Quote History Originally Posted By formerlyphat:
Damn, that's not good. This has very far reaching implications for anyone or any company that thought VPNs were protecting them.
View Quote
Not really.
If you were victim of this attack, and you made a VPN connection to your work VPN concentrator, your client would end up trying to initiate connections to RFC1918 IPs on your internal network and would never get a response, as they would never hit the tunnel and be dropped once they reach an Internet router. Similarly, any traffic sourcing from your VPN concentrator side, would never get responses from your end point.