1

Besides trust of the VPN provider, are VPN servers safe? Other people connect to it and it can be compromised, right? Is it the same threat as being connected to a public Wi-Fi where someone could performs a Man-in-the-Middle attack?

SeeYouInDisneyland
  • 1,428
  • 9
  • 20
Nicryc
  • 121
  • 3
  • Some threats are the same but not all. For example other Wi-Fi users can easily sniff your unencrypted traffic, but other VPN users cannot easily sniff your unencrypted traffic (of course the VPN provider itself can). – Steve Mar 17 '19 at 05:27

2 Answers2

1

You hit the nail.... "trust of the VPN provider"....

Whilst we can read what a VPN provider might offer, this still doesn't solidify the fact we have no real idea.

We have to just assume the VPN provider is routing our traffic in the correct manor and sourcing it from random locations as per our request. We also have to assume they encrypt log files (if they store them) and encrypt our traffic.

It's maybe too open ended to give a short & sweet answer here, but we can guarantee that certain VPN's don't use the best encryption methods, especially most of the free VPN's that only offer single layer protection (i.e, just concealing your IP and nothing else).

VPN servers are indeed vulnerable to mitm attacks, but the amount of variants that come into play are quiet large, the best summary of which would be to say it really does depend on the quality of services the VPN distributor is providing.

Tipping44
  • 337
  • 1
  • 2
  • Well I know that being a famous provider doesn't always mean they're the best but in the case, for example, of NordVPN. It's a quite famous VPN provider I think a lot of journalists, cybersecurity experts etc. have addressed the issue. Furthermore my question really focused on cybercriminal attack on a VPN server. You say "VPN servers are indeed vulnerable to mitm attacks", I'm curious to know in which way. – Nicryc Mar 17 '19 at 19:30
0

In some cases, they are. In the usual setup, they are not.

There are two common modes, routing your data either on OSI layer 2 or 3.

The most common VPN routes your data on the IP layer (often called TUN mode), and usually isolates the clients from each other when you're using privacy VPN services. Then cannot see anything from another user. Here you send your data over the interface, that transports it as IP packets.

The other mode is routing your data on the data layer (often called TAP mode). In this case, you usually send your own IP packets over a virtual Ethernet interface. The mode allows for other network protocols like IPX or IPSEC. Here you can often see other participants, as there is no easy way for the VPN server to limit the routing on this layer.

I already saw a privacy VPN using TAP-mode and was able to see broadcast packets from other users. For example you could see dropbox clients advertising "LAN sync with Dropbox on John-PC".

In summary: When your privacy VPN uses TAP, cancel your subscription. When it uses TUN, it may or may not isolate clients from each other, but it usually does.

allo
  • 3,173
  • 11
  • 24