Firewall Wizards mailing list archives
Re: Tunnel intruder
From: Dave Piscitello <dave () corecom com>
Date: Sat, 12 Oct 2002 14:18:09 -0400
Jerry Walker at ISS (X-Force) gave a live demonstration of how you compromise a host that is using split-tunneling at Rubicon 2002. I've visited the web site but can't find the presentation, tho maybe you can.
The attack comes in from the "open Internet" and a rootkit allows the attacker to use the "VPN Tunnel" into the corporate network.
As many have indicated, this form of attack isn't rocket science, and is similar to lots of attacks people use on dual-connected PCs (cable modem and dialup, DSL and dialup)
At 04:21 PM 10/9/2002 -0700, Jim MacLeod wrote:
Does anybody know of an actual incident where this attack was used, successfully or not?
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Tunnel intruder Jim MacLeod (Oct 09)
- Re: Tunnel intruder Josh Welch (Oct 09)
- Re: Tunnel intruder John Adams (Oct 09)
- Re: Tunnel intruder Frank Knobbe (Oct 10)
- Re: Tunnel intruder Harald Koch (Oct 10)
- Re: Tunnel intruder Dragos Ruiu (Oct 10)
- Re: Tunnel intruder David Kennedy CISSP (Oct 12)
- Re: Tunnel intruder Dave Piscitello (Oct 12)
- <Possible follow-ups>
- RE: Tunnel intruder Gibson, Brian (Oct 09)
- RE: Tunnel intruder R. DuFresne (Oct 09)
- RE: Tunnel intruder Irwin Lazar (Oct 09)
- RE: Tunnel intruder Desai, Ashish (Oct 10)