• kinther@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    ·
    6 months ago

    If your LAN is already compromised with a rogue DHCP server, you’ve got bigger problems than them intercepting just VPN traffic. They can man in the middle all of your non-encrypted traffic. While this is bad, it’s not a scenario most people will run into.

    • Doubletwist@lemmy.world
      link
      fedilink
      English
      arrow-up
      46
      ·
      6 months ago

      The problem isn’t them being in you LAN. It’s about going to an untrusted network (eg Starbucks, hotel) and connecting to your VPN, boom, now your VPN connection is compromised.

      • kinther@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        6 months ago

        I woke up this morning and thought of this exact scenario, then found your comment lol

        Yes, this is bad for anyone who travels for work and can’t trust the network they connect to.

    • sudneo@lemm.ee
      link
      fedilink
      English
      arrow-up
      16
      ·
      6 months ago

      The other comment already covers the fact that VPN should be useful exactly when you are connected to untrusted LANs. I want to add that also the main point of your comment is anyway imprecise. You don’t need a compromise DHCP, you just need another machine who spoofs being a DHCP. Not all networks have proper measures in place for these attacks, especially when we are talking wireless (for example, block client-to-client traffic completely). In other words, there is quite a middle-ground between a compromised router (which does DHCP in most cases) and just having a malicious device connected to the network.

    • Rolling Resistance@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      I wonder if it applies to routers made by a company who likes collecting user data. Because this is a situation many people are in.