One of the authors of TunnelVision here. That was a great video and I wish we had the ability to make those clean animations! Something to note that this will primarily affect those who are connecting from untrusted networks (i.e. public wifi). Your bottom line explanation was great. Hope you'll do another video when we release the second blog post about the side channel when a provider uses firewall mitigations.
Thank you Lizzie! HUGE kudos for sharing your research with the rest of us! We learned a lot from your blog, video and github project (www.leviathansecurity.com/blog/tunnelvision). Agreed, the untrusted wifi attack vector is a major concern. We are looking forward to your future posts and release of ArcaneTrickster and will absolutely plan on a follow-up video.
Yes, you are correct -- the attacker needs to be on the same network/broadcast domain so they can intercept the DHCP request. This is hopefully unlikely inside our secure homes/offices, but presents a serious risk in public settings (e.g. hotel, airport, campus WIFI). Take care!
I think the DHCP standard firewall is your best bet, unless the attacker can "convince" the network that it is somehow the home address itself; as per the latter two solutions (endpoint & network security): there's already prints that say the pen can conceal/manipulate the IP such that these security protocols don't recognize it. Speculatively, an industry could somehow how two distinct/autonomous servers, one of which is actually offline and not used for business at all, though somehow make its network configuration such that it is the main/live server, then use it as a honey pot for any pen- although this would presume the pen doesn't know which server is actually live, but some cloud trinkets could buy enough time for the honeypot to activate. Maybe someday DDOS won't be possible if somehow ALL IPs are traceable to its original hardware, but that's more sci fi for now perhaps...
Yes 100% -- restricting DHCP messages to only trusted servers with a firewall rule is a great solution. Just beware of any side effects when you need to get DHCP on new networks (you can disable the rule). You can find some how-to's here: github.com/cyberspatiallabs/TunnelVision
That's a great point about compromising your home gateway itself. If that happens there are a lot of bad things that can happen! All the reason to protect your routers and access points to ensure they are up to date on firmware, monitored, and physically secure. Your ideas on a shadow network and traceable addresses are really cool.
![BOLIVIA vs. COLOMBIA [1-0] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 9](http://i.ytimg.com/vi/zg15uVWjuf4/mqdefault.jpg)
One of the authors of TunnelVision here. That was a great video and I wish we had the ability to make those clean animations!
Something to note that this will primarily affect those who are connecting from untrusted networks (i.e. public wifi). Your bottom line explanation was great. Hope you'll do another video when we release the second blog post about the side channel when a provider uses firewall mitigations.
Thank you Lizzie! HUGE kudos for sharing your research with the rest of us! We learned a lot from your blog, video and github project (www.leviathansecurity.com/blog/tunnelvision). Agreed, the untrusted wifi attack vector is a major concern. We are looking forward to your future posts and release of ArcaneTrickster and will absolutely plan on a follow-up video.
You can always use a static ip address on devices on your home network.
I do that at home, except on enterprise networks gets much harder to manage. - Ricky
For some reason your videos are easy to understand than other videos 😂
Ok, I'm not gonna lie
I clicked just for the Portal thumbnail 😂😂😂
So, according to the beginning on the video, the attacker has to be on your local network to do this? Or did I misunderstand the beginning? 🤔
Yes, you are correct -- the attacker needs to be on the same network/broadcast domain so they can intercept the DHCP request. This is hopefully unlikely inside our secure homes/offices, but presents a serious risk in public settings (e.g. hotel, airport, campus WIFI). Take care!
If your computer gets malware it can run a rogue DHCP server and mess up all your other devices.
I think the DHCP standard firewall is your best bet, unless the attacker can "convince" the network that it is somehow the home address itself; as per the latter two solutions (endpoint & network security): there's already prints that say the pen can conceal/manipulate the IP such that these security protocols don't recognize it. Speculatively, an industry could somehow how two distinct/autonomous servers, one of which is actually offline and not used for business at all, though somehow make its network configuration such that it is the main/live server, then use it as a honey pot for any pen- although this would presume the pen doesn't know which server is actually live, but some cloud trinkets could buy enough time for the honeypot to activate. Maybe someday DDOS won't be possible if somehow ALL IPs are traceable to its original hardware, but that's more sci fi for now perhaps...
Yes 100% -- restricting DHCP messages to only trusted servers with a firewall rule is a great solution. Just beware of any side effects when you need to get DHCP on new networks (you can disable the rule). You can find some how-to's here: github.com/cyberspatiallabs/TunnelVision
That's a great point about compromising your home gateway itself. If that happens there are a lot of bad things that can happen! All the reason to protect your routers and access points to ensure they are up to date on firmware, monitored, and physically secure. Your ideas on a shadow network and traceable addresses are really cool.
Gr8 demo 💯👍
Backdoors on Client VPNs?
Yes likely, depending on the VPN you're using.
I cannot afford a VPN anyways
It's $2-5/month, use it for public/unsecure wifi or if u have a business only.
If you aren't using a VPN you are still susceptible to.this type of attack.
@@Cyberspatial i turn off my wifi
Wow - music - boo
I've asked our team to just have music for the intro going forward 👍
It's just a mim attack.