New Hyper-V integration in WSL 2 leads to traffic leaking

Loredana Harsana
by Loredana Harsana
Managing Editor
Loredana is a passionate writer with a keen interest in PC hardware and technology. She started off writing about mobile phones back when Samsung Galaxy S II was on top of the world and... Read more
Affiliate Disclosure
  • The possibility of leaking Internet traffic when running Linux under WSL 2 is not encouraging.
  • The WS for Linux 2 uses Hyper-V virtual networking, which is the root of the problem this time.
  • Check out this Security & Privacy Software section for useful tricks on how to protect your data.
  • Don’t hesitate to bookmark our News Hub if you want to easily keep an eye on the latest stories.
Running WS for Linux 2 may lead to leaking Internet traffic

The Windows Subsystem for Linux 2 may not be as secure as claimed. Traffic from the Linux guest bypasses all normal layers of the Windows 10 firewall and any configured rules.

The next step is directly out onto the network. In these conditions, no security blocking in the firewall is taken into consideration.

More precisely, this prevents even the Always require VPN security feature from working as it should, which raises concerns among users thinking of Internet traffic leaks.

However, others are aware of what WSL 2 means and aren’t that worried. Here’s what one user said:

WSL 2 is another OS, running with Windows, not on top of it. It’s a level 1 hypervisor. It isn’t subject to the same network restrictions as Windows.

How does the WSL 2 leak take place?

Internet traffic

Unlike the first version of the Windows Subsystem for Linux (WSL 1), WSL 2 uses Hyper-V virtual networking. That’s the root of the issue under discussion.

WSL 1 is based on a Linux-compatible kernel. Fortunately, this one translates Linux system into calls that are perfectly compatible with the Windows NT kernel.

Therefore, any network traffic is filtered through the Windows Advanced Firewall. However, WSL 2 functions on a true Linux kernel operating in a Hyper-V virtual machine.

This involves a Hyper-V virtual network adapter and all traffic is going out the default route of the host machine. This happens without being inspected by the usual layers of WFP.

This turns into an issue since WSL 2 distributions can support multiple Linux applications, including server implementations.

That’s why it isn’t necessarily unusual to be considered an independent operating system that cannot rely on the Windows Firewall.

However, users should become aware of the fact that configured Windows Firewall rules are ignored under these circumstances.

Until waiting for an official response from Microsoft, do you keep on using the rather powerful WSL 2 over the more secure WSL 1? Let us know in the comments area below.


This article covers:Topics:

Leave a comment below!
1 comment

add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Avatar Mauricio

I have two IPs on my machine. The WSL Hyper V adapter and my regular OS one. I noticed a lot of torn writes in personal areas, not of the Windows OS. I suspected that I have a backdoor open in WSL because using Linux on NTFS file system can cause that. I also noticed that while the WSL is shut down and not used there is network traffic. More upload than download. 2.14 M upload and 29.69. I do not know if these happened yesterday when I updated WSL.