Security Basics mailing list archives
RE: DNS poisoning
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Mon, 6 Jun 2005 17:08:39 +0100
Have you ensured that the laptops can be used as a gateway from the internet back to corp net. Ie local firewalls on the laptops. -----Original Message----- From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com] Sent: 03 June 2005 05:22 To: shivapalancha () gmail com Cc: security-basics () securityfocus com Subject: Re: DNS poisoning hi ya
In the past few days we had issues with laptops users who connect to our corp network through VPN. Basically, the laptop was setting itself as the proxy server and updating dns record for our internal proxy server and all the internet traffic from our internal network was sent to the vpn laptop.
assuming that the laptop user does NOT know the root passwds on the servers/fw,gw/etc, you have a bigger problems than worms/virus ... - your corp lan is too easily susceptible to anybody to change your corp network - your servers should disallow everybody from changing anything and especially from vpn connections and laptops and wireless - these important servers should only allow incoming non-root ssh connections only from particular (internal) ip# ... - vpn connections should be considered hackers free access to inside the corp lan since the corp IT folks probably has little control of users home network c ya alvin
We fixed the issue for now but can you guys please let me kow if there is a worm/virus which works in this fashion??? we scanned the laptops for virus but din't find anything. Any inputs/help will be greatly appreciated. regards, Shiva Palancha
Current thread:
- DNS poisoning Shiva Palancha (Jun 01)
- Re: DNS poisoning Alvin Oga (Jun 06)
- <Possible follow-ups>
- RE: DNS poisoning Andrew Shore (Jun 06)