hi ya
>
> In the past few days we had issues with laptops users who connect to
> our corp network through VPN. Basically, the laptop was setting itself
> as the proxy server and updating dns record for our internal proxy
> server and all the internet traffic from our internal network was sent
> to the vpn laptop.
assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus ...
- your corp lan is too easily susceptible to anybody to change your
corp network
- your servers should disallow everybody from changing anything
and especially from vpn connections and laptops and wireless
- these important servers should only allow incoming non-root
ssh connections only from particular (internal) ip# ...
- vpn connections should be considered hackers free access to inside
the corp lan since the corp IT folks probably has little control
of users home network
c ya
alvin
> We fixed the issue for now but can you guys please let me kow if there
> is a worm/virus which works in this fashion??? we scanned the laptops
> for virus but din't find anything. Any inputs/help will be greatly
> appreciated.
>
> regards,
>
> Shiva Palancha
>
Received on Jun 06 2005
Intro
