24 Feb 10 UDP Tunneling to avoid hotspot or firewall restrictions

UDP tunneling is an attack that is often overlooked when manufacturers design wireless hotspot and other firewall/proxy based devices.

When you try and resolve a domain name, you make a request to a name server on UDP port 53. The way that a lot of wireless hotspot, firewalls and proxies work, is that your DNS request is allowed out, you get the IP for the machine you’re looking for, and then your request to the IP is redirected to the wireless hotspot login page, or through a web proxy server.

The problem is, that all port 53 UDP traffic is allowed out to anywhere, without any kind of authentication. You can therefore install OpenVPN on a remote server which by default listens in on UDP port 1194. You can change this with one configuration option to 53, and then edit your client config to connect to the server on port 53 instead. Often, other TCP/UDP ports might be allowed out, and ICMP is also sometimes a possibility. It is possible to easily tunnel your data out over TCP, UDP or ICMP as a worst case.

This type of attack worked on 5 out of 6 different wireless hotspot systems to gain access without authentication.

The one that it didn’t work on, captured all outbound 53 UDP requests, and silently redirected them to it’s own local DNS server. This is simple enough to do, so I’m not sure why more manufacturers haven’t done the same. Using iptables:

${IPTABLES} -t nat -A PREROUTING -i eth0 -p udp -m udp –dport 53 -j REDIRECT –to-port 53

These are the same type of rules used to configure transparent proxying for Squid.

Tags: 53, firewall, hotspot, iptables, openvpn, squid, transparent proxying, udp, udp tunneling

13 Nov 09 UK VPN Hosting

I’m going to be offering some VERY high end UK VPN hosting accounts in the next few weeks once I can get a site and signup form up and running. The VPN servers will run from within the same cluster as this site, and so you can test your ping time with ping www.adamsinfo.com which in my case from my London based BETHERE DSL connection gives a 16-17ms ping time. You can also grab http://www.adamsinfo.com/wp-content/10mb.test and http://www.adamsinfo.com/wp-content/100mb.test for speed tests. I’m planning on running OpenVPN as the server software but will additionally offer PoPToP if anyone really wants it. Compared to other VPN providers, this will be a reasonably expensive offering. This is on the promise that:

• The service will be thoroughly undersubscribed
• The connectivity will be very fast
• You can select as much bandwidth as you want from 512kbit up to 80mbit – assuming your ISP supports it.
• Your service can be configured to use compression and encryption if you wish, meaning even faster access for you. This can use a lot of CPU and RAM on our end
• Custom set up as you wish as well as NAT 1:1 dedicated public IP and reverse DNS
• Squid Caching Proxy if desired
• 99.9% uptime guaranteed or your month’s money back

Addition I will be running the multithreaded tcp tunnel server software for anyone who wishes to use it, which means that with the right settings/config at your end, you can balance your VPN access over multiple connections at your local end.

Contact me (adam [AT] adamsinfo [DOT] com) to register interest!

Tags: openvpn, poptop, pptp, uk vpn, uk vpn hosting, VPN

05 Oct 09 UK VPS

I’m going to be starting a UK VPS provider in the next few weeks. I’ve had a few requests for UK VPS hosting lately. We’re going to be using the XEN technology, and hosting out of UKSOLUTIONS and RAPIDSWITCH, both of which are excellent UK Colo Providers. Simple signup and payment process, fast activation and an entirely unmanaged/automated service is what I’m ultimately aiming for. I’m hoping for positive benchmark results and guaranteeing no overselling. Unlike a lot of hosts, I’m also shooting for good fast access, rather than an ‘unlimited bandwidth’ plan, that you can never use more than 1TB/month on due to the slow speeds.

Ultimately, I’ll be moving for automatic payment/provisioning, and allowing the user to change plan at any time, without any manual intervention from an admin side. A  VPS/OpenVPN service is also not out of the question. Currently, we’ve got the support resources to attend to these things quickly enough, but instant is always better than quick!

