this post was submitted on 07 May 2024
96 points (98.0% liked)

Privacy

31975 readers
740 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 6 months ago* (last edited 6 months ago) (12 children)

Use a killswitch then... no vpn, no internet

[–] [email protected] 4 points 6 months ago (2 children)

This won't mitigate this specific attack, however running your VPN as a full tunnel will.

[–] [email protected] 1 points 6 months ago (1 children)

Full tunnel would not mitigate this attack because smaller routes are preferred over larger ones. So, sure, 0.0.0.0/0 is routed over the tunnel, but a route for 8.8.8.8/32 pointing to somewhere layer2 adjacent, pushed via DHCP option 121, would supercede that due to being more specific.

[–] [email protected] 1 points 6 months ago

Full tunnel using routing wouldn't work but many full tunnel implementations use a shim where once the Tunnel is connected, the system route table isn't referenced anymore, so you can put as many static routes etc as you want, but all traffic will hit the VPN interface before routing is done. For example Cisco any connect removes route look-up from the TCP/IP stack of the local system.

load more comments (9 replies)