wloczykij , to linux_pl group Polish
@wloczykij@101010.pl avatar

Mamy tu jakiś speców od iptables i wireguard?
Mam problem z tunelem miedzy siecią vpn i LAN.
Tunel jest zestawiany przy użyciu programu RethinkDNS.
Na starym telefonie wydaje się, że działą, ale na nowym, już nie bardzo. Z tego co zauważyłem, to na nowym telefonie działają połączenia VPN->Internet, ale połączenia VPN->LAN już nie bardzo. Kombinuję już nad tym od dobrych 12h (z przerwami) i jedyne co mi się udało zrobić, to właśnie te połączenia z Internetem.
Oba telefony są w VPN, bo komenda wg show pokazuje je.

Przy uruchamianiu tunelu, ustawiają się takie regułki
[#] echo 1 > /proc/sys/net/ipv4/ip_forward
[#] iptables -A FORWARD -i wg0 -o enp88s0 -j ACCEPT
[#] iptables -A FORWARD -i enp88s0 -o wg0 -j ACCEPT
[#] iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

I jeszcze jedna rzecz. Brama VPN stoi na serwerze linuksowym, do którego potrzebuje mieć dostęp.

Gdzie może być problem? Na serwerze/bramieVPN specjalnie wyłączyłem firewalla i to także nie pomaga.













@linux_pl

alice_watson , to random
@alice_watson@infosec.exchange avatar

"There are no ways to prevent such attacks"

Well that's concerning...

"except when the user's VPN runs on Linux or Android"

Oh. Well then.

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

appassionato , to random
@appassionato@mastodon.social avatar

AI can be used to analyze your traffic – even if it’s encrypted.

https://mullvad.net/en/blog/2024/5/7/introducing-defense-against-ai-guided-traffic-analysis-daita



Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA. Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis. When you connect to the internet through a VPN (or the Tor Network) your IP address is masked, and your traffic is encrypted and hidden from your internet service provider. If you also use a privacy-focused web browser, you make it harder for adversaries to monitor your activity through other tracking technologies such as third-party cookies, pixels or browser fingerprints. This is how AI can be used to analyze your traffic – even if it’s encrypted. Since every website generates a pattern of network packets being sent back and forth based on the composition of its elements (like images and text blocks), it’s possible to use AI to connect traffic patterns to specific websites. This means your ISP or any observer (authority or data broker) having access to your ISP can monitor all the data packets going in and out of your device and make this kind of analysis to attempt to track the sites you visit, but also who you communicate with using correlation attacks (you sending messages with certain patterns at certain times, to another device receiving messages with a certain pattern at same times).
ALT
  • Reply
    • jsrailton , (edited ) to random
    @jsrailton@mastodon.social avatar

    [Thread, post or comment was deleted by the author]

    •
    kkarhan ,
    @kkarhan@infosec.space avatar

    @jsrailton like isn't something that can be fixed outside of extensive , , & workups.

    In fact it's easier to bootstrap annentirely new identity than trying to uninstall such persistent shite!

    That being said, providers are just the newest sales reps and everything against them applies to as well...

    So sad that @tomscott was just naively debunking them years ago...

    The constant sown by VPN and providers is so rampant that I'd not be surprised if one day both would finally be made illegal for all the right reasons:

    kuketzblog , to random German
    @kuketzblog@social.tchncs.de avatar

    "Facebook snooped on users’ Snapchat traffic in secret project, documents reveal"

    Das ist vorsätzliches Umgehen von Sicherheitsmaßnahmen und eine illegale Überwachung/Spionage. Wer Meta/Facebook noch in irgendeiner Weise vertraut, der sollte sich gut überlegen, was Vertrauen für ihn bedeutet.

    https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

    pluralistic , to random
    @pluralistic@mamot.fr avatar

    The case for VPNs

    An NYC subway as for Mull bad VPN FREE THE INTERNET FROM ENDLESS DATA COLLECTION. FROM BIG TECH COMPANIES MAPPING YOUR LIFE. FROM INTERNET SERVICE PROVIDERS TREATING YOUR PERSONAL DATA AS A COMMODITY, FROM AUTHORITIES MONITORING FREE EVERY CLICK YOU MAKE. FROM DATA BROKERS HARVESTING YOUR EVERY SCROLL. FROM AI PRODUCING PERSONAL PROFILES BASED ON YOUR ONLINE BEHAVIOR, FROM AD NETWORKS TRACKING YOU FROM ONE SITE TO ANOTHER, FROM ALGORITHMS USING YOUR BROWSING HISTORY TO NARROW YOUR ONLINE EXPERIENCE. THE INTERNET FROM MICRO TARGETING TRYING TO CONTROL AND SHAPE YOUR FUTURE DECISIONS, FROM CENSORSHIP AND MASS SURVEILLANCE. FIGHT FOR PRIVACY.
    ALT
  • Reply
  • Expand (3)
  • Collapse (3)
    • + mikeblake
    protonvpn , to random
    @protonvpn@mastodon.social avatar

    We created in 2017 to give people a lifeline against through a .

    But each year, more governments resort to internet shutdowns and to control public discourse and limit access to information.


    ⬇️ 1 / 8

    protonvpn OP ,
    @protonvpn@mastodon.social avatar

    😎 Stealth VPN Protocol
    Stealth is our custom-built protocol that disguises your VPN connection and makes it look like standard internet traffic. It is ideal if local governments attempt to block connections in general:
    https://protonvpn.com/blog/stealth-vpn-protocol/
    ⬇️ 6 / 8

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •