Reply to post: Re: Don't get this...

There's NordVPN odd about this, right? Infosec types concerned over strange app traffic

Anonymous Coward
Anonymous Coward

Re: Don't get this...

"but why would their client send keep-alive messages outside the VPN"

The three potential VALID reasons I can think of (there maybe more):

- they maybe recording DNS/HTTPS response metrics for quality control/debug purposes. This may or may not have reached production quality code.

- it maybe used to determine network reachability. i.e. reliably determining if you have connectivity to DNS inside the tunnel/outside the tunnel and if failing over to another NordVPN server site is required. If this is the case, it's not well thought through - they should own the DNS zone not just make one up...

- it maybe used to determine if you are using NordVPN DNS servers or another providers to identify if you are potentially leaking browsing details via DNS outside of NordVPN

The less valid reason is that it was a test feature that was accidentally deployed to production without full awareness from operational staff. This would also explain the apparent confusion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019