With mounting pressure from anti-piracy outfits on governments to implement stricter copyright laws and record labels suing people left and right, millions of file-sharers have decided to protect their privacy by going anonymous. In Sweden alone an estimated 500,000 Internet subscribers are hiding their identities. Many of these use PPTP-based VPNs such as The Pirate Bay’s Ipredator or Relakks.
It is a known fact that PPTP based VPN connections are less secure than OpenVPN based ones, yet millions of users are opting for the former because of easy availability. At a recent Telecomix Cipher conference it was revealed that a security flaw in PPTP-VPN allows third parties to find the true IP-address of someone connected through the VPN.
The security risk is caused by a lethal combination of IPv6 and PPTP-based VPN services. IPv6 is the Internet protocol that will succeed IPv4. The protocol is promoted by Windows 7 and Vista, among others, and most people are using it without even realizing it as it’s enabled by default.
The technical details of the vulnerability, explained in this talk (see below) reveal that the true IP-address of users using IPv6 can be easily traced. Even worse, it seems that the Swedish Anti-piracy Bureau may already be using this flaw to gather data on ‘anonymous’ BitTorrent users. [via Torrent Freak]
Talk starts at 2:17:30, BitTorrent part at 2:30:00
The vulnerability is not limited to BitTorrent users. Anybody who is using such VPN are exposing their real identify to every connection.
To remove the threat Windows Vista and 7 users are advised to turn of IPv6 by following these steps:
Open Control Panel and click on Network and Internet and then click “View network status and tasks”.
On the left sidebar click Change Adapter settings to view the icons of your various connection.
Right click on the connection shortcut you use and choose Properties. Then click on the Tab Networking and uncheck the box “Internet Protocol Version 6 (TCP/IPv6)”
So, what's the exploit, then? The two things I would think being a problem are the local-link address that is generated based on the NIC's MAC addy (and thus exposing a MAC address that might be traced to an individual PC) or the other "auto" IPv6 address with the 2002::/8 prefix. This last one includes your full IPv4 addy, though if you're behind NAT, it will only expose your internal IP (say, 192.168.1.2 or something useless like that).
Of course, if your ISP is already using IPv6, well… yes, your true, ISP-traceable addy is available. I suppose that disabling IPv6 on the PPTP interface would be easier, that should block the leak. IPv6 will begin dominating the internet sooner than later, as IPv4 exhaustion is estimated to happen in *less than 12 months* from now.
The comment by Anonymous 2010.08.17 is the first intelligent thing I've seen published about this "terrible security flaw in PPTP"
Amusingly, it's now the end of 2012 and almost everybody is still using IPv4.
I think, as the other writer, that disabling IPv6 on your vpn adapter is the easiest way to go. By the time IPv6 is really necessary your PPTP service should have an IPv6 server.
Anyway, PPTP properly configured does not have a gigantic security flaw. It is perfectly safe for run-of-mill security. There seems to be a lot of paranoia out there.