Yes, but you can relegate your network interface to a namespace in Linux, which is a remedy the researchers recommend. You have to use your internet-facing programs in a VM in Windows to achieve the same effect, and that’s a lot of overhead just to protect yourself.
You have to use your internet-facing programs in a VM in Windows to achieve the same effect
Eh, there’s 20 different ways to detect DHCP Option 121 fuckery and once you know it’s happening its fairly trivial to stop. Any VPN client worth its salt will be updated in 60 days or less to fix this and existing VPN clients can be hardened against TunnelVision with some fairly simple scripting.
It’s a serious vulnerability but it’s hardly the unfixable world ender that the media has made it out to be.
Yes, but you can relegate your network interface to a namespace in Linux, which is a remedy the researchers recommend. You have to use your internet-facing programs in a VM in Windows to achieve the same effect, and that’s a lot of overhead just to protect yourself.
Edit: typo
Eh, there’s 20 different ways to detect DHCP Option 121 fuckery and once you know it’s happening its fairly trivial to stop. Any VPN client worth its salt will be updated in 60 days or less to fix this and existing VPN clients can be hardened against TunnelVision with some fairly simple scripting.
It’s a serious vulnerability but it’s hardly the unfixable world ender that the media has made it out to be.
Good to know. Got any specific sources for the scripting, or should I just search for something like “option 121 mitigation?”
Interesting, thanks.