Core Concepts
OpenVPN connections can be effectively fingerprinted, allowing for potential blocking with minimal collateral damage.
Abstract
VPN adoption has increased due to privacy concerns, leading to attempts by governments and ISPs to track or block VPN traffic. OpenVPN vulnerabilities allow for effective fingerprinting of connections, even obfuscated ones. A two-phase framework was developed to passively filter and actively probe OpenVPN connections, achieving a high identification rate with negligible false positives. The implications of VPN fingerprintability are discussed, urging providers to adopt more robust detection countermeasures.
Stats
Over 85% of OpenVPN flows identified with negligible false positives.
34 out of 41 obfuscated VPN configurations successfully identified.
3,638 flows flagged as OpenVPN connections over an eight-day evaluation.
Quotes
"Commercial ISPs motivated to track VPN connections."
"Obfuscated services vulnerable due to lack of random padding."
"Framework capable of processing ISP-scale traffic at line-speed."