Security Incidents mailing list archives

Re: VPN hijacking

From: David Desvoigne <david.desvoigne () HIGHMARK COM>
Date: Wed, 25 Oct 2000 15:41:55 -0400

I've done some testing of the Altiga/Cisco VPN client,  in our
configuration we do not allow split tunnels.  when the VPN client is
activated it no longer accepts connections destined to the original IP
address of the client.

Our concern was more of a what to do when the  client system is not
connected to the VPN.  the masking of the client IP address no longer
exists so no the client can easily be compromised as well as the integrity
of and data received from the client.

To help combat this we wrote a policy requiring personal firewall
software/hardware and local disk/file encryption for and client system
connecting to the VPN.

David A. desVoigne
Sr. Data Security Analyst

Corporate Information Security
Highmark Inc.
1800 Center Street
Camp Hill, PA 17089-0089

david.desvoigne () highmark com




                    "Wertheimer, Ishai"
                    <iwertheimer@KPMG.C        To:     INCIDENTS () SECURITYFOCUS COM
                    OM>                        cc:
                    Sent by: Incidents         Subject:     VPN hijacking
                    Mailing List
                    <INCIDENTS@SECURITY
                    FOCUS.COM>


                    10/25/2000 05:27 AM
                    Please respond to
                    "Wertheimer, Ishai"





Hi,

Did any of you come across an incident of VPN hijacking? Theoretically, if
I
use an unprotected client to access the VPN, if someone hacks into my
client
PC, he can hijack the session. Did this ever happen ?

Thanks,

Ishai Wertheimer
*****************************************************************************

The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by anyone
else
is unauthorized.

If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed
in
the governing KPMG client engagement letter.
*****************************************************************************

Current thread:

VPN hijacking Wertheimer, Ishai (Oct 26)
- Re: VPN hijacking Michael H. Warfield (Oct 27)
- Re: VPN hijacking ejovi nuwere (Oct 27)
- Re: VPN hijacking John Duksta (Oct 27)
- Re: VPN hijacking Ryan Russell (Oct 27)
- Re: VPN hijacking Neil Sequeira (Oct 27)
- <Possible follow-ups>
- Re: VPN hijacking David Desvoigne (Oct 27)
- Re: VPN hijacking Laumann, Dave (Oct 28)