
PoisonTap (2016) - oxplot
https://samy.pl/poisontap/
======
stedaniels
Seems to be suffering...

[https://web.archive.org/web/20190927060041/https://samy.pl/p...](https://web.archive.org/web/20190927060041/https://samy.pl/poisontap/)

------
mirimir
Huh.

Maybe I'm naive, but wouldn't iptables block it?

Default rules on the host box that this VM runs on include:

    
    
        -A OUTPUT -o eth0 -d 192.168.1.0/24 -j ACCEPT
        -A OUTPUT -o eth0 -d 1.2.3.4/32 -j ACCEPT
        -A OUTPUT -o tun0 -j ACCEPT
        -A OUTPUT -j DROP
    

With 1.2.3.4 being the VPN server that I'm using. And VirtualBox doesn't have
USB enabled.

And if I weren't using a VPN, it'd be:

    
    
        -A OUTPUT -o eth0 -j ACCEPT
        -A OUTPUT -j DROP
    

So nothing would use a new interface, no matter what routing it promised. And
even in Windows, decent VPN client apps use rules that are basically analogous
to those.

------
ge0rg
Previous coverage:

* [https://news.ycombinator.com/item?id=12971503](https://news.ycombinator.com/item?id=12971503)

* [https://news.ycombinator.com/item?id=12966673](https://news.ycombinator.com/item?id=12966673)

* [https://news.ycombinator.com/item?id=12974121](https://news.ycombinator.com/item?id=12974121)

Potential counter measure:
[https://news.ycombinator.com/item?id=13118227](https://news.ycombinator.com/item?id=13118227)

~~~
regecks
usgbuard is another countermeasure if you have a Linux workstation.

------
xnzakg
Wouldn't simply disabling automatic connection to wired networks work against
this? Weird not to see that mentioned in the potential countermeasures.

------
emmelaich
[2016]

Still cool though!

~~~
dang
Added. Thanks!

