• @linearchaos
    link
    English
    36 months ago

    I think the real meat here would be the work from home crowd. If you can find a hole in there router, you can inject routing tables and defeat VPN.

    But the VPN client doesn’t have to be stupid. You could certainly detect rogue routes and shut down the network.

    • @dgmib
      link
      English
      46 months ago

      As I mentioned in my other comment, this wouldn’t let an attacker eavesdrop on traffic on a VPN to a private corporate network by itself. It has to be traffic that is routable without the VPN.

      • @linearchaos
        link
        English
        36 months ago

        I don’t know, if you’ve already have full control over routing and have some form of local presence, seems to me you could do something interesting with a proxy, maybe even route the traffic back to the tunnel adapter.

        • @dgmib
          link
          English
          36 months ago

          I can’t see routing traffic to some kind of local presence and then routing back to the target machine to route out through the tunnel adapter without a successful compromise of at least one other vulnerability.

          That’s not to say there’s nothing you could do… I could see some kind of social engineering attack maybe… leaked traffic redirects to a local web server that presents a fake authentication screen that phishes credentials , or something like that. I could only see that working in a very targeted situation… would have to be something more than just a some rouge public wi-fi. They’d have to have some prior knowledge of the private network the target was connecting to.

          • @linearchaos
            link
            English
            26 months ago

            We’re already assuming you have something that can compromise DHCP. Once you make that assumption who’s to say you don’t have a VM hanging out.