Nhau yakaburitswa kuti yaive nguva pfupi yadarika akawana nzira iyo inobvumira munhu anorwisa kumanikidzira traffic yemushandisi kunze kweVPN mugero yavo vachishandisa akavakirwa-mukati maficha eDHCP protocol.
Akabhabhatidzwa pasi pezita rokuti "TunnelVision", iyi nzira itsva yekurwisa inobvumira kuti traffic yemunhu anenge abatwa idzoke kuburikidza neanorwisa (izvi chero bedzi munhu anorwisa achikwanisa kuwana kunetiweki yemunharaunda kana kudzora network isina waya).
Zvakakosha kuziva kuti iyo pfungwa yekuchinja yenzvimbo yekuchinja haisi itsva uye yagara ichishandiswa mukurwiswa kwakanangana ne spoofing DNS maseva. Kureva kurwiswa kwakafanana, TunnelCrack, iyo yakadzora traffic kuburikidza neinotsiva default gedhi, nyaya yakabata vese vakaedzwa iOS VPN vatengi, macOS VPNs, Windows VPNs, Linux VPNs, uye Android VPNs.
Nezve TunnelVision
Zvinonzi musimboti weTunnelVision ndizvozvo murwi anogona kutanga DHCP server yake uye shandisa kutumira ruzivo kune mutengi kuitira kuti uchinje nzira. Kunyanya, munhu anorwisa unogona kushandisa DHCP sarudzo 121, zvinova yakagadzirirwa kuendesa ruzivo pane static nzira, kugadzirisa tafura yenzira pamushini weakabatwa uye kutungamira traffic ichipfuura VPN.
Chinangwa chetsvagurudzo iyi chaive chekuyedza nzira iyi kune vanopa VPN vemazuva ano kuti vaone kusagadzikana kwavo uye kuzivisa veruzhinji nezvenyaya iyi. Ndosaka takabvumirana neCISA kuti ifaye CVE kana tazivisa kwavari uye nei takasarudza kudoma kusazvibata.
The redirection Izvo zvinoitwa nekugadzirisa akatevedzana nzira dzema subnets ane prefix /1, iyo ine kukosha kwepamusoro kupfuura nzira yakasarudzika yakarongedzwa ne /0. Nekuda kweizvozvo, pachinzvimbo cheiyo chaiyo network interface yakarongedzerwa VPN, traffic inotungamirwa kuburikidza neyemuviri network interface kune anorwisa anotambira pane yemuno network.
Panzvimbo pekutumirwa pamusoro peVPN, traffic inotumirwa mumavara akajeka pasina tunnel kune anorwisa system. Iyi nyaya inobata chero mutengi weVPN asingashandisi ega ega network namespaces kuendesa traffic kune mugero kana iyo isingagadzike packet kusefa mitemo inorambidza routing VPN traffic kuburikidza neapo emuviri network network.
TunnelVision inogona kuitwa pane chero system inotsigira DHCP sarudzo 121, kusanganisira Linux, Windows, iOS uye macOS, zvisinei neVPN protocol inoshandiswa (Wireguard, OpenVPN, IPsec) uye cipher suite inoshandiswa.
Izvo zvinotaurwa kuti Android haibatike nekurwiswa uku nekuti haigadzirise sarudzo 121 muDHCP. Kunyangwe kurwiswa kwacho kuchibvumira kupinda mutraffic, haitenderi kuvharira kubatana kana kuona zvirimo zvinofambiswa uchishandisa yakachengeteka application-level protocol seTLS neSSH. Semuyenzaniso, anorwisa haakwanise kuona zviri mukati mezvikumbiro zvinotumirwa neHTTPS, asi anogona kunzwisisa kuti ndeapi maseva izvo zvikumbiro zviri kutumirwa.
Kudzivirira pakurwiswa, Matanho akati wandei anogona kuitwa padanho repacket filter: rambidza kutumira mapaketi anotaurirwa kuVPN interface kuburikidza nedzimwe network network, vhara DHCP mapaketi ane sarudzo 121, shandisa VPN mukati meimwe yakaparadzana muchina kana mudziyo uye yakaparadzaniswa nekunze network, kana kushandisa. yakakosha tunnel yekumisikidza modes inoshandisa Linux network namespaces.
Kutsiva nzira, kushandiswa kwekiyi ye USB yakanyatsogadzirwa kwakagadzirwawoiyo inotevedzera kushanda kwe network adapta uye, kana yakabatana nekombuta uchishandisa DHCP, inozvizivisa segedhi. Pamusoro pezvo, kana paine kutonga kwegedhi (semuenzaniso, kana munhu akabatwa achibatana netiweki isina waya inodzorwa neanorwisa), nzira yakagadziridzwa yekubaya mapaketi mumugero anoonekwa seanobva kune network network. Pamusoro pezvo, zvinyorwa zvakati wandei zvakaburitswa kuti zviedze kuita kurwiswa uku.
pakupedzisira kana uri kufarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.