mailing list archives
RE: DNS poisoning
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 6 Jun 2005 17:08:39 +0100
Have you ensured that the laptops can be used as a gateway from the
internet back to corp net.
Ie local firewalls on the laptops.
From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com]
Sent: 03 June 2005 05:22
To: shivapalancha () gmail com
Cc: security-basics () securityfocus com
Subject: Re: DNS poisoning
In the past few days we had issues with laptops users who connect to
our corp network through VPN. Basically, the laptop was setting itself
as the proxy server and updating dns record for our internal proxy
server and all the internet traffic from our internal network was sent
to the vpn laptop.
assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus
- your corp lan is too easily susceptible to anybody to change
- your servers should disallow everybody from changing anything
and especially from vpn connections and laptops and wireless
- these important servers should only allow incoming non-root
ssh connections only from particular (internal) ip# ...
- vpn connections should be considered hackers free access to inside
the corp lan since the corp IT folks probably has little control
of users home network
We fixed the issue for now but can you guys please let me kow if there
is a worm/virus which works in this fashion??? we scanned the laptops
for virus but din't find anything. Any inputs/help will be greatly
- DNS poisoning Shiva Palancha (Jun 01)
- <Possible follow-ups>
- RE: DNS poisoning Andrew Shore (Jun 06)