16 hours ago, ChaiyaTH said:

You are really a tool lol, reading articles like this, to then think and know you are up-to-date, while this is like years old knowledge. Same time tons of solutions but whatever. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself.

 

You have absolutely no clue what you are talking about. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself.

5 hours ago, Sticky Rice Balls said:

arent you the guy that believes a website that says something and you conclude it for fact????  oh dude...hahaha the irony

 

Where are the proofs for your stupid claim.

21 hours ago, AreYouGerman said:

ALL VPN's are affected if they are connecting to a compromised Wif with enabled DHCPi. Facts, bro.

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

Ok boys what's the issue ?

 

VPN in general unsafe ? or only unsafe when on a public wifi network ?

9 minutes ago, Negita43 said:

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

 

It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN".

3 minutes ago, Middle Aged Grouch said:

Ok boys what's the issue ?

 

VPN in general unsafe ? or only unsafe when on a public wifi network ?

 

Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP.

28 minutes ago, Negita43 said:

So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited

 

It's not a router issue. It's a VPN client issue. VPN clients are supposed to send all traffic through the VPN but a malicious router can tell the OS to route traffic whereever, that's its job in a way. It's up to the VPN client to make sure the router can't override what the VPN is supposed to do.

20 minutes ago, AreYouGerman said:

 

It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN".

 

17 minutes ago, AreYouGerman said:

 

Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP.

 

Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can.

so best is to avoid a VPN in other words....as nobody really can be 100% sure either way...so why add further portails or risky back doors..

13 minutes ago, eisfeld said:

Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can.

 

That's incorrect.

 

"The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on."

 

https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html

14 minutes ago, SingAPorn said:

so best is to avoid a VPN in other words

 

No its still better to use the VPN  especially with a VPN client that has been patched to guard against the leaking of data

 

https://windscribe.com/

 

is one such VPN client that is supposed to not be vulnerable there are probably (hopefully) many more.

24 minutes ago, AreYouGerman said:

 

That's incorrect.

 

"The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on."

 

https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html

 

That's an attack that is only possible if the network allows any device to send these DHCP packets. A proper network only allows the router or so called secure ports to send them. The feature is usually called DHCP snooping. Even if it's not enabled and any client is allowed to act as a DHCP server then performing this attack is going to be noticed very quickly when all normal IP routing in the local network is messed up and DHCP leases exhausted. Plus the attacker needs to know the timing of the new device connecting, who he is targeting etc. It's not as easy as Heise describes.

44 minutes ago, SingAPorn said:

so best is to avoid a VPN in other words....as nobody really can be 100% sure either way...so why add further portails or risky back doors..

 

The attack voids the security a VPN can provide but you are not less secure than without VPN. Well, I guess at least you don't have a false sense of security that you would have if you had a VPN and someone managed to circumvent it.

17 minutes ago, eisfeld said:

It's not as easy as Heise describes.

 

Nobody said it's easy but you said it's not possible.

 

 

1 minute ago, AreYouGerman said:

 

Nobody said it's easy but you said it's not possible.

 

 

 

In a properly set up network it's not possible.

On 5/9/2024 at 8:40 AM, BE88 said:

 

So that it works in Thailand for Pornhub I have no problems

It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed.

On 5/9/2024 at 6:14 AM, AreYouGerman said:

In short, it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN as you are connected to your VPN and everything seems in order. Everything is affected except Android, at the time of writing.

 

"TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation."

 

More on:

https://securityaffairs.com/162894/hacking/tunnelvision-attack-vpn.html

https://www.techradar.com/pro/security/many-top-vpn-apps-can-be-hacked-and-almost-totally-ruined-by-this-attack

 

 

 

 

It can be mitigated by one more device in chain. For example you can connect your phone to a public wifi, then share this connection to your laptop. So your phone will act as DHCP server, and VPN from your laptop will be safe. Or some wifi mobile router, that can connect to other wifi and share it to your devices.

 

8 minutes ago, clearance said:

It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed.

That doesn't work for me on TOT  AKA National Telecom  I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu"

1 hour ago, eisfeld said:

malicious router can tell the OS to route traffic whereever, that's its job in a way.

So it's a router issue - no malicious router no VPN issue

3 minutes ago, johng said:

That doesn't work for me on TOT  AKA National Telecom  I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu"

 

I think they are checking the non encrypted DNS request to see if you are trying to resolve the website's domain and then block it, and maybe even banned server IPs. But why break the law. It's illegal to use the website, you should accept it.

 

Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask.

For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on.

And if you are on Linux you can compile DHCP client that will ignore option 121 (like Android). I wonder if some clients allow to disable DHCP options already.

5 minutes ago, AreYouGerman said:

But why break the law. It's illegal to use the website, you should accept it.

ohh I would not break the law  just wondering how they achieve the  blocking.

3 minutes ago, clearance said:

Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask.

For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on.

 

That could work because the most specific mask wins usually. But the attacker could do that as well. Then it becomes a race condition I guess.

4 minutes ago, johng said:

ohh I would not break the law  just wondering how they achieve the  blocking.

 

Do a DNS lookup on the hostname. Then a WHOIS on the IP that you get. I get a network called "Reflected Networks". If you get something strange in Thailand then they might just intercept and spoof the DNS. If the IP is fine and you can't access it then they might be just nullrouting the IPs.

 

You can also switch for example in Firefox all DNS to go over HTTPS via DoH in the settings, then the ISP can't intercept the DNS requests of the browser. See if it becomes available that way. Or use a public website to get the IP of the site and put it in your local devices network config so no DNS request goes out for it.

Maybe not related, but last month i decided to install a VPN for a.minor need. Then got 8 links stopped by my anti-virus in the next week. I then uninstalled the VPN and the attacks stopped. Are VPN's actually safe? 

Thid was a free VPN but supposedly with many millions of users.

 

I have no need for a VPN normally, and doubt if i will use one again.

27 minutes ago, rickudon said:

Are VPN's actually safe? 

Thid was a free VPN but supposedly with many millions of users.

Not free ones!

They have to make money somehow