VPN Connection Hijacking Vulnerability Affects Linux, Unix Systems

Discussion in 'all things UNIX' started by ronjor, Dec 5, 2019.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    92,504
    Location:
    Texas
    By Eduard Kovacs on December 05, 2019
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,218
    OK, so this doesn't involve actually hacking the VPN encryption. It's just a local hack that lets attackers fsck with traffic from other devices on the same subnet.

    So if you're on a LAN behind a decent NAT router, only other machines on the same LAN are potentially problematic.

    And we already know that working on LANs with untrusted neighbors is hugely risky. It's best practice to at least segregate critical machines in protected subnets.

    Also, there's a good chance that tight iptables rules and routing will prevent this.

    Edit: Perhaps obviously, this focuses on using VPNs via WiFi APs. And it depends on the AP being malicious. That's a major use case, so this is a huge issue. See HN discussion at https://news.ycombinator.com/item?id=21712280
     
    Last edited: Dec 6, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.