Early 2025, Mathy Vanhoef and his Team from KU Leuven University released a research where they described a new found vulnerability in tunneling-protocolss, exposing over 4 million internet hosts to potential exploitation.
💡
For our zeroBS/Avydos – Clients: we received the Testscript from the research-Team and are able to check our clients infrastructure upon request; please contact your accountmanager.
Key Findings:
- Scope of Vulnerability:
Approximately 4.26 million hosts are susceptible, including devices such as VPN servers, ISP home routers, core internet routers, mobile network gateways, and CDN nodes. - Affected Protocols:
The vulnerabilities pertain to tunneling protocols like IPIP/IP6IP6, GRE/GRE6, 4in6, and 6in4. - Potential Risks:
Attackers can exploit these vulnerabilities to hijack affected hosts and misuse them as proxies, enabling anonymous attacks and unauthorized network access. This includes launching Denial of Service (DoS) attacks, DNS spoofing, off-path TCP hijacking, and SYN floods. - Potential Risks for AS/Network Operators:
If vulnerable hosts are found within your network, you could face attacks originating „from within“, which are more challenging to detect, mitigate, or block effectively.
For a comprehensive understanding of the vulnerabilities and recommended security measures, refer to the detailed report.
Ressources
- Twitter-Post : „After an embargo of 8 months, we are glad to finally share our USENIX Security ’25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.“
- Paper: New Tunneling Protocol Vulnerabilities
English 
German