mailing list archives
Re: DNS poisoning
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 2 Jun 2005 21:21:43 -0700 (PDT)
In the past few days we had issues with laptops users who connect to
our corp network through VPN. Basically, the laptop was setting itself
as the proxy server and updating dns record for our internal proxy
server and all the internet traffic from our internal network was sent
to the vpn laptop.
assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus ...
- your corp lan is too easily susceptible to anybody to change your
- your servers should disallow everybody from changing anything
and especially from vpn connections and laptops and wireless
- these important servers should only allow incoming non-root
ssh connections only from particular (internal) ip# ...
- vpn connections should be considered hackers free access to inside
the corp lan since the corp IT folks probably has little control
of users home network
We fixed the issue for now but can you guys please let me kow if there
is a worm/virus which works in this fashion??? we scanned the laptops
for virus but din't find anything. Any inputs/help will be greatly
- DNS poisoning Shiva Palancha (Jun 01)
- Re: DNS poisoning Alvin Oga (Jun 06)