Virtual Security Network

The Virtual Security Network is a VPN that adds filtering of outgoing and incoming IP packets based on TCP and UDP destination ports to prevent malicious network actions.

Comment 1

Inspiration

I was inspired to create the VSN when I read an article about Pegasus spyware installing itself with a link to a URL that specified the port 30495. I realized that if I created an Android app that used the VPN API to forward all the outgoing traffic then the VPN server could analyze that traffic and prevent outgoing or incoming traffic to unconventional ports. With the VPN server configured to only forward IP packets that contained HTTP or DNS then current Pegasus spyware could not be installed, but basic web browsing would be unaffected.

What it does

The VSN is made of two parts. The first part is the Android VPN app that forwards all web traffic to the other part, the VSN server. The VSN server then analyzes network traffic at an IP packet level and checks the packet payloads to ensure that only packets with destination ports used by conventional web browsing are forwarded. Another feature of the VSN is that it uses TCP instead of a traditional VPN tunnel protocol to forward the packets to the VSN server. This prevents issues with networks blocking ports to prevent the use of VPNs. The VSN traffic over TCP to port 80 would be more difficult to distinguish from regular web traffic. Although I didn't implement it in the prototype, a final version would use TLS to encrypt the traffic from Android to the server.

How we built it

I built a basic app that implements the Android VPN API using Java. Then for the server I used Scapy to handle the packets received as bytes from the app. In addition to Scapy for the server, I implemented an asyncio Protocol in order to handle multiple VSN clients efficiently. Linux was also important for the server because it allows manipulation of the computer's TCP functionality, which I will get more into in challenges.

Challenges we ran into

One challenge that I ran into was the kernel of the server sending TCP RST and ICMP port unreachable packets. This was happening because the Scapy raw socket the server used to forward packets was operating in the user level of Linux. The kernel was receiving responses to packets forwarded by the Scapy raw socket, but it didn't have sockets open on those ports in the OS level. In order to fix the problem, I used the Linux firewall to block outgoing ICMP port unreachable packets and iptables to block outgoing RST packets.

Accomplishments that we're proud of

I attempted to use the Android VPN API before for a different project but had issues getting the forwarding to work, so I am proud to have created a fully functional VPN this time.

What we learned

During the course of this project, I expanded my knowledge of networking fundamentals.

What's next for Virtual Security Network

I have several other ideas that could expand the network filtering capabilities of the VSN server such as using a Python regex to find suspicious looking URLs within the packet HTTP payloads.

Built With

Share this project:

Updates