this post was submitted on 06 May 2024
497 points (98.3% liked)

Technology

59750 readers
2865 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] kinther 54 points 7 months ago (3 children)

If your LAN is already compromised with a rogue DHCP server, you've got bigger problems than them intercepting just VPN traffic. They can man in the middle all of your non-encrypted traffic. While this is bad, it's not a scenario most people will run into.

[–] doubletwist 65 points 7 months ago (1 children)

The problem isn't them being in you LAN. It's about going to an untrusted network (eg Starbucks, hotel) and connecting to your VPN, boom, now your VPN connection is compromised.

[–] kinther 13 points 6 months ago

I woke up this morning and thought of this exact scenario, then found your comment lol

Yes, this is bad for anyone who travels for work and can't trust the network they connect to.

[–] [email protected] 22 points 7 months ago

The other comment already covers the fact that VPN should be useful exactly when you are connected to untrusted LANs. I want to add that also the main point of your comment is anyway imprecise. You don't need a compromise DHCP, you just need another machine who spoofs being a DHCP. Not all networks have proper measures in place for these attacks, especially when we are talking wireless (for example, block client-to-client traffic completely). In other words, there is quite a middle-ground between a compromised router (which does DHCP in most cases) and just having a malicious device connected to the network.

[–] rolling_resistance 6 points 6 months ago

I wonder if it applies to routers made by a company who likes collecting user data. Because this is a situation many people are in.