On 11/23/2012 08:44 AM, Henning Brauer wrote: > * Fernando Gont <[email protected]> [2012-11-23 12:09]: >> FYI. This is might affect OpenBSD users employing e.g. OpenVPN: >> <http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>. > > we're way less affected than other OSes, since we prefer inet over > inet6 by default. targeted attacks could still work.
What about preference in terms of DNS transport? (e.g., when you've learned recursive DNS servers by means of DHCPv4, but also by means of RAs?) There could also be a scenario in which the attacker intentionally disables the v4 connectivity, such that you only have v6. > I recommend "ifconfig $foo -inet6" in any case :) Is anything like this triggered by default along with the tunnel-establishment process? The OpenVPN folks are aware about this issue, but they are probably going to wait till the have some sort of "portable" fix for this issue. Cheers, -- Fernando Gont e-mail: [email protected] || [email protected] PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
