Re: DNS poisoning

[Alvin Oga <alvin.sec () Virtual Linux-Consulting com>]

hi ya

> In the past few days we had issues with laptops users who connect to
> our corp network through VPN. Basically, the laptop was setting itself
> as the proxy server and updating dns record for our internal proxy
> server and all the internet traffic from our internal network was sent
> to the vpn laptop.

assuming that the laptop user does NOT know the root passwds
on the servers/fw,gw/etc, you have a bigger problems than worms/virus ...
        - your corp lan is too easily susceptible to anybody to change your
        corp network

        - your servers should disallow everybody from changing anything
        and especially from vpn connections and laptops and wireless

        - these important servers should only allow incoming non-root
        ssh connections only from particular (internal) ip# ...

- vpn connections should be considered hackers free access to inside
  the corp lan since the corp IT folks probably has little control
  of users home network 

c ya
alvin

> We fixed the issue for now but can you guys please let me kow if there
> is a worm/virus which works in this fashion??? we scanned the laptops
> for virus but din't find anything. Any inputs/help will be greatly
> appreciated.
>
> regards,
>
> Shiva Palancha