0

I am curious if it is possible for users connected to a VPN to perform ARP spoofing / poisoning attacks against other users on the same subnet of an OpenVPN or Wireguard server. Does OpenVPN & Wireguard provide inbuilt mitigation's against ARP attacks by default & if so can this protection be disabled by malicious or compromised servers?

Tyler
  • 417
  • 5
  • 12

1 Answers1

1

ARP is a link layer 2 ethernet protocol, it does not exist at IP layer 3.

So no.

EDIT

Normally VPNs use TUN, which is layer 3. There is a TAP layer 2 which will carry ARP, but outside of businesses BRIDGING two remote networks together this is seldom used. In a TAP bridge, you probably could ARP spoof.

user10216038
  • 7,552
  • 2
  • 16
  • 19
  • There is some more information here that seems to suggest arp spoofing will work: https://serverfault.com/questions/488423/man-in-the-middle-with-a-vpn – Tyler Feb 28 '19 at 00:56
  • Using Xarp I inadvertently discovered while connected to an OpenVPN server, Xarp sent out arp requests and the VPN server and or clients responded listing all clients on the OpenVPN server subnet; granted, if this was not randomly generated and spoofed information sent by the server itself. It does not make sense that ARP would not exist here, given the arp responses came back positive. – Tyler Feb 28 '19 at 01:14
  • ARP requests would have gone out on whatever network you were connected to (house, school, business), not transmitted to the VPN. The responses would be from the same direct connect network, not the VPN. – user10216038 Feb 28 '19 at 01:29
  • Here you go: https://i.ibb.co/djbmmcN/ARP-Open-VPN.png this is on XP, openvpn tap connected using just the basic sweep on XArp; 513 addresses; locally there are maybe 5-10 not 513 – Tyler Feb 28 '19 at 08:53
  • Given that, perhaps ARP spoofing protection would be wise on a TAP adapter. However on such a vast network such as this one, targeted attacks would be difficult and time consuming... everyone has the same mac and host name alike, and nothing further is revealed;. but doesn't mean it isn't possible to be randomly hacked; It may depend upon the security measures of the server. I'm curious if the vpn provider is not spoofing the subnet already for added security, – Tyler Feb 28 '19 at 09:03