Unencrypted Tunneling Connections

WANs are more secure than unencrypted tunneling connections. Therefore, WAN-to-WAN connections are considered secure in some uses of SSH. However, WAN-to-WAN connections often have poor reliability and latency, and their security is not guaranteed for the lifetime of the connection. Many newer deployments run routers that also provide VPN services for the WAN connection. This type of VPN typically adds in a VPN encryption option, allowing the network administrator to assign a password to the VPN session. Some systems may allow administrators to lock out VPN users or force them to re-enter the password whenever their WAN access is enabled, but these options do not address the reliability and security concerns raised by unencrypted tunneling.

What is Wide-Area Network (WAN) Technology? | Fortinet

Reftel Security Attacks on Diameter

A classic attack against NATs used to be based on a type of network data attack called Reftel. In this type of attack, a malicious ISP would create a fraudulent WAN stream that was different from the legitimate WAN traffic sent by a host computer. The malicious upstream traffic would be discovered and turned into a legitimate network stream by a network server that is configured to route the suspicious data to the legitimate traffic instead. When the malicious upstream traffic was intercepted by a network monitor, it would get mixed up with legitimate network traffic. As a result, the attacker would see a different stream of network traffic than the monitor. However, the attacker would be able to capture the unique stream generated by the victim. As a result, the attacker could modify legitimate traffic by injecting fraudulent packets. By altering traffic from the victim to that of the attacker, the attacker could degrade the victim’s service.

This type of attack was known as REF. Because DNS DNS responses are encrypted, the attacker would not be able to identify whether the victim had already changed their DNS servers. DNS responses can be easily seen, even by a large number of people, because of DNS cache poisoning attacks.

There are two basic types of REF attacks: Source-Only and Target-Only. A Source-Only REF attacks a victim by sending spoofed IP packets to their DNS servers. The victim responds to the spoofed IP packet with a spoofed response, thus corrupting the victim’s DNS caching information. The Target-Only REF attacks a victim by sending spoofed DNS responses that are received by a victim’s DNS servers. The spoofed responses have the same content as the legitimate responses sent by the victim, and are therefore received by the victim’s DNS servers as valid responses. The victim’s DNS response data is then corrupted, thereby causing the victim’s service to degrade.

Because the NATs used for the various Internet Protocols (IPv4 and IPv6) are designed to block spoofed DNS responses from actually reaching the victim’s DNS servers, they are much more resistant to Reftel attacks. Therefore, NATs used for port forwarding and web filtering will usually take this attack into account. According to this information from a colocation company, it’s best to back up your data through dedicated servers.

Leave us a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.