May 10, 20242 yr Author 16 hours ago, ChaiyaTH said: You are really a tool lol, reading articles like this, to then think and know you are up-to-date, while this is like years old knowledge. Same time tons of solutions but whatever. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself. You have absolutely no clue what you are talking about. These are the worst creatures; those who read that type of tech articles, while being entirely stupid about tech themself.
May 10, 20242 yr Author 5 hours ago, Sticky Rice Balls said: arent you the guy that believes a website that says something and you conclude it for fact???? oh dude...hahaha the irony Where are the proofs for your stupid claim.
May 10, 20242 yr 21 hours ago, AreYouGerman said: ALL VPN's are affected if they are connecting to a compromised Wif with enabled DHCPi. Facts, bro. So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited
May 10, 20242 yr Ok boys what's the issue ? VPN in general unsafe ? or only unsafe when on a public wifi network ?
May 10, 20242 yr Author 9 minutes ago, Negita43 said: So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN".
May 10, 20242 yr Author 3 minutes ago, Middle Aged Grouch said: Ok boys what's the issue ? VPN in general unsafe ? or only unsafe when on a public wifi network ? Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP.
May 10, 20242 yr 28 minutes ago, Negita43 said: So it's not a VPN issue. it's a router issue because if the router isn't compromised then any issue with the VPN can't be expoited It's not a router issue. It's a VPN client issue. VPN clients are supposed to send all traffic through the VPN but a malicious router can tell the OS to route traffic whereever, that's its job in a way. It's up to the VPN client to make sure the router can't override what the VPN is supposed to do.
May 10, 20242 yr 20 minutes ago, AreYouGerman said: It's not directly a VPN vulnerability but VPNs are vulnerable to it. It's a routing issue, yes. It's also an issue of. "if you let the stranger in yoru Wifi it might be that he sees my traffic even if I use a VPN". 17 minutes ago, AreYouGerman said: Yes, generally all VPNs are affected (yes, there are exceptions and probably many VPN providers updated their client already) if you connect to a Wifi where you get your IP assigned by a DHCP and other people except you have access to the Wifi as they can setup a rogue DHCP. Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can.
May 10, 20242 yr so best is to avoid a VPN in other words....as nobody really can be 100% sure either way...so why add further portails or risky back doors..
May 10, 20242 yr Author 13 minutes ago, eisfeld said: Other people on the same Wifi can't just pose as a DHCP to push routes to you, only the router can. That's incorrect. "The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on." https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html
May 10, 20242 yr 14 minutes ago, SingAPorn said: so best is to avoid a VPN in other words No its still better to use the VPN especially with a VPN client that has been patched to guard against the leaking of data https://windscribe.com/ is one such VPN client that is supposed to not be vulnerable there are probably (hopefully) many more.
May 10, 20242 yr 24 minutes ago, AreYouGerman said: That's incorrect. "The DHCP server is usually under the control of the system administrator and third parties cannot manipulate it. However, an attacker could inject a second DHCP server into the LAN - but he would have to silence the actual, "authoritative" DHCP server. The easiest method is probably to request IP addresses en masse until its address pool is exhausted. The smuggled DHCP server can then step into the breach and assign addresses itself. Once he has bound the target device to himself, he redirects its traffic before VPN encryption and can read along from then on." https://www.heise.de/news/Tunnelvision-Angreifer-koennen-VPNs-aushebeln-und-Daten-umleiten-9710188.html That's an attack that is only possible if the network allows any device to send these DHCP packets. A proper network only allows the router or so called secure ports to send them. The feature is usually called DHCP snooping. Even if it's not enabled and any client is allowed to act as a DHCP server then performing this attack is going to be noticed very quickly when all normal IP routing in the local network is messed up and DHCP leases exhausted. Plus the attacker needs to know the timing of the new device connecting, who he is targeting etc. It's not as easy as Heise describes.
May 10, 20242 yr 44 minutes ago, SingAPorn said: so best is to avoid a VPN in other words....as nobody really can be 100% sure either way...so why add further portails or risky back doors.. The attack voids the security a VPN can provide but you are not less secure than without VPN. Well, I guess at least you don't have a false sense of security that you would have if you had a VPN and someone managed to circumvent it.
