Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: [The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

[The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

by parityboy » Mon Apr 29, 2019 2:30 pm

Weird things are afoot with NordVPN's app and the traffic it generates - Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets' command-and-control servers.

Although NordVPN has told us this is expected behaviour by the app and is intended as a counter-blocking mechanism, the company's explanation has shifted a number of times.

...

Further scratching of heads led to infosec bod Ryan Niemes' personal blog, where he had written about exactly the same odd traffic. Except Niemes had noticed something else too: these domains weren't owned by anybody. So he bought them and spun up an EC2 instance to log what was coming in.
Source

Top