Jump to content

Recommended Posts

Posted
  On 5/9/2024 at 6:17 PM, ChaiyaTH said:

You are really a tool lol, reading articles like this, to then think and know you are up-to-date, while this is like years old knowledge. Same time tons of solutions but whatever. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself.

Expand  

 

You have absolutely no clue what you are talking about. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself.

Posted
  On 5/9/2024 at 1:26 PM, AreYouGerman said:

ALL VPN's are affected if they are connecting to a compromised Wif with enabled DHCPi. Facts, bro.

Expand  

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

Posted
  On 5/10/2024 at 11:28 AM, Negita43 said:

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

Expand  

 

It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN".

Posted
  On 5/10/2024 at 11:36 AM, Middle Aged Grouch said:

Ok boys what's the issue ?

 

VPN in general unsafe ? or only unsafe when on a public wifi network ?

Expand  

 

Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP.

  • Thanks 1
Posted
  On 5/10/2024 at 11:28 AM, Negita43 said:

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

Expand  

 

It's not a router issue. It's a VPN client issue. VPN clients are supposed to send all traffic through the VPN but a malicious router can tell the OS to route traffic whereever, that's its job in a way. It's up to the VPN client to make sure the router can't override what the VPN is supposed to do.

  • Thumbs Up 1
Posted
  On 5/10/2024 at 11:39 AM, AreYouGerman said:

 

It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN".

Expand  

 

  On 5/10/2024 at 11:42 AM, AreYouGerman said:

 

Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP.

Expand  

 

Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can.

Posted
  On 5/10/2024 at 12:01 PM, eisfeld said:

Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can.

Expand  

 

That's incorrect.

 

"The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on."

 

https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html

  • Agree 1
Posted
  On 5/10/2024 at 12:11 PM, SingAPorn said:

so best is to avoid a VPN in other words

Expand  

 

No its still better to use the VPN  especially with a VPN client that has been patched to guard against the leaking of data

 

https://windscribe.com/

 

is one such VPN client that is supposed to not be vulnerable there are probably (hopefully) many more.

  • Agree 1
Posted
  On 5/10/2024 at 12:19 PM, AreYouGerman said:

 

That's incorrect.

 

"The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on."

 

https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html

Expand  

 

That's an attack that is only possible if the network allows any device to send these DHCP packets. A proper network only allows the router or so called secure ports to send them. The feature is usually called DHCP snooping. Even if it's not enabled and any client is allowed to act as a DHCP server then performing this attack is going to be noticed very quickly when all normal IP routing in the local network is messed up and DHCP leases exhausted. Plus the attacker needs to know the timing of the new device connecting, who he is targeting etc. It's not as easy as Heise describes.

Posted
  On 5/10/2024 at 12:11 PM, SingAPorn said:

so best is to avoid a VPN in other words....as nobody really can be 100% sure either way...so why add further portails or risky back doors..

Expand  

 

The attack voids the security a VPN can provide but you are not less secure than without VPN. Well, I guess at least you don't have a false sense of security that you would have if you had a VPN and someone managed to circumvent it.

Posted
  On 5/9/2024 at 1:40 AM, BE88 said:

 

So that it works in Thailand for Pornhub I have no problems

Expand  

It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed.

  • Thanks 1
Posted
  On 5/8/2024 at 11:14 PM, AreYouGerman said:

In short, it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN as you are connected to your VPN and everything seems in order. Everything is affected except Android, at the time of writing.

 

"TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation."

 

More on:

https://securityaffairs.com/162894/hacking/tunnelvision-attack-vpn.html

https://www.techradar.com/pro/security/many-top-vpn-apps-can-be-hacked-and-almost-totally-ruined-by-this-attack

 

 

 

 

Expand  

It can be mitigated by one more device in chain. For example you can connect your phone to a public wifi, then share this connection to your laptop. So your phone will act as DHCP server, and VPN from your laptop will be safe. Or some wifi mobile router, that can connect to other wifi and share it to your devices.

 

  • Thumbs Up 1
Posted
  On 5/10/2024 at 1:21 PM, clearance said:

It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed.

Expand  

That doesn't work for me on TOT  AKA National Telecom  I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu"

Posted
  On 5/10/2024 at 1:34 PM, johng said:

That doesn't work for me on TOT  AKA National Telecom  I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu"

Expand  

 

I think they are checking the non encrypted DNS request to see if you are trying to resolve the website's domain and then block it, and maybe even banned server IPs. But why break the law. It's illegal to use the website, you should accept it.

 

Posted

Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask.

For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on.

And if you are on Linux you can compile DHCP client that will ignore option 121 (like Android). I wonder if some clients allow to disable DHCP options already.

Posted
  On 5/10/2024 at 1:46 PM, clearance said:

Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask.

For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on.

Expand  

 

That could work because the most specific mask wins usually. But the attacker could do that as well. Then it becomes a race condition I guess.

Posted
  On 5/10/2024 at 1:46 PM, johng said:

ohh I would not break the law  just wondering how they achieve the  blocking.

Expand  

 

Do a DNS lookup on the hostname. Then a WHOIS on the IP that you get. I get a network called "Reflected Networks". If you get something strange in Thailand then they might just intercept and spoof the DNS. If the IP is fine and you can't access it then they might be just nullrouting the IPs.

 

You can also switch for example in Firefox all DNS to go over HTTPS via DoH in the settings, then the ISP can't intercept the DNS requests of the browser. See if it becomes available that way. Or use a public website to get the IP of the site and put it in your local devices network config so no DNS request goes out for it.

Posted

Maybe not related, but last month i decided to install a VPN for a.minor need. Then got 8 links stopped by my anti-virus in the next week. I then uninstalled the VPN and the attacks stopped. Are VPN's actually safe? 

Thid was a free VPN but supposedly with many millions of users.

 

I have no need for a VPN normally, and doubt if i will use one again.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...