RE: DNS poisoning

["Andrew Shore" <andrew.shore () holistecs com>]

Have you ensured that the laptops can be used as a gateway from the
internet back to corp net.

Ie local firewalls on the laptops.

-----Original Message-----
From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com] 
Sent: 03 June 2005 05:22
To: shivapalancha () gmail com
Cc: security-basics () securityfocus com
Subject: Re: DNS poisoning


hi ya

> In the past few days we had issues with laptops users who connect to
> our corp network through VPN. Basically, the laptop was setting itself
> as the proxy server and updating dns record for our internal proxy
> server and all the internet traffic from our internal network was sent
> to the vpn laptop.

assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus
...
        - your corp lan is too easily susceptible to anybody to change
your
        corp network

        - your servers should disallow everybody from changing anything
        and especially from vpn connections and laptops and wireless

        - these important servers should only allow incoming non-root
        ssh connections only from particular (internal) ip# ...

- vpn connections should be considered hackers free access to inside
  the corp lan since the corp IT folks probably has little control
  of users home network 

c ya
alvin

> We fixed the issue for now but can you guys please let me kow if there
> is a worm/virus which works in this fashion??? we scanned the laptops
> for virus but din't find anything. Any inputs/help will be greatly
> appreciated.
>
> regards,
>
> Shiva Palancha