1

I'm not an expert in VPN, so I'm curious about how well does a router with installed vpn defend against an mitm attack. Since ARP Spoofing can decrypt https, I'm concerned if it's able to decrypt a vpn too.

Also will the hacker be able to DOS your internet connection?

Then, what if let's say one of the device using the vpn is compromised? Will the hacker be able to use it to hack the rest of your devices?

Corbee
  • 113
  • 5
  • How can ARP spoofing help with decrypting of HTTPS? If it gets compromised it does not matter what you installed before or after. What kind of DOS you mean? That he will shut down the router remotely? If VPN is compromised it depends if you share keys with others. I assume you mean you have OpenVPN server on your router and you are connecting to it from the internet. – Fis May 31 '17 at 13:49
  • @Fis ARP is layer 2, it's much lower level than https, so it's able to read it. How did you know I have a hacking problem? Are you the one hacking me? :) – Corbee May 31 '17 at 13:51
  • It can read encrypted data. Nothing else. Sure, I am hacking the whole world ;) Btw. ARP is layer 3. – Fis May 31 '17 at 13:53
  • @Fis when you're a victim of a serious hacking, you turn paranoid. Anyways, I have tried VPN, but for some reasons, when connected, the hacker stops my internet, I'm wondering if placing the VPN on the router fixes the issue, I use openwrt by the way. – Corbee May 31 '17 at 13:55
  • What can you see in your netstat? Can you see some strange connections on the router? You'll probably see my IP there ;) – Fis May 31 '17 at 13:56
  • I can't see any reason why you should install OVPN there. It can't help you in any case. – Fis May 31 '17 at 13:58
  • @Fis What's the best course of action? – Corbee May 31 '17 at 13:58
  • Just check who is connected to you or if you are connected somewhere you should not be. Use netstat command in your OWRT. I am not sure how you can be sure you are hacked. – Fis May 31 '17 at 14:00
  • Rooted/JailBroken phone? – Fis May 31 '17 at 14:05
  • @Fis rooted and normal phones. I then discovered that there are virus that could self root – Corbee May 31 '17 at 14:06
  • But it started with rooted one, correct? – Fis May 31 '17 at 14:06
  • @Fis yup, but how does that affected the rest? – Corbee May 31 '17 at 14:17

1 Answers1

3

I'm not an expert in VPN, so I'm curious about how well does a router with installed vpn defend against an mitm attack. Since ARP Spoofing can decrypt https, I'm concerned if it's able to decrypt a vpn too.

ARP spoofing cannot decrypt HTTPS traffic. HTTPS 'sits higher' in the network stack and therefore layer 2 cannot 'see into' the packet. It can though do things to the packet, such as change the physical machine address of whom sent it or where it is going. But it definitely cannot decrypt the packet

Also will the hacker be able to DOS your internet connection?

An attacker could cause a denial of service to any service sitting publically on the internet if they have enough bandwidth to overcome your ingress bandwidth. I do not see though that DOS is a concern within the context of your router being ARP spoofed.

Then, what if let's say one of the device using the vpn is compromised? Will the hacker be able to use it to hack the rest of your devices?

Yes - If the VPN is not segregated from the rest of the network via say a Firewall and the other hosts do not have suitable host based firewalls.

ISMSDEV
  • 3,272
  • 12
  • 22
  • but if that's the case why are there hacking programs like sslstrip? What does it do? – Corbee May 31 '17 at 14:01
  • sslstrip is used to strip ssl from web requests. So the content returned to a client is a HTTP and not HTTPS. This allows the attacker to 'see into' the packets of data. This is totally not related to VPN and/or ARP spoofing – ISMSDEV May 31 '17 at 14:03
  • I am not sure what ssl strip is, probably some MITM proxy. But you should be able to see the certificate is not valid and don't continue in connection in such case. Or if it is like @ISMSDEV said you should not open HTTP page if you expect HTTPS – Fis May 31 '17 at 14:03
  • @Fis. It's a proxy that strips HTTPS and returns HTTP. Thus allowing the attacker to see the content. I suspect the OP has seen this as many ARP spoofing tools in Kali have this as a plugin. :) – ISMSDEV May 31 '17 at 14:04
  • @Fis I in a middle of an online shopping, then suddenly he added items in the cart and that was in https. I already removed all devices and wifi and was on a vpn, so I'm curious how he does that. – Corbee May 31 '17 at 14:04
  • 1
    Seems like he is in your computer/phone, not in router or in front of it. – Fis May 31 '17 at 14:06
  • @Corbee - Not sure what you mean and how this relates to your VPN / ARP problem. Who is "he"? "Removed all decices and wifi"? How were you on the internet? What shopping cart was it? – ISMSDEV May 31 '17 at 14:06
  • @Fis - Agree. Internal attack. especially if it (assuming based on OP) was ARP based. I feel the OP has changed scope now though – ISMSDEV May 31 '17 at 14:07
  • @Fis Now that you've mentioned it, I also suspected that, but I tried many antivirus to no avail. For some reasons when browsing my hdd, sometimes the folder opens in a new window. – Corbee May 31 '17 at 14:07
  • @Corbee AV is useless once you are hacked. Remove all aps. Restore firmware. Ideally the original one. Then restore the phone without apps. Then install only those you trust. – Fis May 31 '17 at 14:08
  • @Corbee and don't ever use same account for rooted and non-rooted devices. Also, never don't root phones where you use banking or similar aps. – Fis May 31 '17 at 14:10
  • @fis tried that, but somehow he still gets back. already tried changing different new phones and sims to no avail. – Corbee May 31 '17 at 14:10
  • @fis the one where I got compromise was on desktop not on the phone, can't trust phones ever since. – Corbee May 31 '17 at 14:11
  • @reinstall everything. change credentials everywhere. if it will happen again, throw everything from the window and buy everything new. – Fis May 31 '17 at 14:12
  • @fis tried that a lot of times, but same issue, it only made my credit card bill scary. There must be some place I'm missing that he is able to get back from. – Corbee May 31 '17 at 14:14
  • @fis could this be possible as to why? https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/parmyolson/2013/07/21/sim-cards-have-finally-been-hacked-and-the-flaw-could-affect-millions-of-phones/&refURL=https://www.google.com/&referrer=https://www.google.com/ – Corbee May 31 '17 at 14:15