Security News > 2024 > May > New attack leaks VPN traffic using rogue DHCP servers
A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection.
The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.
"Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway," reads the report.
Use network namespaces on Linux to isolate network interfaces and routing tables from the rest of the system, preventing rogue DHCP configurations from affecting VPN traffic.
Configure VPN clients to deny all inbound and outbound traffic that does not use the VPN interface.
As for VPN providers, they are encouraged to enhance their client software to implement their own DHCP handlers or integrate additional security checks that would block applying risky DHCP configurations.
News URL
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Clop ransomware threatens 66 Cleo attack victims with data leak (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Hackers leak configs and VPN credentials for 15,000 FortiGate devices (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)