VPN security breach
terje at elde.net
Fri Nov 27 16:08:57 UTC 2015
> On 27 Nov 2015, at 14:44, Mario Lobo <lobo at bsd.com.br> wrote:
> Any comments on this?
Unless I'm missing something, this is not only entirely possible, but it's also completely obvious.
In order for it to work, you depend on letting attackers "book" port mappings on the same IP that other customers "dial in" to. "Dial in" and "exit" IPs needs to be the same.
That's such a broken concept that any serious service couldn't possible come up with it. In fact, in order to do that, you more or less have to take extra precautions towards making sure you fail.
More information about the freebsd-questions