Toot

Written by The Shadowserver Foundation on 2025-01-15 at 13:36

Now sharing open IP tunnel hosts in a new daily Open IP-Tunnel report https://shadowserver.org/what-we-do/network-reporting/open-ip-tunnel-report/

These hosts accept tunnelling packets such as IPIP, GRE without authenticating the source IPv4 or IPv6 addr, which can be abused for DoS/other attacks

~436K GRE & ~66K IPIP vulnerable IPs found on 2025-01-14

Geo breakdown (GRE/GRE6):

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-14&source=ip_tunnel&source=ip_tunnel6&tag=gre&tag=gre*&geo=all&data_set=count&scale=log

Geo breakdown (IPIP/IP6IP6):

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-01-14&source=ip_tunnel&source=ip_tunnel6&tag=ip6ip6&tag=ipip&geo=all&data_set=count&scale=log

These vulnerabilities were discovered by Angelos Beitis and Mathy Vanhoef @vanhoefm at the DistriNet Reseach Unit at KU Leuven University in Belgium. Thank you for the collaboration!

You can find more details on the vulnerabilities at: https://github.com/vanhoefm/tunneltester

=> View attached media | View attached media | View attached media

=> More informations about this toot | View the thread | More toots from shadowserver@infosec.exchange

Mentions

=> View vanhoefm@infosec.exchange profile

Tags

Proxy Information
Original URL
gemini://mastogem.picasoft.net/toot/113832636304476603
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
223.362694 milliseconds
Gemini-to-HTML Time
0.46229 milliseconds

This content has been proxied by September (3851b).