Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1214
Joined: Wed Feb 05, 2014 3:47 am

[The Register] There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Post by parityboy » Mon Apr 29, 2019 2:30 pm

Weird things are afoot with NordVPN's app and the traffic it generates - Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets' command-and-control servers.

Although NordVPN has told us this is expected behaviour by the app and is intended as a counter-blocking mechanism, the company's explanation has shifted a number of times.

...

Further scratching of heads led to infosec bod Ryan Niemes' personal blog, where he had written about exactly the same odd traffic. Except Niemes had noticed something else too: these domains weren't owned by anybody. So he bought them and spun up an EC2 instance to log what was coming in.
Source