VPNs rendered obsolete?

Mojo_Jojo Primate Joined Feb 2001 Posts 14852 EE 0% (0) FL, USA	Posted: 5/7/2024 2:30:38 PM EDT Interesting read! https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
	"Send lawyers, guns and money The shit has hit the fan..."

right_rudder The immunizer... Joined Aug 2012 Posts 18453 EE 100% (1) TX, USA	Posted: 5/7/2024 2:32:13 PM EDT [#1] https://www.ar15.com/forums/general/TunnelVision-attack-negates-the-value-of-VPNs/5-2723664/
	Will not shelter in place

JamiesGotAGun Giggity Joined Aug 2014 Posts 8814 EE 100% (1) MN, USA	Posted: 5/7/2024 2:33:40 PM EDT [#2] Asked and answered.
	Reserved for something witty.

RandyLahey01 Member Joined Nov 2016 Posts 2679 EE 100% (41) USA	Posted: 5/7/2024 2:43:37 PM EDT [#3] Dupetastic

formerlyphat Member Joined Jun 2014 Posts 2606 EE 0% (0) NH, USA	Posted: 5/7/2024 2:43:50 PM EDT [#4] Damn, that’s not good. This has very far reaching implications for anyone or any company that thought VPNs were protecting them.
	"Live free or die; death is not the worst of evils." – General John Stark

dmnoid77 Turgid Member Joined Mar 2008 Posts 30472 EE 0% (0) USA	Posted: 5/7/2024 2:44:14 PM EDT [#5] Quote History Originally Posted By formerlyphat: Damn, that’s not good. This has very far reaching implications for anyone or any company that thought VPNs were protecting them. View Quote Meh.
	Originally Posted By HermanSnerd: In reality, those two hot chicks that you just met that want you to come home with them for "a good time", are merely the bait for the huge guy hiding in the closet wearing a Batman suit.

3one5 Member Joined Aug 2001 Posts 20892 EE 100% (18) USA	Posted: 5/7/2024 2:44:54 PM EDT [#6] Thinking of re-creating this one in the lab. Looks pretty slick.

jeremy223

Joined Oct 2002
Posts 8303
EE 100% (3)

CO, USA

Posted: 5/7/2024 3:43:51 PM EDT

[#7]

Quote History

Originally Posted By formerlyphat:
Damn, that's not good. This has very far reaching implications for anyone or any company that thought VPNs were protecting them.

View Quote

Not really.
If you were victim of this attack, and you made a VPN connection to your work VPN concentrator, your client would end up trying to initiate connections to RFC1918 IPs on your internal network and would never get a response, as they would never hit the tunnel and be dropped once they reach an Internet router. Similarly, any traffic sourcing from your VPN concentrator side, would never get responses from your end point.

jb31

NorCal call sign: Duct Tape

Joined Jun 2010
Posts 12084
EE 100% (7)

KS, USA

Posted: 5/7/2024 5:16:09 PM EDT

[#8]

Quote History

Originally Posted By dmnoid77:

Meh.

View Quote View All Quotes

View All Quotes

Quote History

Originally Posted By dmnoid77:

Originally Posted By formerlyphat:
Damn, that’s not good. This has very far reaching implications for anyone or any company that thought VPNs were protecting them.

Meh.

This. It requires running a rouge DHCP server on the network. Not seeing this as some major issue.