May 10, 20242 yr Author 17 minutes ago, eisfeld said: It's not as easy as Heise describes. Nobody said it's easy but you said it's not possible.
May 10, 20242 yr 1 minute ago, AreYouGerman said: Nobody said it's easy but you said it's not possible. In a properly set up network it's not possible.
May 10, 20242 yr On 5/9/2024 at 8:40 AM, BE88 said: So that it works in Thailand for Pornhub I have no problems It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed.
May 10, 20242 yr On 5/9/2024 at 6:14 AM, AreYouGerman said: In short, it's basically you going in some public wifi or compromised wifi and you won't know that your traffic is not routed through your VPN as you are connected to your VPN and everything seems in order. Everything is affected except Android, at the time of writing. "TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation." More on: https://securityaffairs.com/162894/hacking/tunnelvision-attack-vpn.html https://www.techradar.com/pro/security/many-top-vpn-apps-can-be-hacked-and-almost-totally-ruined-by-this-attack It can be mitigated by one more device in chain. For example you can connect your phone to a public wifi, then share this connection to your laptop. So your phone will act as DHCP server, and VPN from your laptop will be safe. Or some wifi mobile router, that can connect to other wifi and share it to your devices.
May 10, 20242 yr 8 minutes ago, clearance said: It is banned on DNS level, so you just can change your DNS to public ones (8.8.8.8 and 1.1.1.1 for example). No VPN needed. That doesn't work for me on TOT AKA National Telecom I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu"
May 10, 20242 yr 1 hour ago, eisfeld said: malicious router can tell the OS to route traffic whereever, that's its job in a way. So it's a router issue - no malicious router no VPN issue
May 10, 20242 yr Author 3 minutes ago, johng said: That doesn't work for me on TOT AKA National Telecom I think they use some sort of invisible proxy as well as DNS poisoning..it's beyond my level of "Kung Fu" I think they are checking the non encrypted DNS request to see if you are trying to resolve the website's domain and then block it, and maybe even banned server IPs. But why break the law. It's illegal to use the website, you should accept it. Edited May 10, 20242 yr by AreYouGerman
May 10, 20242 yr Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask. For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on. And if you are on Linux you can compile DHCP client that will ignore option 121 (like Android). I wonder if some clients allow to disable DHCP options already. Edited May 10, 20242 yr by clearance
May 10, 20242 yr 5 minutes ago, AreYouGerman said: But why break the law. It's illegal to use the website, you should accept it. ohh I would not break the law just wondering how they achieve the blocking.
May 10, 20242 yr 3 minutes ago, clearance said: Also, I wonder if it can be mitigated by split tunneling. VPN provider can push 0.0.0.0/0 route that can be affected by this attack. Or push split routes for all ranges with different netmask. For example you can push 0.0.0.0/1 and 128.0.0.0/1 to client. Or do it for every range, like 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8 and so on. That could work because the most specific mask wins usually. But the attacker could do that as well. Then it becomes a race condition I guess.
May 10, 20242 yr 4 minutes ago, johng said: ohh I would not break the law just wondering how they achieve the blocking. Do a DNS lookup on the hostname. Then a WHOIS on the IP that you get. I get a network called "Reflected Networks". If you get something strange in Thailand then they might just intercept and spoof the DNS. If the IP is fine and you can't access it then they might be just nullrouting the IPs. You can also switch for example in Firefox all DNS to go over HTTPS via DoH in the settings, then the ISP can't intercept the DNS requests of the browser. See if it becomes available that way. Or use a public website to get the IP of the site and put it in your local devices network config so no DNS request goes out for it.
May 16, 20242 yr Maybe not related, but last month i decided to install a VPN for a.minor need. Then got 8 links stopped by my anti-virus in the next week. I then uninstalled the VPN and the attacks stopped. Are VPN's actually safe? Thid was a free VPN but supposedly with many millions of users. I have no need for a VPN normally, and doubt if i will use one again.
May 16, 20242 yr 27 minutes ago, rickudon said: Are VPN's actually safe? Thid was a free VPN but supposedly with many millions of users. Not free ones! They have to make money somehow
Create an account or sign in to comment