On May 6, 2024, a researcher from Leviathan Security Group identified a new technique, termed as "TunnelVision", that can bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of Dynamic Host Configuration Protocol (DHCP). TunnelVision involves the routing of traffic without encryption through a VPN. This traffic can be directed by the attacker's configured DHCP server using option 121, ultimately being redirected to the internet via a side channel created by the attacker. The existing VPN tunnel remains intact, and the side channel created by the attacker cannot be detected by the existing VPN tunnel. CVE-2024-3661 has been assigned to this critical vulnerability.
Workaround and Mitigation advise:
1. Instead of using public WiFi network, use a mobile hotspots for VPN connection
2. In hotel, instead of using hotel Wired or WiFi network directly, use a travel router to connect to hotel wired network, then use this network for VPN connection
3. Using a Virtual machine for VPN connection
Reference:
No comments:
Post a Comment