• dgmib@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    As I mentioned in my other comment, this wouldn’t let an attacker eavesdrop on traffic on a VPN to a private corporate network by itself. It has to be traffic that is routable without the VPN.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      I don’t know, if you’ve already have full control over routing and have some form of local presence, seems to me you could do something interesting with a proxy, maybe even route the traffic back to the tunnel adapter.

      • dgmib@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        I can’t see routing traffic to some kind of local presence and then routing back to the target machine to route out through the tunnel adapter without a successful compromise of at least one other vulnerability.

        That’s not to say there’s nothing you could do… I could see some kind of social engineering attack maybe… leaked traffic redirects to a local web server that presents a fake authentication screen that phishes credentials , or something like that. I could only see that working in a very targeted situation… would have to be something more than just a some rouge public wi-fi. They’d have to have some prior knowledge of the private network the target was connecting to.

        • linearchaos@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          We’re already assuming you have something that can compromise DHCP. Once you make that assumption who’s to say you don’t have a VM hanging out.