Any requests, comments or ideas greatfully received on what promises to be a great UK VPS host!

Tags: Hosting, openvpn, uk vps, vps

02 Oct 09 Security Consultant – Man In The Middle Attacks (MITM)

A Man In The Middle (MITM) attack is a popular network based attack in order to hijack a connection or to sniff traffic. A MITM attack actually covers a variety of different methods. A MITM attack is literally positioning yourself as the attacker between the two communicating parties. Whether you do that via an ARP attack, some type of cryptographic attack, or a physical attack depends on the requirements and scenario. As a security consultant it is important to ensure that the network and it’s communications are as secure as possible against this type of attack. I will cover a simple physical MITM attack, then an ARP attack, and then prevention techniques.
(more…)

Tags: arp, arp attack, arp poisoning, cryptographic attack, default gateway, gateway, layer 2, layer 3, man in the middle, managed switch, MITM, network bridge, nic, openvpn, router, Security Consultant, self signed certificate, SSL, switch

16 Sep 09 Multithreaded Tunnel Proxy and OpenVPN experiment

Further to the Multithreaded TCP Tunnel Proxy that I wrote a while ago, I’ve picked up a low end UK VPS and installed OpenVPN on it, as well as my local machine. I set up the iproute2 split access load balancer and established the OpenVPN connection.

Now, each of the two DSL lines is established at 17mbit giving me a theoretical maximum of 2.125MB/sec. In actual fact to kernel.org I can get a steady 1.7-1.8MB/sec which is more than enough. From my 100mbit UK VPS, I can get 8-9MB/sec from kernel.org without issue. Establishing OpenVPN over a single connection and then pulling a file from kernel.org leaves me with only 1.3MB/sec which I’m not best pleased about. Pulling the file through a proxy running on the UK VPS downloads at 1.6MB/sec minimum, so it isn’t my new route that’s causing the slow down, it’s OpenVPN.  Either way, I didn’t bother testing for any improvement with pptpd because I need OpenVPN’s single TCP connection anyway for this experiment to work.

The positive outcome of the story, is that with iproute2 load balancing set up, and OpenVPN established through the multithreaded TCP proxy over both connections, and using -t4. My single 1.3MB/sec became 2.2MB/sec which is IMHO an incredibly successful outcome.

A problem to note, is that on more than one occasion, netstat/lsof showed 3 TCP connections established over one DSL, and 1 over the other DSL. I just restarted my tcp tunnel a few times until I had them equally balanced. If this was a big enough problem -t6, -t8 or -t10 might have showed interesting results, but the more threads the more delay and potential issue with misordered packets. -t4 with iptables forcing the TCP connections equally over the DSLs might also be worth investigating. Nevertheless, as the experiment goes, a pleasing outcome!

Tags: dsl, iproute2, load balancer, multithreaded tcp tunnel, openvpn, proxy, split access, tcp, tcp tunnel, vps

15 Sep 08 Quick Linux and Windows OpenVPN HOWTO and tutorial, including VPN routing

OpenVPN is a popular Windows/Linux VPN Server/Client pair. I think there’s a separate GUI available for it if you’re so minded. This howto will cover command line usage only.

I’ll provide example configuration based on a Linux server and a Windows client, however the same applies pretty easily if you wanted to mix and match.

On debian, apt-get install openvpn. On any other linux distro, use your own package manager or alternatively download from source and compile.
(more…)

Tags: 10.8.0.1, 10.8.0.2, apt-get, client, compile, compression, daemon, daemonize, debian, default gateway, distro, established, forward, generate, interface, IP address, iptables, ip_forward, keepalive, Linux, linux server, masquerade, nat, openvpn, package manager, ping, related, remote, route, route add, route delete, route print, routing, secret key, server, source, tap, tcp, tcpdump, traffic, tun, udp, VPN, vpn client, vpn server, windows, windows client