Comment on It's Time to Bring Back the Steam Machine
drspod@lemmy.ml 6 months agoNow that TunnelVision has been disclosed to the general public
That vulnerability affected every OS except Android.
Comment on It's Time to Bring Back the Steam Machine
drspod@lemmy.ml 6 months agoNow that TunnelVision has been disclosed to the general public
That vulnerability affected every OS except Android.
Telorand@reddthat.com 6 months ago
Yes, but you can relegate your network interface to a namespace in Linux, which is a remedy the researchers reckon recommend. You have to use your internet-facing programs in a VM in Windows to achieve the same effect, and that’s a lot of overhead just to protect yourself.
Buelldozer@lemmy.today 6 months ago
Eh, there’s 20 different ways to detect DHCP Option 121 fuckery and once it’s detected it’s rather trivial to shut down. Any VPN client worth its salt will be updated in 60 days or less to fix this and existing VPN clients can be hardened against TunnelVision with some fairly simple scripting.
It’s a serious vulnerability but it’s hardly the unfixable world ender that the media has made it out to be.
Telorand@reddthat.com 6 months ago
Good to know. Got any specific sources for the scripting, or should I just search for something like “option 121 mitigation?”
Buelldozer@lemmy.today 6 months ago
I don’t know if there’s any pre-built scripting out there (yet) for this but it’s relatively straight forward in Windows to use powershell and either look in the registry for the assigned dhcp options ( HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\1) or check the routing table and for illogical routes.
Assuming that you aren’t using split tunneling you could also have powershell check your external IP address for the expected result.
Another possibility is to grab the dhcp test tool from Github and have it run in non-interactive mode and parse it’s output. Something I find VERY interesting is that Andrey Baranov specifically added Option 121 to that tool in March of 2023!
With any of those it’s a matter of what you want to have happen when you detect the problem such as warning the user and disconnecting the vpn or attempting to mitigate the problem by reconfiguring the routing table.
I’ll probably be scripting up a remediation over the next few days, I’ll try and remember to come back and share what I did.
drspod@lemmy.ml 6 months ago
Interesting, thanks.