This VPN service is reportedly being exploited to launch DDoS attacks [updated]

1. Home
2. News
3. Security

This VPN service is reportedly being exploited to launch DDoS attacks [updated]

(Prototype credit: FrameStockFootages/Shutterstock)

A widely used VPN service is being used to stage distributed deprival-of-service (DDoS) attacks against websites, ZDNet reported earlier this week.

The attacks seem to be related to a flaw in VyprVPN and a related online service, Outfox, that guarantees network speed and reliability to online gamers. Details of the flaw were posted on the online code-sharing website GitHub last week.

• Malware infects 30,000 Macs, including M1 MacBooks — what to do now
• What is a VPN? Find out in our consummate guide
• Plus: Why Samsung just can't beat the iPhone

Both VyprVPN and Outfox are owned and operated by Powerhouse Direction, a Texas company that besides runs Golden Frog, a Switzerland-based firm that presents itself as the owner and operator of VyprVPN and Outfox.

"Powerhouse Management products — either Outfox (a latency reduction VPN service) or VyprVPN (a full general vpn service) are exposing an interesting port — port 20811 which provides a massive information and packet amplification factor when probed with whatsoever single byte request," wrote pseudonymous security researcher Phenomite in a GitHub post Feb. sixteen.

"Non merely does this mean Powerhouse servers tin can be used as a DDoS amplification source, but reveals all servers around the world that are running such potential VPN services — which removes the privacy factor somewhat."

Massive amplification

Phenomite said the Powerhouse servers allowed for a packet-amplification factor of nigh 40 times the input, drastically increasing the amount of data that an aggressor could straight at a target website. For multi-packet attacks, Phenomite wrote, the amplification cistron was almost 366 times the input.

The researcher said he could observe about 1,500 Powerhouse-associated servers worldwide that could be exploited using this method.

All this would allow a relatively small-scale botnet to launch potentially large DDoS attacks confronting well-defended websites. DDoS attacks try to knock a web server offline by bombarding it with massive amounts of useless data and impossible requests.

The attacks would be assisted by the fact that the Powerhouse server port in question handles the relatively loose User Datagram Protocol (UDP) traffic, rather than the more tightly controlled Transmission Control Protocol (TCP) traffic that'due south used to transmit most website data.

Attacks may already exist happening

Such attacks using Powerhouse'due south servers are indeed happening, wrote ZDNet's Catalin Cimpanu, who did not reveal his sources or name whatever targets. Tom's Guide could non confirm that such attacks were taking identify.

Tom's Guide has reached out to Powerhouse Management for comment, and nosotros will update this story when we receive a respond.

There is no indication that consumer users of Powerhouse services, including VyprVPN or Outfox, are at whatsoever take a chance from these flaws.

Update: VyprVPN responds

A spokesperson for Powerhouse Direction directed u.s. to this VyprVPN web log post, posted on February. 24.

"We identified the problems and deployed a patch within an hour at approximately 7PM CST February 22nd," said the post, attributed to Golden Frog CEO Sunday Yokubaitis.

"We are confident that no client information or data was impacted or compromised," the postal service added. "Furthermore, we verified that no infrastructure was breached past any tertiary party and at that place was no unauthorized access to VyprVPN'southward servers.

"During our investigation we were too unable to place any significant traffic exploiting the vulnerability; we saw minimal traffic through these ports," the mail service said.

"The situation did not touch on our entire service, merely was isolated to a single protocol, Chameleon. Chameleon is an innovative protocol designed to defeat tough censorship and VPN blocking, and we keep to button the envelope equally we design new technologies."

Paul Wagenseil is a senior editor at Tom'southward Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'southward been rooting around in the information-security space for more than fifteen years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/vpn-flaw-ddos-exploit

Posted by: murrayclarand.blogspot.com

Share this post