A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

نویسندگان

  • Vasile Claudiu Perta
  • Marco Valerio Barbera
  • Gareth Tyson
  • Hamed Haddadi
  • Alessandro Mei
چکیده

Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured. We conclude discussing a range of best practices and countermeasures that can address these vulnerabilities.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

RFC 5739 IPv 6 Configuration in IKEv

When Internet Key Exchange Protocol version 2 (IKEv2) is used for remote VPN access (client to VPN gateway), the gateway assigns the client an IP address from the internal network using IKEv2 configuration payloads. The configuration payloads specified in RFC 4306 work well for IPv4 but make it difficult to use certain features of IPv6. This document specifies new configuration attributes for I...

متن کامل

Internet Engineering Task Force ( IETF ) P . Eronen

When Internet Key Exchange Protocol version 2 (IKEv2) is used for remote VPN access (client to VPN gateway), the gateway assigns the client an IP address from the internal network using IKEv2 configuration payloads. The configuration payloads specified in RFC 4306 work well for IPv4 but make it difficult to use certain features of IPv6. This document specifies new configuration attributes for I...

متن کامل

Network Working Group Bgp-mpls Ip Virtual Private Network (vpn) Extension for Ipv6 Vpn Bgp-mpls Ip Vpn Extension for Ipv6 Vpn

This document describes a method by which a Service Provider may use its packet-switched backbone to provide Virtual Private Network (VPN) services for its IPv6 customers. This method reuses, and extends where necessary, the "BGP/MPLS IP VPN" method for support of IPv6. In BGP/MPLS IP VPN, "Multiprotocol BGP" is used for distributing IPv4 VPN routes over the service provider backbone, and MPLS ...

متن کامل

Dynamic and secure management of VPNs in IPv6 multi-domain scenarios

IPsec-based VPN solutions today run mainly in the IPv4 environment and it is important that they have the capability of being upgraded to IPv6 to remain interoperable in next generation Internet. Two of the key components of every VPN solution are the trust management system used to secure the VPN establishment process and the policy mechanism used to control the VPN life-cycle. However, these ...

متن کامل

IPv4 and IPv6 Infrastructure Addresses in BGP Updates for Multicast VPN

To provide Multicast VPN (MVPN) service, Provider Edge routers originate BGP Update messages that carry Multicast-VPN ("MCAST-VPN") BGP routes; they also originate unicast VPN routes that carry MVPNspecific attributes. These routes encode addresses from the customer’s address space, as well as addresses from the provider’s address space. These two address spaces are independent, and the address...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • PoPETs

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015