• @[email protected]
    link
    fedilink
    English
    17
    edit-2
    8 months ago

    If i get this right, that attack only works before the tunnel is initiated (i.e. traffic encrypted), if the hosts is compromised, right? No danger from untrusted points inbetween, right?

    • @[email protected]
      link
      fedilink
      English
      228 months ago

      This technique can also be used against an already established VPN connection once the VPN user’s host needs to renew a lease from our DHCP server. We can artificially create that scenario by setting a short lease time in the DHCP lease, so the user updates their routing table more frequently. In addition, the VPN control channel is still intact because it already uses the physical interface for its communication. In our testing, the VPN always continued to report as connected, and the kill switch was never engaged to drop our VPN connection.

      Sounds to me like it totally works even after the tunnel has started.

      • Natanael
        link
        fedilink
        English
        28 months ago

        Yeah, it’s like a fake traffic cop basically, sending your (network) traffic down the wrong route

        • @[email protected]
          link
          fedilink
          English
          18 months ago

          More like a corrupt traffic cop. There are reasons you might want this kind of functionality, which is why it exists. Normally you can trust the cop (DHCP server) but in this case the cop has decided to send everyone from all streets down to the docks.

          • Natanael
            link
            fedilink
            English
            18 months ago

            These types of attacks would likely be implemented via DHCP spoofing / poisoning, unless you’re on a malicious network

            • @[email protected]
              link
              fedilink
              English
              18 months ago

              I’d think the place most people use VPN is public wifi, unless they are utilizing workplace VPN.

    • @[email protected]
      link
      fedilink
      English
      13
      edit-2
      8 months ago

      No, it works at any point and the local network needs to be compromised (untrusted), the host can be secure.

      So it is likely not an issue at your home unless you have weak Wi-Fi password. But on any public/untrusted Wi-Fi, it is an issue.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          8 months ago

          That being said, it apparently does not affect Mullvad apps on any platform other than iOS (Apple does not allow fixing it on iOS). I suspect other serious VPNs are also not vulnerable outside iOS, since it is prevented by simple leak prevention mechanism.