VPN hijacking on Linux (and beyond) systems

Any other tech-related topics
Post Reply
Message
Author
thepiney
Posts: 135
Joined: Wed Aug 31, 2011 11:57 am

VPN hijacking on Linux (and beyond) systems

#1 Post by thepiney » Sun Dec 08, 2019 11:44 pm

Came across this on Distrowatch Weekly --> https://distrowatch.com/weekly.php?issue=20191209#news

Affecting Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android.

William Tolley has disclosed a severe VPN-related problem in most current systems: "I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections." There are various partial mitigations available, but a full solution to the problem has not yet been worked out. Most VPNs are vulnerable, but Tor evidently is not.
More information ---> https://lwn.net/Articles/806546/

User avatar
Midas
Posts: 5467
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: VPN hijacking on Linux (and beyond) systems

#2 Post by Midas » Mon Dec 09, 2019 6:03 am

Wow! That's like a "your VPN is now void" kind of vulnerability -- repressive regimes are sure to applaud... :shock:

bitcoin
Posts: 207
Joined: Sun Dec 31, 2017 6:32 pm

Re: VPN hijacking on Linux (and beyond) systems

#3 Post by bitcoin » Mon Dec 09, 2019 10:40 am

i just assume i'm being spied on whenever i use the internet by various scumbag govt organizations and private sleazeballs as well

User avatar
Midas
Posts: 5467
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: VPN hijacking on Linux (and beyond) systems

#4 Post by Midas » Sun Feb 02, 2020 4:55 am

All hope is not lost...

Linux creator Linus Torvalds merged David Miller's net-next into his source tree for the Linux 5.6 kernel. This merger added plenty of new network-related drivers and features to the upcoming 5.6 kernel, with No.1 on the list being simply "Add WireGuard."


Just in case you're left wondering, Wireguard is a VPN solution comparable to IPsec and OpenVPN. Here's hoping this spills into Windows, too...

thepiney
Posts: 135
Joined: Wed Aug 31, 2011 11:57 am

Re: VPN hijacking on Linux (and beyond) systems

#5 Post by thepiney » Tue Feb 04, 2020 5:51 pm

Some more information on WireGuard --> https://www.wireguard.com

Post Reply