Ancestors

Written by The Shadowserver Foundation on 2025-01-15 at 13:36

Now sharing open IP tunnel hosts in a new daily Open IP-Tunnel report https://shadowserver.org/what-we-do/network-reporting/open-ip-tunnel-report/

These hosts accept tunnelling packets such as IPIP, GRE without authenticating the source IPv4 or IPv6 addr, which can be abused for DoS/other attacks

~436K GRE & ~66K IPIP vulnerable IPs found on 2025-01-14

Geo breakdown (GRE/GRE6):

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-14&source=ip_tunnel&source=ip_tunnel6&tag=gre&tag=gre*&geo=all&data_set=count&scale=log

Geo breakdown (IPIP/IP6IP6):

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-14&source=ip_tunnel&source=ip_tunnel6&tag=ip6ip6&tag=ipip&geo=all&data_set=count&scale=log

These vulnerabilities were discovered by Angelos Beitis and Mathy Vanhoef @vanhoefm at the DistriNet Reseach Unit at KU Leuven University in Belgium. Thank you for the collaboration!

You can find more details on the vulnerabilities at: https://github.com/vanhoefm/tunneltester

=> View attached media | View attached media | View attached media

=> More informations about this toot | More toots from shadowserver@infosec.exchange

Toot

Written by The Shadowserver Foundation on 2025-01-29 at 20:47

Added 4in6 & 6in4 scans to our Open IP-Tunnel reporting (hosts that accepted unauthenticated packets from an arbitrary source, which can be abused for DoS/other attacks) https://shadowserver.org/what-we-do/network-reporting/open-ip-tunnel-report/

~150K 4in6 open tunnels found (most in Germany)

~1.07M 6in4 open tunnels found

4in6 open tunnel map (2025-01-28:

https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2025-01-28&source=ip_tunnel&source=ip_tunnel6&tag=4in6&geo=all&data_set=count&scale=log

6in4 open tunnel map (2025-01-28):

https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2025-01-28&source=ip_tunnel&source=ip_tunnel6&tag=6in4&geo=all&data_set=count&scale=log

4in6 open tunnel tracker:

https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30&source=ip_tunnel&source=ip_tunnel6&tag=4in6&dataset=unique_ips&style=stacked

6in4 open tunnel tracker:

https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30&source=ip_tunnel&source=ip_tunnel6&tag=6in4&dataset=unique_ips&style=stacked

Background and more details:

https://github.com/vanhoefm/tunneltester

=> View attached media | View attached media

=> More informations about this toot | More toots from shadowserver@infosec.exchange

Descendants

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113913602898615167
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 348.555805 milliseconds
Gemini-to-HTML Time: 1.533459 milliseconds

This content has been proxied by September (3851b).