Firewall Wizards mailing list archives

Re: Tunnel intruder

From: Dave Piscitello <dave () corecom com>
Date: Sat, 12 Oct 2002 14:18:09 -0400

Jerry Walker at ISS (X-Force) gave a live demonstration of how youcompromise a host that is using split-tunneling at Rubicon 2002. I'vevisited the web site but can't find the presentation, tho maybe you can.

The attack comes in from the "open Internet" and a rootkit allows theattacker to use the "VPN Tunnel" into the corporate network.

As many have indicated, this form of attack isn't rocket science, and issimilar to lots of attacks people use on dual-connected PCs (cable modemand dialup, DSL and dialup)


At 04:21 PM 10/9/2002 -0700, Jim MacLeod wrote:

Does anybody know of an actual incident where this attack was used,successfully or not?



David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Tunnel intruder Jim MacLeod (Oct 09)
- Re: Tunnel intruder Josh Welch (Oct 09)
- Re: Tunnel intruder John Adams (Oct 09)
  - Re: Tunnel intruder Frank Knobbe (Oct 10)
- Re: Tunnel intruder Harald Koch (Oct 10)
- Re: Tunnel intruder Dragos Ruiu (Oct 10)
- Re: Tunnel intruder David Kennedy CISSP (Oct 12)
- Re: Tunnel intruder Dave Piscitello (Oct 12)
- <Possible follow-ups>
- RE: Tunnel intruder Gibson, Brian (Oct 09)
  - RE: Tunnel intruder R. DuFresne (Oct 09)
- RE: Tunnel intruder Irwin Lazar (Oct 09)
- RE: Tunnel intruder Desai, Ashish (Oct 10)