Seitenhistorie

With the attacks described, it is important to mention that they do not compromise the actual VPN tunnel. Data transmitted through the VPN tunnel is still secure.

Rather, attempts are Instead, an attempt is made to redirect divert data traffic intended for the VPN tunnel to another destination before the tunnel in order to then be able to read it in plain text .or to operate as a so-called man-in-the-middle.

To do this, a potential attacker must have access to the local network in which the VPN client is located. In the scenarios described, a rogue access point is used as the access medium, which suggests to a WLAN client that it is connecting to a trusted SSID in the local networkknown and trusted SSID. This goal is usually most easily achieved on public WLAN networks.

On the access point controlled by the attacker, he can now take appropriate measures to redirect the routing can now be changed by assigning IP addresses so that the data traffic is redirected accordingly.