@arstechnica
"The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android."
Really?!
Sigh of relief.
That's what I'm running : Linux & Android... 😆 🙏
@arstechnica Interesting and concerning exploit. Are there legitimate uses for Option 121? If Android OS can get on without it, it must not be critically important.
@arstechnica
Can I ask a noob question?
If all my devices have individial IP's set and my router has DHCP disabled, am I subject to this attack? If I go further and set static leases for each device in my router firmware, does that improve things?
@arstechnica It seems that this attack isn't an issue for people working from home and using a corporate VPN, or using a VPN to pretend to be in another country to get access to media, because the attacker has to control DHCP on the home network, and if they can do that the user has worse problems than just with their VPN. It could make it unsafe to access sensitive work sites from a coffee shop if I understand correctly.