Tunnelpocalypse
Rich Compton
DEF CON 33 (backfill) · Day 1 · Main Stage
Rich Compton's DEF CON talk, "Tunnelpocalypse," unveils a critical and pervasive vulnerability that significantly escalates the threat of IP spoofing and, consequently, distributed denial-of-service (DDoS) amplification attacks. The talk highlights how millions of internet-connected devices, including routers, switches, and VPN servers from major vendors, are inadvertently configured to de-encapsulate tunneled network traffic even when no explicit tunnel configuration exists. This oversight allows attackers to encapsulate spoofed IP packets within legitimate tunnel protocols like **GRE** (Generic Routing Encapsulation) or **IP-in-IP**, bypass traditional anti-spoofing filters, and unleash amplified attack traffic.
AI review
Compton takes genuine original research (credit to Veritus/Vanho at KU Leuven) and translates it into an operationally grounded DEF CON talk with real numbers, a working PoC, and concrete defensive tooling. The 4M vulnerable hosts across 11K ASes figure, the 61-layer GRE stacking demo, and the internal-ingress-filtering blind spot (his own 90% estimate) are all substantive contributions that justify the slot.