cisco anyconnect and nsa ssl vpn exploits

Being a legitimate foreign intelligence target, I watch my computer for obvious signs of snoops, probably us based, doing what they are paid to do: engage in snooping.

The latest interesting observation comes from watching how and older, unpatched version of cisco’s any connect vpn client interacts with the windows routing  table.

It just so happened (urr, Ive no idea how it just happened to happen, that is, to use GCHQ double speak) that a vnc client, which comes with vnc listener was set to run, over the vpn tunnel. And something interesting things happened, back on the clients routing table.


The CISCO any connect driver (with the extra implant for exploitation added, presumably, as enabled and facilitated by secret cisco arrangements with NSA) detects the change to the windows routing table. Or rather, what it perceives as such.

Interestingly, the driver is placed in s state that it cannot recover from; requiring a service restart.

if one is going to attack a client-side VPN, one WILL attack the core routing module within the OS. One has to induce cleartext information flows to the exploit – the plaintext subject to the VPN tunneling or the cryptovariables (for use in passive attacks, later). If nothing else, one has to stain the outer tunnel packets (to make the passive identification easier, later).



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in spying. Bookmark the permalink.