Summary: Recent research indicates that over 4 million internet-connected systems, including VPN servers and home routers, are vulnerable to attacks due to flaws in tunneling protocols. The study, led by Mathy Vanhoef and Angelos Beitis, highlights the potential for attackers to exploit these vulnerabilities for anonymous attacks. Misconfigured systems that accept tunneling packets without verifying sender identity pose significant security risks.
Threat Actor: Unknown | unknown
Victim: Various | various
Keypoints :
- Over 4.26 million vulnerable hosts identified, including VPN servers and home routers.
- Attackers can exploit misconfigured systems to conduct anonymous attacks, including DoS and DNS spoofing.
- Majority of vulnerable hosts located in China and France; several CVE identifiers assigned to the vulnerabilities.