A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

Title: A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients
Author(s): Haddadi, H
Perta, V
Item Type: Conference Paper
Abstract: Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that can address these vulnerabilities
Publication Date: 18-Apr-2015
Date of Acceptance: 17-Feb-2015
URI: http://hdl.handle.net/10044/1/56834
DOI: https://dx.doi.org/10.1515/popets-2015-0006
ISSN: 2299-0984
Publisher: De Gruyter
Start Page: 77
End Page: 91
Journal / Book Title: Proceedings on Privacy Enhancing Technologies
Volume: 2015
Issue: 1
Copyright Statement: © 2015. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. BY-NC-ND 3.0
Conference Name: The 15th Privacy Enhancing Technologies Symposium (PETS 2015)
Publication Status: Published
Start Date: 2015-06-30
Conference Place: Philadelphia, PA, USA
Open Access location: https://doi.org/10.1515/popets-2015-0006
Appears in Collections:Dyson School of Design Engineering

Items in Spiral are protected by copyright, with all rights reserved, unless otherwise indicated.

Creative Commons