Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Jan 20, 2025
Network Security / Vulnerability
  New research has uncovered security vulnerabilities in multiple tunneling protocols  that could allow attackers to perform a wide range of attacks.  "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said  in a study, as part of a collaboration with KU Leuven professor and researcher Mathy Vanhoef.  As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries.  Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks.   "An adversary can abuse these security vulnerabilities to create one-way proxies an...