I could, but I’m not interviewing anywhere that would need to ask that question anymore, I do not miss that stage of my career at all.
If you have no natural interest and curiosity around tech… It’s not easy. I’ve entirely built my career on that. No degree, just something my brain latched on easily and I’ve followed that curiosity to where I am now. But lacking that you’re gonna be wretched to be around. That misconception from people outside the industry about all salaries in tech being 6 figures is so wrong it’s almost offensive. Network+ is maybe a $75k/yr cert, and to make that much you’d have to live in bumblefuck and find someone who’s desperate for a sub entry level network tech. So no, tech is not a good backup job if your hardwood floor sanding business doesn’t work out.
I have one. It’s not a regular sized router. It’s about the size of 2 cell phones.
If you are using a corporate VPN, there are all sorts of protocols besides https that could be used on the conmection. Printers, unencrypted SMB, or any number of other leaky or legacy apps.
When you use a VPN in this scenario, it assumes you are trusted, so many protections may even be removed by unwitting administrators trying to eek out as much performance as possible.
I mean, how many admins do you think used to enable arcfour SSH when they knew they have a VPN already doing encryption? It’s double encryption for no point.
For you average user it’s not really a threat.
An individual wouldn’t need to be concerned unless you are like… Important. Most of us are nothing to anybody.
Now, as I said. You use public wifi, but there are devices that can override the signal of those public wifi. You have no way to tell if the AP you connect to is the legit or bad actor.
With the VPN, the mechanism shown in the article bypasses wireguard in its default configuration. Essentially the DHCP will instruct your computer to send the information to it instead of route it down your VPN.
This is what strips away your VPN. Most users won’t know if this happened unless they had resources within the VPN they usually access like a printer or shared drive.
You probably don’t have anything worth stealing either. Which explains why you would use a public wifi connection over mobile data in the first place.
Some of us actually have something worth stealing. Not only personal, but employer related data.
If you are paranoid enough (ore required via company police) to want a VPN, then you should also be paranoid enough to want to ensure your WIFI access point is trustworthy. If you are just using a VPN for bypassing geolocks, then it doesn’t matter what wifi you use, since you don’t care about the security or privacy.
McDonalds wifi points are not trustworthy. No public wifi point is.
The other popular alternative is using a mobile phone hotspot. It isn’t trustworthy either, (stingray!) it’s alot harder to spoof that then a public WIFI point.
And if that doesn’t bother you, then why are you using a VPN in the first place?
–
All this assumes you are just some random person who wants to feel safer by using a VPN though.
If you were “more” serious, then you should be using a laptop with a virtual machine. Ensure the interface is not bridged, and initiate the VPN from in the VM and use the VM to do your browsing/work. It won’t fall victim to this attack as the DHCP route shouldn’t be recieved by the VM OS. Then when you browse in the VM, all your data will be tunnelled completely (assuming you have all the proper firewalls in place of course).
So let’s just throw caution to the wind and make yourself more likely to have your identity stolen. Brilliant!
Nothing. But it’s no Arch
Nothing, I also use Mint.
sure but isn’t that what routes in acls are for?
Like I said though, doesn’t have to be a perfect answer. A rough description would be fine. I’m looking for basic understanding of concepts that someone should be well versed in.
Sure. Depends on the job.
For a network engineer? Most likely. DHCP and DNS become foundational troubleshooting space in a lot of issues.
Yeah, usually it’s just my personal phone or personal laptop.
I don’t keep anything super sensitive on my phone/laptop. That stuff is stored encrypted at rest in secure cloud storage.
I’ve done the risk assessment and it’s low for me.
Is it paranoia or an inflated sense of self-importance, though? I’ve known a number of “can’t-be-too-careful” types over the years and their lifestyle and occupation has always been exactly as uninteresting as everyone else’s.
I’m sure these systems get good use in terms of targeted surveillance on people who are actually worth looking up; the chance of someone actually wanting to go through with setting up a fake access point in a random McDonalds so they can snoop on random customers seems pretty far-fetched. Oh, somebody sent a message saying “I’m in McDonalds”, then they scrolled Facebook. Fascinating.
If you were “more” serious, then you should be using a laptop with a virtual machine. Ensure the interface is not bridged, and initiate the VPN from in the VM and use the VM to do your browsing/work. It won’t fall victim to this attack as the DHCP route shouldn’t be recieved by the VM OS. Then when you browse in the VM, all your data will be tunnelled completely (assuming you have all the proper firewalls in place of course).
Difficult to imagine carting that to McDonalds when the alternative of “Not using the internet while waiting for a burger” is sitting right there.
What do you mean by “all the proper firewalls”?