We were very *very *close to replacing our ~700 office Cisco SD-Wan environment with VeloCloud, which is owned by VMware. The Broadcom merger put the brakes on the project completely, they missed out on a few million dollars on that effort alone.
The Velo guys were totally in the dark on what was coming down the pipe for them, Broadcom forced them to change hardware vendors on day one, for example.
Full tunnel would not mitigate this attack because smaller routes are preferred over larger ones. So, sure, 0.0.0.0/0 is routed over the tunnel, but a route for 8.8.8.8/32 pointing to somewhere layer2 adjacent, pushed via DHCP option 121, would supercede that due to being more specific.
You aren't wrong, per se, I think you just don't fully grasp the attack vector. This is related to DHCP option 121, which allows routes to be fed to the client when issuing the ip address required for VPN connectivity. Using this option, they can send you a preferred default route as part of the DHCP response that causes the client to route traffic out of the tunnel without them knowing.
E. It would likely only be select traffic routing out of the tunnel. I could, for example, send you routes so that all traffic destined for Chase Bank ip addresses comes back to me instead of traversing the tunnel. Much harder to detect.
I think his reasoning is entirely fabricated, and in truth he hopes it will distract suckers from his recent sexual assault allegations. Evidently he's had some success if you're posting about it, imo.
Engineering is engineering. You design it, you build it, you test it. Engineering. We shouldn't gatekeep words.
With that said, I recognize that certain engineering disciplines have overlap with public safety, and should come with some qualifications to back it up.
It probably has to do with being native ipv6 and needing to ride a 6to4 nat to reach the broader internet.
Start at 1400 and walk the MTU down by ~50 until you find stability, then id creep it back up by 10 to find the 'perfect' size, but that part isn't really needed if you're impatient. :)
E. I found 1290 was needed for reliable VPN over an ATT nighthawk hotspot.
The North Atlantic Treaty Organization’s move follows Russia’s formal withdrawal from the accord on Tuesday and longstanding Western complaints that Moscow wasn’t honoring the terms of the treaty.
It's always so strange to me that we don't see the same bombastic support from the tankies over news like this, surely this is another genius move which underscores the futility of Western sanctions, right? Another 5d chess move to bring Ukraine to it's knees, or dismantle the petrodollar, surely? 🙃
Is that really the most logical conclusion to be drawn? It's been less than a day, and I would really hope intellegince services are more diligent than your average twitter sleuth. Id rather they be right than first, personally.
Also what satellite footage are you talking about?
We were very *very *close to replacing our ~700 office Cisco SD-Wan environment with VeloCloud, which is owned by VMware. The Broadcom merger put the brakes on the project completely, they missed out on a few million dollars on that effort alone. The Velo guys were totally in the dark on what was coming down the pipe for them, Broadcom forced them to change hardware vendors on day one, for example.