Powerhouse Management products – either Outfox (a latency reduction VPN service) or VyprVPN (a general vpn service) are exposing an interesting port – port 20811 which provides a massive data and packet amplification factor when probed with any single byte request.
Not only does this mean Powerhouse servers can be used as a DDoS amplification source, but reveals all servers around the world that are running such potential VPN services – which removes the privacy factor somewhat.
In testing, Powerhouse Management ISP owned servers were not present on Shodan at all, however responded to our probes with varying degrees of amplification. All response IP’s had the hostname of "undefined.hostname.localhost"
- Packet amplification = 1 : 1-50
- Very unstable, sometimes no response at all (not a rate limit)
- Average was 9 packets across 100 test IPs
- Data amplification average = ~40x
- Multi-packet average effective amplification = 366x
- NTP vibes anyone?
