IPv6 security vulnerability pokes holes in VPN providers' claims

Discussion in 'privacy technology' started by ronjor, Jul 8, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes. It's essential to disable IPv6 support, in your router and devices, and to configure firewalls to block all IPv6 traffic.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Only four of the 14 VPN services that they tested didn't leak IPv6: TorGuard, PIA, VyprVPN and Mullvad. And they accomplish that by disabling IPv6.

    AirVPN did leak, but say that they've fixed the problem, and that the researchers didn't redo the testing. The researchers didn't test BolehVPN, Insorg or iVPN.

    All of the 14 VPN services leaked on Android :(

    The paper is at http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf

    Edit: And none of the 14 VPN services leaked on iOS :eek: I'm impressed :)

    Edit: See https://torrentfreak.com/vpn-providers-respond-to-allegations-of-data-leakage-150701/

    Edit: See http://dnsleak.com/ for DNS (IPv4 and IPv6) and email leak tests.

    Edit: A firewall rule that allows DNS (port 53) only on the VPN tunnel blocks the DNS route injection attacks. With that rule, you must specify VPN servers by IP address, because hostnames can't be resolved before the VPN connects.
     
    Last edited: Jul 9, 2015
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I call BS. Either Google search should have picked up https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition/ (or in later December 2014, https://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/). And even the 2013 edition covers 21 VPN services: Private Internet Access, Torguard, TorrentPrivacy, IPVanish, Privacy.io, VikingVPN, Anonine, IVPN, AirVPN, PrivatVPN, PRQ, Boxpn, EarthVPN, Mullvad, Faceless.me, BlackVPN, Ipredator, BolehVPN, NordVPN, Proxy.sh and HideIPVPN.

    Edit: ... and cluelessness:
    Whonix <> "live Linux distribution"
     
    Last edited: Jul 9, 2015
  5. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    62
    Nord vpn even recommended to disable IPv6 when I talked to them. That was awhile back not that I needed to know FWIW.
     
Loading...