VPN isn't going to help you there is it?

True they will not be able to see anything beyond the router but if you are pirating software then all they need to do is to be able to trace it to your physical address.
But how would they know you are pirating software if they are not monitoring what sites you visit? Here in SA such monitoring is illegal. So if they were charge you with pirating software you could charge them with monitoring you.
On the other hand, if you use bittorent to pirate software then your IP becomes public knowledge and someone else could monitor your activity and use a court order to get your address from the ISP and yes, it has happened and has one South African so far has been charged and found guilty by this method. A VPN might have helped him. The exploit in the OP however does not affect bittorent traffic.

Using proxy servers does nothing to single anyone out and its ludicrous to think that it does and the chances of having a root kit installed on a virtual machine by a government agency on a Linux system are infinitively small, First of all they don't have root, nor can they easily get root especially if you only install from main repositories and regularly update. If you do that then you have very low chance of picking up a rootkit from browsing the internet with Linux.
I see you are quite paranoid about your activity. You use a virtual machine on a linux system, then use a VPN and do what? Release secret documents to news corporations? Again, the bug in the OP requires that the News Corporations are attempting to identify you and have placed malicious scripts on their website.

rc

Joined
26 Aug 07
Moves
38239
Clock
10 Dec 15
3 edits
Vote Up
Vote Down

Originally posted by twhitehead
True, but a VPN isn't going to help you there is it?

[b]True they will not be able to see anything beyond the router but if you are pirating software then all they need to do is to be able to trace it to your physical address.

But how would they know you are pirating software if they are not monitoring what sites you visit? Here in SA such monitor ...[text shortened]... Corporations are attempting to identify you and have placed malicious scripts on their website.[/b]
A VPN will encrypt the traffic making it very difficult for anyone to know the content of your transmission, even your ISP will not know. Again its simply another layer of protection.

I am not entirely sure how law enforcement/government agencies go about gathering data on for example people that are sharing what they perceive as copyrighted material and I would be rather interested in finding out. I think we have to dispense with the idea of what is legal here because clearly government agencies themselves are engaged in programs that are in themselves illegal or at very least do not care for the privacy of an individual.

The example of the OP was simply one example of a layer being compromised by an anomaly in the system. It can happen in other places as well, for example even if I am using a proxy if I make a DNS request the router will immediately request the data from my ISP's DNS server by default revealing once again my IP, my location and the sites that I am requesting. This is termed DNS leaking and you need to be careful to make your DNS requests through an anonymous DNS server like Open DNS. Worse than that some ISP's will use Transparent DNS proxies and effectively intercept your DNS requests and reroute them forcing you to use their DNS servers. Is that legal? I doubt it.

https://www.dnsleaktest.com/what-is-a-dns-leak.html

No i am not paranoid It simply makes sense when you are experimenting with various ideas to run it on a virtual machine because if the machine is ever compromised you can simply set up another one in a matter of minutes.

twhitehead

Cape Town

Joined
14 Apr 05
Moves
52945
Clock
10 Dec 15
1 edit

Originally posted by robbie carrobie
A VPN will encrypt the traffic making it very difficult for anyone to know the content of your transmission, even your ISP will not know.
Https supposedly largely achieves the same goal.

I am not entirely sure how law enforcement/government agencies go about gathering data on for example people that are sharing what they perceive as copyrighted material and I would be rather interested in finding out.
It depends. The most common practice is not carried out by law enforcement at all but by shyster's who monitor torrent trackers and send out threatening letters to all the people they detect. They run into the problem of IP addresses not being tied to individuals so they send their threatening letters to ISPs who pass them on (but should not release the details of the user back to the shysters). It is however enough to get an ISP to terminate a users account - even though it is well known that they shysters methods are flawed and that they have been known to send threatening letters to printers and other network equipment.

At the current point in time they appear to ignore DHT, so if you just avoid public trackers then this isn't an issue.

Here in SA, a large proportion of piracy is carried out over News servers that interestingly enough are hosted by the ISPs themselves.

As for the one person that was taken to court, the law enforcement agencies had to serve a court order on the relevant ISP to obtain his details. He was uploading not downloading and he uploaded a South African movie before it was released to the cinemas.

I think we have to dispense with the idea of what is legal here because clearly government agencies themselves are engaged in programs that are in themselves illegal or at very least do not care for the privacy of an individual.
Except that if they take you to court you can have it thrown out of court if it is discovered that they broke the law to find you.

This is termed DNS leaking and you need to be careful to make your DNS requests through an anonymous DNS server like Open DNS.
You seem to be assuming that Open DNS is not owned by the CIA.

.... It simply makes sense when you are experimenting with various ideas.....
And what 'ideas' might those be?

pineapple42

Joined
21 Aug 03
Moves
617748
Clock
10 Dec 15
Vote Up
Vote Down

I'm curious... isn't STUN something to do with VoIP? and i'm not using VoIP...

rc

Joined
26 Aug 07
Moves
38239
Clock
10 Dec 15
1 edit
Vote Up
Vote Down

Originally posted by pineapple42
I'm curious... isn't STUN something to do with VoIP? and i'm not using VoIP...
but it doesn't matter if you are using VIOP or not the vulnerability can be exploited through your browser.

Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.

Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.

How does WebRTC expose my IP address?

To allow video chats and peer-to-peer functionality, WebRTC has a mechanism to determine the public IP address, even if it is behind a NAT. With a few Javascript commands, WebRTC can be used to send a UDP packet to a STUN Server (Session Traversal Utilities for NAT). That server simply sends back a packet containing the IP address from which the request originated. This is simple to implement as Firefox provides a default STUN server that can also be used with Google Chrome.

In Windows it is possible to send packets over a route different from the default route. The WebRTC request to the STUN server simply sends requests over all reachable interfaces which is why you will see two public IP addresses (VPN and provider IP) if you are vulnerable to this leak.

https://www.perfect-privacy.com/webrtc-leaktest/

twhitehead

Cape Town

Joined
14 Apr 05
Moves
52945
Clock
11 Dec 15

Originally posted by robbie carrobie
yes but I referenced another article which is the one you must have been talking about when you were mentioning wifi surely? and which talks not of tracking IP addresses but MAC addresses?
I was cross referencing the two articles and pointing out that the technique in the first article might not be so useful for identifying people from the second article. I guess that if both are monitored at the same time and the timestamps compared then a correlation could be made.

rc

Joined
26 Aug 07
Moves
38239
Clock
11 Dec 15
Vote Up
Vote Down

Originally posted by twhitehead
I was cross referencing the two articles and pointing out that the technique in the first article might not be so useful for identifying people from the second article. I guess that if both are monitored at the same time and the timestamps compared then a correlation could be made.
Yes its a very tricky business for sure. The solution is really quite simple, just change the boolean value in the browsers config file to false and this will prevent firefox from sending out requests to STUN servers.

media.peerconnection.enabled default boolean true Change to false

The idea of course is to remain as covert as possible and you don't want your browser firing out requests to servers outside your private network because who knows who may be listening? Here is an interesting article which makes some compromises over safety to really reduce the possibilities of firefox doing that. You can see why it makes sense to use a virtual box because we are disabling safebrowsing to prevent Firefox from connecting to a remote server to make sure the sites we are visiting contain no malware or are not blacklisted. Its a trade off between ultra-privacy and security. Just stay away from dodgy websites and you will be ok.

https://fitzcarraldoblog.wordpress.com/2015/02/05/preventing-a-dns-leak-and-webrtc-leak-when-using-tor-in-linux/

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.