topic New attack leaks VPN traffic using rogue DHCP servers in Threats https://community.isc2.org/t5/Threats/New-attack-leaks-VPN-traffic-using-rogue-DHCP-servers/m-p/70270#M1195 <P>HI All</P><P>&nbsp;</P><P>A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection.</P><P>The method, described in detail in a report by Leviathan Security, relies on the abuse of Dynamic Host Configuration Protocol's (DHCP) option 121, which permits the configuration of classless static routes on a client's system.</P><P>The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/#google_vignette" target="_blank">https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/#google_vignette</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 May 2024 00:56:49 GMT Caute_cautim 2024-05-13T00:56:49Z New attack leaks VPN traffic using rogue DHCP servers https://community.isc2.org/t5/Threats/New-attack-leaks-VPN-traffic-using-rogue-DHCP-servers/m-p/70270#M1195 <P>HI All</P><P>&nbsp;</P><P>A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection.</P><P>The method, described in detail in a report by Leviathan Security, relies on the abuse of Dynamic Host Configuration Protocol's (DHCP) option 121, which permits the configuration of classless static routes on a client's system.</P><P>The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/#google_vignette" target="_blank">https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/#google_vignette</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 May 2024 00:56:49 GMT https://community.isc2.org/t5/Threats/New-attack-leaks-VPN-traffic-using-rogue-DHCP-servers/m-p/70270#M1195 Caute_cautim 2024-05-13T00:56:49Z