Security Incidents mailing list archives
Re: VPN hijacking
From: "Laumann, Dave" <dlaumann () SUNTZU NET>
Date: Thu, 26 Oct 2000 15:08:09 -0500
good point, however i've seen many vpn software clients that do not offer that option or the option is not enabled for whatever reasons -may be disabled by user, company may want dual traffic vpn and non-vpn, etc. then, there are hardware vpns that protect segments. these are vulnerable to a wider range of attacks. to answer the original question, yes we have seen cases where vpns have been piggy backed (not hijacked) to gain unauthorized access. in one instance an admin's home network was compromised, then eventually the vpn was piggy backed to access the organization. i also know of an organization that for reasons refuses to allow user authentication. vpns are only as good as the implementation. there are so many ways to implement a vpn, it's such a generic term. any solution should be based on standards based encryption that has been independently reviewed. multi factor authentication should be used. ah tunnel or esp tunnel should be used when possible. logging must be used and reviewed. hardening of the endpoint should be considered. policy has to be implemented. etc... in addition to piggy back attacks, what about the data that is transferred back over the vpn. will that data reside on the endpoint? how sensitive is it? for how long? how is it protected? who owns the endpoint, the corporation, the user, or? etc... -dave [snip]
However in defense of this kind of attack, most VPN clients include a 'blocking' mode that will not allow any other traffic to the client while the VPN is active.
[snip]
Regards, -john
[snip]
Did any of you come across an incident of VPN hijacking? Theoretically, if I use an unprotected client to access the VPN, if someone hacks into my client PC, he can hijack the session. Did this ever happen ? Thanks, Ishai Wertheimer
Current thread:
- VPN hijacking Wertheimer, Ishai (Oct 26)
- Re: VPN hijacking Michael H. Warfield (Oct 27)
- Re: VPN hijacking ejovi nuwere (Oct 27)
- Re: VPN hijacking John Duksta (Oct 27)
- Re: VPN hijacking Ryan Russell (Oct 27)
- Re: VPN hijacking Neil Sequeira (Oct 27)
- <Possible follow-ups>
- Re: VPN hijacking David Desvoigne (Oct 27)
- Re: VPN hijacking Laumann, Dave (Oct 28)