At the Telecomix Cipher conference a security flaw was revealed that allows third parties to findreal IP-address of someone connected through a VPN.

The security risk is caused by a combination of IPv6(Internet Protocol version 6) and PPTP-based VPN services. IPv6 is the update for IPv4, the current version of most popular network layer protocol for packet-switched internetworks used on the Internet. From Windows Vista, IPv6 is fully implemented and supported, is also installed and enabled by default.

IPv6 is not common yet, as most software, routers, modems, and other network equipments does not support the emerging and future-proof protocol yet. The protocol is promoted by Windows 7 and Vista and most people are using it without even realizing it. Nowadays MAC OS and Linux have built in IPv6 support and this secure issue not depends on OS you use. Turning off IPv6 support does not affect the functionality of Internet browsing for average users.

The main problem is that fairly easy to find MAC-addresses(its unique for each network adapter) andcomputer names!! of people who use such VPN solution(do you still use PPTP?). All this was tested on BitTorrentusers but anybody who is using PPTP-based VPN are exposing their real identify to every connection.

To close such unsecure hole in PPTP VPN I see this solutions:

1) Change PPTP-based VPN to L2TP, SSTP or OpenVPN. OpenVPN is more encrypted and more stable solution so it will be best choice.

2) You can disable IPv6 protocol for VPN connection.

Right click on the connection shortcut you use and choose Properties. Then click on the Tab Networking and uncheck the box “Internet Protocol Version 6 (TCP/IPv6)” his disables IPv6 on the particular VPN connection or network interface. Due to most of ISP dont support IPv6 recommend users to disable IPv6 on all adapters.

Note! Disable IPv6 on network interfaces does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. I dont find any information if its unsecure so this can be solution too and you can feel safe again.

3) If you are paranoic and mad of security you can disable IPv6 component in Windows using this steps:

• Open Registry Editor (regedit).
• Navigate to the following registry key branch:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\

• Create the following registry value (DWORD type):DisabledComponentsNote that the name must be exactly as shown, including capitalization. DisabledComponents is set to 0 by default.
• The DisabledComponents registry value is a bit mask that controls the following series of flags, starting with the low order bit (Bit 0). To determine the value of DisabledComponents for a specific set of bits, the process is complicated, were hexadecimal value is calculated from binary number of the bits in correct position. For convenient, the following table lists some common configuration combinations and the corresponding DWORD value of DisabledComponents.

Configuration combination	DisabledComponents value
Disable all tunnel interfaces	0×1
Disable 6to4	0×2
Disable ISATAP	0×4
Disable Teredo	0×8
Disable Teredo and 6to4	0xA
Disable all LAN and PPP interfaces	0×10
Disable all LAN, PPP, and tunnel interfaces	0×11
Prefer IPv4 over IPv6	0×20
Disable IPv6 over all interfaces and prefer IPv4 to IPv6	0xFF

As you can see, to disable IPv6 support globally on all interface, set the value data for DisabledComponents to0xFF. The registry entry will look like below:

• Once changed – you shouild restart the computer for changes to take effect.

PS. To revert and enable IPv6, delete “DisabledComponents” registry key or set its registry value to 0.

for MAC OS

IPv6 is active by default. It can be manually disabled either with the GUI network control panel or on the command line with this command:

# ip6 -x

you can find more details about IPv6 in MAC OS here

for Linux

all depends on distribution you use. Try check google or submit comment. I will try help you.

>> Do you VPN provider add you such details? Do you think they think about your securtity not money?