Home page logo
/

basics logo Security Basics mailing list archives

RE: DNS poisoning
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 6 Jun 2005 17:08:39 +0100

Have you ensured that the laptops can be used as a gateway from the
internet back to corp net.

Ie local firewalls on the laptops.

-----Original Message-----
From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com] 
Sent: 03 June 2005 05:22
To: shivapalancha () gmail com
Cc: security-basics () securityfocus com
Subject: Re: DNS poisoning


hi ya


In the past few days we had issues with laptops users who connect to
our corp network through VPN. Basically, the laptop was setting itself
as the proxy server and updating dns record for our internal proxy
server and all the internet traffic from our internal network was sent
to the vpn laptop.

assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus
...
        - your corp lan is too easily susceptible to anybody to change
your
        corp network

        - your servers should disallow everybody from changing anything
        and especially from vpn connections and laptops and wireless

        - these important servers should only allow incoming non-root
        ssh connections only from particular (internal) ip# ...

- vpn connections should be considered hackers free access to inside
  the corp lan since the corp IT folks probably has little control
  of users home network 

c ya
alvin

We fixed the issue for now but can you guys please let me kow if there
is a worm/virus which works in this fashion??? we scanned the laptops
for virus but din't find anything. Any inputs/help will be greatly
appreciated.

regards,

Shiva Palancha





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault