From owner-freebsd-questions@freebsd.org  Fri Nov 27 15:55:49 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A03F3A39764
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 27 Nov 2015 15:55:49 +0000 (UTC)
 (envelope-from lokadamus@gmx.de)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id ECB591C47
 for <freebsd-questions@freebsd.org>; Fri, 27 Nov 2015 15:55:48 +0000 (UTC)
 (envelope-from lokadamus@gmx.de)
Received: from [192.168.0.143] ([95.91.227.13]) by mail.gmx.com (mrgmx103)
 with ESMTPSA (Nemesis) id 0LwrS8-1aM9MR0rPM-016OUY; Fri, 27 Nov 2015 16:55:39
 +0100
Subject: Re: VPN security breach
To: Matthias Apitz <guru@unixarea.de>, freebsd-questions@freebsd.org
References: <20151127104401.7fdfd5fd@Papi>
 <20151127145148.GA2047@c720-r276659.oa.oclc.org>
From: "lokadamus@gmx.de" <lokadamus@gmx.de>
Message-ID: <56587CFA.3010309@gmx.de>
Date: Fri, 27 Nov 2015 16:55:38 +0100
User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <20151127145148.GA2047@c720-r276659.oa.oclc.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:Fs+pR8vKN0AvE+u2ERaZ+HKQ0gZKTdw/ksso+CX5QaqMjYDnYAb
 s6LZEERtth/8owsBDmt7b4tEKzk9fupJWK2TEtUy48NPsY4sdxE+r5UtGnX7KDzjXF+1qt5
 wt1AG8Ut9ToywMpLJR3R6gg3c18oFNQVBoJGTzsgFIFNRQm42Dco9qV8TmbrNEzAPuAmkEw
 sBtbEboGPxtlnhGhfLEAw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:prWyjmtLewI=:WJi3gC2Bqn5SEQ6eVBr+Pf
 G4T7ru7taTzQ6bglN7rnxWqa8B14jly0HtMkIHHS1ClRjKEYqf0qCKGDnFdjE3HqPO38kkLbu
 cPK3u+NkU7RtkGNd6QT6h2pCvkmQbgCZySOJ0XIs/aVj5/iKDS1lZaR23aoFDkqnIYIUyeill
 MQgoGL1D7tH4llUiOdI7bQY+e/7UpORmlQk8YlVR5tDSjw9ZyLQbmPC+v9676h0BtqzGPj79z
 +s55brJq28W9iwJ8TDe8rHP1Exu5fpxBtLNhyXqn3Osoj+JJNmjPcryjmyV2lOoXEotpeVFFz
 Q1sNPMlZHyA8QUxz3MsbSPu+DREQZZDMsmaPeqP75Y8ehWV5Ufuwkdupj4MRAkUzOLEYdYBLP
 3KN+0BuInokAHS2r3IVvCT5JSbd9i66tcBasOUkESECpVWX60l39zCX0Z+w8MzCsGgILqPFU9
 425LXCLv8feEP0wLY0qmxjR0OxZfui26BNuLrJ2nY4ZOdAIdKA4K8PcgCfdvqYa3oSa0LmKAM
 r2wue07lr34AvhXQ0T7QI2VCB1z8alYCS40drqIPD5+ySQsX5YP37ZDOqXKa0ddVQ4f2xQu/L
 u/gv1jLEhCNyGUx3J7hMAFDjVYucejZkt05zJywoQRON7j3DqX7nE2qU8SQpEecBfhddfVanI
 WqPz1uYh43PcLcDzrw4LPGMJrklkQo5QJHoL4kiqy8CjixRWqacMPP/60745tr1OmH4SYgbue
 mLh8Esb+OS/fXf0rpvfjWV6NXjedbHqKIWB9kmV/Bw/F+E4vkbJVerKeyM0up+AGJZCYNmsZ2
 9F1Bs1O3SQ+fhS5as8DX0XBGK1S3g==
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2015 15:55:49 -0000

On 11/27/15 15:51, Matthias Apitz wrote:
> El día Friday, November 27, 2015 a las 10:44:01AM -0300, Mario Lobo escribió:
> 
>> Any comments on this?
>>
>> https://thehackernews.com/2015/11/vpn-hacking.html
> 
> $ netstat -rn
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            192.168.2.1        UGS       wlan0
> 10.0.1.0/24        10.49.94.103       UGS        tun0
> 10.13.1.0/24       10.49.94.103       UGS        tun0
> ...
> 
> i.e. my default route goes to the WLAN AP in my home with an unreachable
> private IP addr. So what?
> 
> 	matthias
> 
Do you really have an extern IP? Where this ip is shown in your netstat?
Sorry, but looking in your own lan is a little bit stupid.

It is an error, which is possible.
When NSA get your ip, they can look, what you have done.
Greetings