Comment on TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak (CVE-2024-3661)
just_another_person@lemmy.world 5 months ago
Pretty rough and clever. Probably used in espionage for some time now. Sounds like static addresses and network namespaces solves for most of the problem though.
ramble81@lemm.ee 5 months ago
Yeah. Easy to check and get around this. Check your routes before transmitting data, also set up your VPN to push /2s of this relying on /1s, nuke extra routes, etc.
Novel idea though that most people wouldn’t think to look for, but at the end of the day any system will follow its routing table.
Technus@lemmy.zip 5 months ago
I don’t think this is a smart way to mitigate this because it could easily result in an arms race. Push /2s, the attacker will switch to /3s; push /4s, the attacker will switch to /5s, etc. Every +1 is going to require doubling the number of routing table entries.
That can’t continue forever, obviously, but it’s going to result in a negative experience for the user if the VPN client has to push hundreds or thousands of routes to mitigate this attack.