this post was submitted on 07 May 2024
96 points (98.0% liked)

Privacy

31974 readers
352 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

you are viewing a single comment's thread
view the rest of the comments
[–] TheButtonJustSpins@infosec.pub 6 points 6 months ago (1 children)

Why does running the VPN in a VM mitigate the attack?

[–] pezhore@lemmy.ml 4 points 6 months ago

I think that mitigation requires two things for it to work.

  1. You need to use a a Type 2 hypervisor (like Virtualbox, VMware Workstation/Fusion).
  2. That VM needs to be configured in NAT mode.

The two primary ways you can configure a network for a local virtual machine are NAT and Bridged.

Bridged mode places your VM effectively on the same network as your host OS, meaning that any DHCP server that exists on your network (rogue or otherwise) will give your virtual machine and IP.

In NAT mode, the virtualization platform itself includes a DHCP server to dole out IPs, and handle the routing between your virtual machine and your host OS's network.

The thought process is that if you trust your laptop, the DHCP address handed out for NAT mode will not have the VPN breaking DHCP option and your VPN inside the VM will not have it's route table screwed with.