7

I've been looking at webRTC and stun scripts in general and their ability to bypass VPN's. And have a few questions I hope someone can help me with.

1) Since using openVPN and other VPN protocols/methods normally sets the default adaptor to itself, (like makes the primary network device the TAP adaptor for VPN) how does the stun script/webRTC script actually leak real IPv4 addresses and other information as shouldn't it route via this VPN by default?

2) I understand programs such as skype and others implement stun scripts which to me seems like it could be leaking info. Is it possible to disable stun/webRTC scripts system wide, or at least monitor them and authorise them using a HIPS style system? And would this cause any serious issues?

mcgyver5
  • 6,807
  • 2
  • 24
  • 45
user3407675
  • 73
  • 4

2 Answers2

2

  1. WebRTC does not connect to another adapter

    WebRTC have a method to enumerate all local addresses, so it can employ a wide range of NAT tunneling. It does not force a connection to use any adapter. The connection itself is handled by the OS, and WebRTC cannot change the adapter in any way.

  2. Disable STUN/WebRTC system wide is not easily feasible

    WebRTC is a technology embedded on web browsers, not on a system level. You can disable it on all your browsers if you want. Disabling STUN system wide is a lot more tricky. Every program have its own way of using it, some can be disabled by the user, some cannot.

You could try disabling UDP system wide, but this will give you a lot of headache, and you can expect innocent services failing for no reason. But you can run suspicious programs on a virtual machine, so even if some program leaks your local IP, it will only leak the internal networking used by the virtual machine, something like 192.168.1.10, and not your public IP.

D4v1dH03
  • 3
  • 2
ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • So if it just enumerates local IP addresses, how is it often able to expose the public IP behind the VPN? Not just the internal assigned DHCP/router addresses. – user3407675 Jul 09 '15 at 01:06
  • It will expose your public IP because it will connect somewhere, using the _public_ IP. That's how the public address is detected. The internal ones will never be used to connect anywhere. – ThoriumBR Jul 09 '15 at 12:52
0

You can get a list of public stun servers and point them to localhost in your HOSTS file on Windows to block them 'globally'.

A downside is that you might block a stun server that a service or site you use uses. Another downside is WebRTC detectors could use many private servers which you won't know about so its only really a temporary fix.

Internal IP Address
  • 1