Firewall Wizards mailing list archives

RE: Tunnel intruder

From: "Gibson, Brian" <Brian.Gibson () RyanBeck com>
Date: Wed, 9 Oct 2002 19:54:30 -0400

I can tell you of cases where users with tunnels to their office that were
running Webservers back in the CodeRed days were wreaking HAVOC on their
corporate networks.  My old company spent weeks trying to identify the
source of the problem.  

It really is a pretty trivial avenue to exploit.  If you are Joe Social
Engineer and you want to break into Widgets Inc.  that would probably be the
first avenue of attack you would look to do.  

Virtually no logging of intrusions.  Oblivious user.  Often full reign of
the corporate treasures.  In many corporate worlds VPN users are treated as
fully trusted hosts.  You could go MONTHS without detection.

The question isn't whether a Joe Cracker has broken in this way. The
question is why WOULDN'T they use this method? 


-----Original Message-----
From: Jim MacLeod [mailto:jmacleod () earthling net] 
Sent: Wednesday, October 09, 2002 6:21 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Tunnel intruder

There's a lot of FUD being touted by firewall vendors about the possibility 
of a home computer being hacked, then the attacker using that computer's 
VPN connection to the office to break into the company network.

I can see this as a possibility and realize that we could easily get into 
an extended discussion of the probability/impossibility/inevitability of it 
occurring.  I personally want to avoid speculation.

Does anybody know of an actual incident where this attack was used, 
successfully or not?

Thanks,
-Jim

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


*****************************************************************
Ryan Beck & Co.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail may be archived and produced to others.
Ryan Beck will not accept trade order instructions via
e-mail. Please telephone your Financial Consultant to place trade
orders.

Ryan Beck & Co.
*****************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Tunnel intruder Jim MacLeod (Oct 09)
- Re: Tunnel intruder Josh Welch (Oct 09)
- Re: Tunnel intruder John Adams (Oct 09)
  - Re: Tunnel intruder Frank Knobbe (Oct 10)
- Re: Tunnel intruder Harald Koch (Oct 10)
- Re: Tunnel intruder Dragos Ruiu (Oct 10)
- Re: Tunnel intruder David Kennedy CISSP (Oct 12)
- Re: Tunnel intruder Dave Piscitello (Oct 12)
- <Possible follow-ups>
- RE: Tunnel intruder Gibson, Brian (Oct 09)
  - RE: Tunnel intruder R. DuFresne (Oct 09)
- RE: Tunnel intruder Irwin Lazar (Oct 09)
- RE: Tunnel intruder Desai, Ashish (Oct 10)