Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks - Help Net Security - eviltoast
  • xylogx@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    1 year ago

    This requires an attacker to first get MitM, which is a pretty high bar:

    “The first pair of bugs can be exploited in a LocalNet attack, i.e., when a user connects to an Wi-Fi or Ethernet network set up by an attacker. The latter pair can be leveraged in a ServerIP attack, either by attackers that are running an untrusted Wi-Fi/Ethernet network or by malicious internet service providers (ISPs).”

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      I mean, a VPN is kinda meant for untrusted networks.

      The linked paper in the article is quite detailed, and describes the first step.
      Essentially, most VPNs are configured by default to allow local network access (so, internet traffic goes through the VPN, but you don’t need to disconnect from the VPN to use your printer).
      The attack requires the rogue network to assign IP addresses in the range of the targeted server. So if they know the server you are trying to access, they can make your local network contain the target servers IP. At which point, the VPN client will treat it as local traffic, and try to reach it through the local rogue network.

      VPN clients can be configured around this.
      It’s also always worth making sure a network that you don’t know is serving rfc1918 addresses.

  • Rentlar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    On my home computers I have “expose local network” on, but on mobile I have it off.