this post was submitted on 06 May 2024
497 points (98.3% liked)

Technology

59589 readers
2962 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
(page 2) 50 comments
sorted by: hot top controversial new old
[–] Cyberflunk@lemmy.world 8 points 6 months ago

So..

reject 121;

In your dhclient?

[–] autotldr@lemmings.world 4 points 6 months ago

This is the best summary I could come up with:


Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address.

The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network.

A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel.

When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks.

This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.


The original article contains 903 words, the summary contains 196 words. Saved 78%. I'm a bot and I'm open source!

[–] Got_Bent@lemmy.world 4 points 6 months ago (2 children)

Does this mean I still can't watch porn in Texas?

[–] Imgonnatrythis@sh.itjust.works 6 points 6 months ago

Aren't you aware of the loophole that you can as long as your cousin is in it and you hold a rosary while you watch it?

load more comments (1 replies)
[–] the_third@feddit.de 4 points 6 months ago* (last edited 6 months ago) (8 children)

When I design something, critical applications get their own network namespace with only the VPN interface inside anyway. So, yeah.

load more comments (8 replies)
[–] BorgDrone@lemmy.one 3 points 6 months ago (6 children)

(…) the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address.

No. That is not the entire point of a VPN. That’s just what a few shady companies are claiming to scam uninformed users into paying for a useless service. The entire point of a VPN is to join a private network (i.e. a network that is not part of the Internet) over the public internet, such as connecting to your company network from home. Hence the name ‘virtual private network’.

There are very little, if any, benefits to using a VPN service to browse the public internet.

load more comments (6 replies)
[–] Buelldozer@lemmy.today 2 points 6 months ago

Meh, option 121 shenanigans can be detected and remediated via post connection scripting.

load more comments
view more: ‹ prev next ›