Comment on Mullvad VPN: Introducing Defense against AI-guided Traffic Analysis (DAITA)

• thatsnothowyoudoit@lemmy.ca ⁨6⁩ ⁨months⁩ ago

  The Option 121 attack is a concern on networks where you don’t.

  Exactly where you’d want a VPN. Cafes, hotels, etc.

  source

  • SpaceCadet@feddit.nl ⁨6⁩ ⁨months⁩ ago

    True that. Hadn’t thought of that as it’s not my typical VPN use case.

    I’m not sure what a VPN provider could do about that though, they don’t control the operating system’s networking stack. If the user or an outside process that the user decides to trust (i.e. a dhcp server) adds its own network routes, the OS will follow it and route traffic outside of the tunnel.

    The defenses I see against it are:

    • Run the VPN and everything that needs to go through the VPN in a virtualized, non-bridged environment so it’s unaffected by the routing table.
    • Put a NAT-ing device in between your computer and the network you want to use
    • Modify the DHCP client so that option 121 is rejected

    source
• pyrosis@lemmy.world ⁨6⁩ ⁨months⁩ ago

  Of course but you don’t control rogue dhcp servers some asshat might plug in anywhere else that isn’t your network

  source