Home page logo

basics logo Security Basics mailing list archives

Re: DNS poisoning
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 2 Jun 2005 21:21:43 -0700 (PDT)

hi ya

In the past few days we had issues with laptops users who connect to
our corp network through VPN. Basically, the laptop was setting itself
as the proxy server and updating dns record for our internal proxy
server and all the internet traffic from our internal network was sent
to the vpn laptop.

assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus ...
        - your corp lan is too easily susceptible to anybody to change your
        corp network

        - your servers should disallow everybody from changing anything
        and especially from vpn connections and laptops and wireless

        - these important servers should only allow incoming non-root
        ssh connections only from particular (internal) ip# ...

- vpn connections should be considered hackers free access to inside
  the corp lan since the corp IT folks probably has little control
  of users home network 

c ya

We fixed the issue for now but can you guys please let me kow if there
is a worm/virus which works in this fashion??? we scanned the laptops
for virus but din't find anything. Any inputs/help will be greatly


Shiva Palancha

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]