New ways of intrusion into the system can be accessed through VPN

Source: Internet
Author: User

New ways of intrusion into the system can be accessed through VPN

VPN has become more and more widely used. Some people use it to bypass the review system, some use it to access websites prohibited by the State, and some use it as the privacy protection layer.

There are usually two reasons for using VPN in our work: Access Vulnerability exploitation toolkit or anonymous testing of audio and terminal security products. Most vulnerability exploitation kits attack by filtering the victim's IP address. In addition, the testing results of audio and terminal security products in the lab environment are different from those on the home or enterprise user machine. Therefore, VPN is very important in daily work.

One thing happened this month. We use commercial VPN as usual. As usual, we use Fiddler to test the malicious traffic of the VirtualBox client and manually enable "Allow Remote Computer Connection" in the configuration ", then the machine in the lab also opens the firewall and NAT. The proxy and VPN were opened for one night.

Then, the next morning, when all the clients were shut down that night, we found some strange traffic in the history of Fiddler. We guess whether a malware is running on the host or someone accesses the Fiddler agent over the network. Therefore, we quickly checked the traffic that we found was passing through the VPN network interface. The Nmap scan of the vpn ip proves our doubts again. Lab machines can connect to all services (Apache, FTP, Fiddler, RDP) over the Internet through vpn ip addresses ). Among them, the Fiddler proxy port is used as an open proxy for malicious purposes such as click fraud. But at least port SMB 445 is filtered out by the firewall.

Although Windows Firewall is always on, VPN interface is set to public mode, private network is set to private mode, but because these services are manually configured, you can directly access the service to browse the privacy document.

We think most VPN companies do not have this problem. Generally, VPN providers have fewer public IPS than VPN users, which means they use NAT in some places. This will not happen if you use NAT.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.