OpenVPN chikamu chekuona nzira
Muzvinyorwa zvekuchengetedza uye kusasimba kwandakagovera pano pablogi, vanowanzotaura kuti hapana hurongwa, hardware kana kushandiswa kwakachengeteka, sezvo pasinei nokuti yakawanda sei inoti ndeye 100% yakavimbika, nhau pamusoro pekusagadzikana kwakaonekwa kwakatiratidza. zvakapesana..
Chikonzero chekutaura izvi ndechekuti munguva pfupi yapfuura a boka revatsvakurudzi kubva kuYunivhesiti yeMichigan akaita chidzidzo chekutsvaga OpenVPN-based VPN connections, izvo zvinotiratidza kuti kushandiswa kweVPN hakuvimbise kuti chiitiko chedu pane network chakachengeteka.
Nzira inoshandiswa nevatsvakurudzi inonzi "VPN Fingerprinting", iyo inotarisisa traffic traffic uye muchidzidzo chakaitwa Nzira nhatu dzinoshanda dzakawanikwa kuona OpenVPN protocol pakati pemamwe mapaketi etiweki, ayo anogona kushandiswa mumigwagwa yekuongorora masisitimu kuti avhare madhivhizheni anoshandisa OpenVPN.
Mumiyedzo yakaitwa pane network yeInternet provider Merit, iyo ine vanopfuura miriyoni vashandisi, yakaratidza izvozvo nzira idzi dzinogona kuona 85% yeOpenVPN masesheni ane yakaderera mwero wenhema. Kuita bvunzo, seti yezvishandiso yakashandiswa iyo yakaona OpenVPN traffic munguva chaiyo mune passive modhi uyezve yakasimbisa chokwadi chemhedzisiro kuburikidza neanoshanda cheki neseva. Munguva yekuedza, analyzer yakagadzirwa nevatsvakurudzi yakabata kuyerera kwetraffic nehuwandu hunosvika 20 Gbps.
Nzira dzekuziva dzinoshandiswa dzinobva pakuona kweOpenVPN-yakatarwa mapatani mune unencrypted packet headers, ACK packet sizes uye server mhinduro.
- In the Chekutanga kesi, yakabatanidzwa kune pateni mu "operation kodhi" ndima»mumusoro wepaketi panguva yekubatanidza kutaurirana nhanho, iyo inoshanduka kufanofungidzira zvichienderana nekugadziriswa kwekubatanidza. Kuzivikanwa kunowanikwa nekuzivisa yakatarwa kutevedzana kweopcode shanduko mumapaketi mashoma ekutanga ekuyerera kwedata.
- Yechipiri nzira yakavakirwa pahukuru chaihwo hwema ACK mapaketi inoshandiswa muOpenVPN panguva yekubatanidza nhaurirano. Kuzivikanwa kunoitwa nekuziva kuti ACK mapaketi ehukuru hwakapihwa anoitika chete mune zvimwe zvikamu zvechirongwa, senge kana uchitanga OpenVPN kubatana uko yekutanga ACK packet inowanzova yechitatu data packet inotumirwa muchikamu.
- El Yetatu nzira inosanganisira cheki inoshanda nekukumbira kugadziridzwa kwekubatanidza, uko OpenVPN server inotumira chaiyo RST packet mukupindura. Zvakakosha, cheki iyi haishande kana uchishandisa tls-auth modhi, sevhavha yeOpenVPN inofuratira zvikumbiro kubva kune vasina kutenderwa vatengi kuburikidza neTLS.
Mhedzisiro yechidzidzo ichi yakaratidza kuti muongorori akakwanisa kuona 1.718 kubva pa2.000 bvunzo yeOpenVPN yekubatanidza yakagadzwa nemutengi ane chitsotsi achishandisa makumi mana akasiyana akajairwa OpenVPN magadzirirwo. Iyo nzira yakashanda zvinobudirira kune makumi matatu nemapfumbamwe e40 zvigadziriso zvakaedzwa. Pamusoro pezvo, mukati memazuva masere ekuyedzwa, zvikamu zve39 OpenVPN zvakaonekwa mutraffic traffic, iyo 40 zvikamu zvakasimbiswa sezviri kushanda.
Izvo zvakakosha kuti uzive izvozvo Nzira yakarongwa ine muganhu wepamusoro wezvinyorwa zvenhema maodha matatu ehukuru hudiki pane nzira dzakapfuura zvichienderana nekushandiswa kwemichina yekudzidza. Izvi zvinoratidza kuti nzira dzakagadzirwa neYunivhesiti yeMichigan vatsvakurudzi dzakanyanya uye dzinoshanda pakuziva OpenVPN kuwirirana mumigwagwa yetiweki.
Kuita kweOpenVPN traffic sniffing dziviriro nzira pamasevhisi ekutengesa kwakaongororwa kuburikidza nemiedzo yakasiyana. Pamakumi mana nerimwe eVPN masevhisi akaedzwa akashandisa OpenVPN traffic cloaking nzira, traffic yakaonekwa mumakesi makumi matatu nemana. Masevhisi aisakwanisa kuwonekwa akashandisa mamwe matinji pamusoro peOpenVPN kuvanza traffic, sekuendesa OpenVPN traffic kuburikidza neimwe yakavharidzirwa mugero. Mazhinji masevhisi akabudirira kucherechedzwa akashandiswa XOR traffic kukanganisa, mamwe matinji e obfuscation pasina akaringana random traffic padding, kana kuvapo kweasina-obfuscated OpenVPN masevhisi pane imwechete server.
Kana iwe uchida kudzidza zvakawanda nezvazvo, unogona kubvunza ruzivo pa chinotevera chinongedzo.