...
This document contains information on the measures that can be taken against the "LocalNet" and "ServerIP" attacks described by Mathy Vanheof in the paper "Leaking VPN Client Traffic by Abusing Routing Tables" (#VU563667).
| Info |
|---|
With the attacks described, it is important to mention that they do not compromise the actual VPN tunnel. Data transmitted through the VPN tunnel is still secure. Rather, attempts are made to redirect data traffic intended for the VPN tunnel to another destination before the tunnel in order to then be able to read it in plain text. In the application scenarios usually used by our customers (secure VPN client access, e.g. from the home network to the company network), this can only succeed if an attacker has access not only to the local network in which the VPN client is currently located, but also to the (company) network to which the VPN tunnel connects. Therefore, for example, VPN client connections that a company uses to provide its employees with secure access to the company network are less likely to be affected by attacks. In public (WLAN) networks and/or when using public VPN servers, however, these attack possibilities pose a certain danger, which is why the countermeasures described in this document should be implemented there in any case. |
...