Versionen im Vergleich

Alte Version 17

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

This document contains information on the measures that can be taken against the "LocalNet" and "ServerIP" attacks described by Mathy Vanheof in the paper " Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables" (#VU563667VU#563667). The attacks are also described at https://tunnelcrack.mathyvanhoef.com/ .

Info

With the attacks described, it is important to mention that they do not compromise the actual VPN tunnel. Data transmitted through the VPN tunnel is still secure.

Rather, attempts are Instead, an attempt is made to redirect divert data traffic intended for the VPN tunnel to another destination before the tunnel in order to then be able to read it in plain text .or to operate as a so-called man-in-the-middle.

To do this, a potential attacker must have access to the local network in which the VPN client is located. In the scenarios described, a rogue access point is used as the access medium, which suggests to a WLAN client that it is connecting to a trusted SSID in the local networkknown and trusted SSID. This goal is usually most easily achieved on public WLAN networks.

On the access point controlled by the attacker, he can now take appropriate measures to redirect the routing can now be changed by assigning IP addresses so that the data traffic is redirected accordingly.

All attacks and their variants are described in the following CVE messages in addition to the explanations in the paper:

LocalNet attacks:

ServerIP attacks:

Info

In the default setting, both the Advanced VPN Clients for Windows and macOS are vulnerable to both attacks (LocalNet and ServerIP).

We have compiled detailed technical information on this topic for you in a PDF document:

View file
nameAdvisory_TunnelCrack vulnerabilities (VU#563667).pdf
height150400

1. LANCOM Advanced VPN Client for Windows

...

Alternatively, the integrated Advanced VPN Client Firewall can be configured such that only VPN traffic is allowed outside the tunnel (using the firewall option “Permit IPsec protocol” firewall option), with dedicated exceptions for, e.g., the local network printer. 

...

Additionally, the integrated Advanced VPN Client Firewall can be configured such that only VPN traffic is allowed outside the VPN tunnel. This can be achieved by setting the “Permit IPsec protocol” firewall option and removing all other firewall rules (see step 1.1).


2. LANCOM Advanced VPN Client for macOS

...