Answer the question
In order to leave comments, you need to log in
K
K
kyrtka1232021-07-03 14:56:39
kyrtka123, 2021-07-03 14:56:39
Is it possible to sniff VPN traffic on VDS?
There is a network through which traffic passes along this path:
VPN1->TOR->VPN2 VPN1
and TOR are located on server No. 1.
VPN2 is located on server #2.
Question:
If an attacker connects to server #1, will he be able to see what traffic goes to or through it? (Provided that the logs are not kept there)
VPN Wireguard is deployed on server No. 1, which wraps traffic in TOR and sends it to VPN2.
5 answer(s)
@CityCat4
@vabka
@jenki
@firedragon
@hukendo
he can, turn on tcpdump and look, put netflow, and the collector on a remote machine and he will have logs.
"who works on ru, they come to him in the morning"))
C
CityCat4, 2021-07-03 @CityCat4
Ohhhh... Let's start over. What is the intruder model? So who are you going to protect yourself from? A scheme where vpn1 is located in one country (preferably hostile to the resident country) and vpn2 in another - it seems to be quite reliable.
BUT:
It should be noted that no one ever breaks a scheme or cipher :) You will be broken :) You can’t hide the fact that you are connecting to an incomprehensible IP "in foreign countries" in relation to the resident country in no way from the word. This is not a "black mark" yet, but already a reason to ask for an explanation
. Now, in essence.
What does "connect" mean? I don’t think that everyone can connect to it in a row - for sure IPs are limited :) If we are talking about hosting admins - it all depends on their admin desire to delve into the VPS - if they have such a desire, they just tilt the machine and gut a copy :)
And then it all depends on how interesting (from their point of view) things you do. In especially stubborn cases, you can also modify the demon - you hardly control the integrity, so much so that the data goes straight to the mail?
V
Vasily Bannikov, 2021-07-03 @vabka
Traffic can easily be listened to from the outside - anyway, the provider sees that you are connecting to some European server, and all traffic is encrypted - so you will also be included in the list of suspicious people.
Well, there is not much difference, you have 1 intermediate node, or two - if you are already suspected of something, then they will go through the entire chain and see that you are sitting in the torus.
S
Stanislav Bodrov, 2021-07-04 @jenki
Is it possible to sniff VPN traffic on VDS?What's the problem with that? Few hypervisors stick out on the network with password access via ssh? Literally stands. Admins on shift can also connect out of boredom or something else, grep in tcpdump to find what they need. And then it's a matter of technology. VDS clients themselves are not averse to listening (spoof to help) their neighbors.
V
Vladimir Korotenko, 2021-07-03 @firedragon
According to statistics, node exits are 80% controlled by some murky organizations of 3 letters.
That's where everything lands and is analyzed
A
Alexey Hukendo, 2021-07-05 @hukendo
If an attacker connects to server #1, will he be able to see what traffic is going to or through it?
he can, turn on tcpdump and look, put netflow, and the collector on a remote machine and he will have logs.
"who works on ru, they come to him in the morning"))
Similar questions
D
S
J
V
M
Mark Rosenthal2015-06-17 10:15:55
How to organize high-speed Internet access for a small office?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question