Simplified Privacy

Decloaking VPN traffic: New critical vulnerability

Remember all the people calling me a tinfoil hat wacko for insisting on open source routers?

There is a new critical VPN vulnerability from Leviathan Security group, which they call “TunnelVision”. It allows the ISP or local router to see the VPN traffic by abusing the DHCP client and option 121

Here’s the basics:

–It uses the local area network, so we’re talking about a hostile router

Android is safe by default and unaffected.

Linux may be safe if used correctly.

–Microsoft Windows and Apple are highly vulnerable.

–While Leviathan created it, they think it’s been used in the wild since maybe even 2002

–Abuses the DHCP server to incorrectly route packets

–Random devices can pretend to be the router with DHCP attacks

How it works:

DHCP is when a home router assigns IP addresses to devices in your local area network. There is “ option 121” which allows that router (DHCP server) to route the VPN user’s system in a way that is more specific than those used by most VPNs. TunnelVision abuses option 121 to purposefully route the system through their fake interface.

Why Android is immune:

Android ignores option 121

How Linux users can protect themselves, quote from Leviathan:


And of course, Linux PLUS an open source router is the real protection. Check out the router section of our site,

Comment on this via the RebelNet

Arweave Log: XDpSyr8Ljc50tJI12pNgQgOC55mZyRmaTv0-JH9gt0s

Related Articles

RebelNet Blacklisted!

Our domain is blacklisted again. We’re talking about error messages in both browsers and anti-virus software to purposely prevent people from visiting my site, and

Read More »