Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
side of the Flytrap. VPN Link timeouts can be specified on a per-Target basis in a
Mission.
(S) Note that any time a Target is undergoing a VPN Proxy Action, a VPN Link is
established. So, while a Target’s traffic is being proxied, the VPN Link could also be
used to exploit clients behind the Flytrap’s LAN/WLAN.
(S) Note that VPN Proxy/Link Actions require an operational CB-VPN -- see the “Cherry
Blossom Installation Guide” for CB-VPN installation and configuration instructions.
(S) See section 9.27 for a detailed description of the usage of VPN Link and Proxy.
(S) Note that VPN Proxy/Link actions are not supported on VxWorks devices.
5.2.3.10 (U) Global Actions
(S) Flytraps support the Mission-configurable “Copy All”, “VPN Proxy All”, “VPN
Link”, and “Copy VoIP” (Roundhouse devices only) global actions. These actions are
performed on all clients connected to the Flytrap, regardless of whether that client is a
Target. “Copy All” copies all of the Flytrap’s network traffic to the CT, and “VPN Proxy
All” proxies all of the Flytrap’s TCP and UDP traffic to a CB-VPN server. “VPN Link”
provides a routable network path from the CB-VPN to the Flytrap’s WAN. The VPN
Link is established as soon as the Flytrap receives a Mission with a VPN Link Global
Action. Note that if “VPN Proxy All” is selected, a VPN Link will be established. “Copy
VoIP” copies any VoIP traffic from calls initiated after the start of the Copy action (see
5.2.3.11). “Copy All”, “VPN Proxy All”, “VPN Link”, and “Copy VoIP” also support
Mission-configurable timeout values. See section 5.2.3.9.3 for more information on VPN
Proxy and VPN Link.
(S) Note that VPN Proxy/Link Actions require an operational CB-VPN -- see the “Cherry
Blossom Installation Guide” for CB-VPN installation and configuration instructions.
(S) See section 9.27 for a detailed description of the usage of VPN Link and Proxy.
5.2.3.11 (S) VoIP Copy Actions (Roundhouse Devices Only)
(S) Roundhouse version 2 devices (svn > 7500) support special VoIP-related copy
actions that include:
• Copy VoIP (Global) – any VoIP traffic (RTP, RTCP, SIP) from calls established
after the start of the Copy action are copied. Note that this is a global action (see
5.2.3.10)
• Copy VoIP (Target) – after a Target detection, any VoIP traffic (RTP, RTCP,
SIP) from calls established after the start of the Copy action are copied.
• Copy Call (VoIP Target) – after a VoIP Target detection, any VoIP traffic (RTP,
RTCP, SIP) from calls established after the start of the Copy action are copied.
(S) The Roundhouse contractor has added support for suspension of VoIP Copy actions
when disruption of normal user service (both VoIP service and internet service) is
17
SECRET//20350112