25 Apr ‘Port Fail’ Threatens to Expose VPN Users’ Real IP Address
A flaw among VPN protocols and operating system found by Perfect Privacy threatens to expose the user’s real IP address. This is not only restricted to VPN customers, but to Bittorrent users as well. Perfect Privacy, the VPN service provider which discovered this issue, found out that the dangerous ‘Port Fail’ could do the following: 1.) allow port forwarding, and 2.) leave any computer vulnerable to the attack. ‘Port Fail’ can affect all VPN protocols – OpenVPN, IPsec, PPTP, and L2TP – and can reveal the real IP address of a specific computer despite using a firewall, proxy, or VPN service.
“The crucial issue here is that a VPN user connecting to his own VPN server will use his default route with his real IP address, as this is required for the VPN connection to work,” Perfect Privacy wrote in a blog post.
Understanding Port Forwarding
Port forwarding is a technique that is most commonly used to make host services that are in an internal or protected network available to hosts in an external network or those on the opposite side of the gateway. This is done by remapping the destination IP address and port number of the communication to an internal host. For example, the attacker can trick the victim into visiting a false website and opening a file. Port forwarding allows the attacker and the victim to be on the same network, thereby allowing the attacker to see the real IP address of the victim.
Knowing Your IP Address
Knowing what your IP address is can be crucial in protecting yourself from ‘Port Fail’ attacks. The IP address is the unique identifier that handles the address of the file packets so it gets transmitted to the right destination. There are two ways in which a computer gets it IP address: it can either be newly assigned at the time of booting, or be permanent by a fixed configuration of the hardware of software. These are called dynamic IP address and static IP address, respectively.
Dynamic IP addresses are recommended if you want an IP address that changes from time to time. A dynamic IP address reduces the burden of assigning a specific permanent IP address to a device – it can change even by just turning the router on and off. Plus it uses a leasing system, which means that an IP address is only active at a given period of time, and once the lease expires, the IP address also changes.
Protecting Yourself from Port Fail
To protect yourself from Port Fail and other potential port forwarding attacks, strengthen your computer’s firewall. VPN services can be bypassed despite their tight protocols, so it is better to know how firewalls work so you can be more cautious regarding port forwarding attacks. However, these VPN services have one of tightest protocols in the industry, so if you are considering on using one or switching providers, try one of the following:
PureVPN. PureVPN offers the usual protocols plus the newer, more advanced ones: PPTP, L2TP/IPsec, SSTP, OpenVPN, and IKEv2 which also employs the 256-bit military-grade encryption. These security features protects all the user’s data from hackers and snoopers, especially for those who frequently connect to public Wi-Fi hotspots such as those in coffee shops and airports. As an added layer of protection, they also offer NAT Firewall (it blocks unrequested inbound traffic), DDoS protection (defeats the most complex DDoS attacks), and a fool-proof Internet Kill Switch (prevents traffic in and out of the computer when your connection fails).
Hide.me. This VPN service has the latest protocols today: IKEv2, which is compatible with Windows and Linux, is an easy-to-set-up industry standard protocol that is resistant to short-term loss of network connectivity; IKEv1, which is compatible with Mac, Windows, Linux, Android, and iOS, is similar to IKEv2 with the exception of NAT-traversal, IP mobility, and remote access; OpenVPN, which is compatible with all operating systems, is the best and most reliable protocol; and SoftEther, which is compatible on Mac, Windows, and Linux, uses the strongest cryptographic algorithms that penetrates firewalls. SSTP, PPTP, and L2TP/IPsec are also available. The strongest protocols support AES-256 encryptions, while some only support AES-128. These protocols are guaranteed to safeguard all your sensitive data from being fraudulently used by criminals – you can access your bank account or perform transactions online without worrying about being robbed.
NordVPN. NordVPN prides itself on its DoubleVPN, a unique system that encrypts your data twice using military-grade AES-256-CBC encryption. Plus, they have a DNS Leak resolver in case DNS servers send unencrypted queries outside your server and expose your IP address and the sites you visited. According to them, it is ‘the tightest security in the industry’ and is not offered by any other service. They also have an automatic kill switch in case your connection suddenly falters. It shuts down all the applications (which you select beforehand) in the event of a connection loss. It’s a fool-proof way of making sure that nobody tries to snoop in on your activities.