Firewall Wizards mailing list archives
RE: Tunnel intruder
From: Irwin Lazar <ILazar () burtongroup com>
Date: Wed, 9 Oct 2002 18:24:09 -0600
Most of the enterprises we work with employ VPN clients that use compulsory tunnels. Once the VPN client connects, all other traffic in and out of the computer is blocked. This, by the way, is also our best practice recommendation. There are of course plenty of companies who don't follow this approach. To answer your question, no, I don't know of a specific incident. irwin ------ Irwin Lazar Practice Manager, Burton Group www.burtongroup.com <http://www.burtongroup.com> ilazar () burtongroup com <mailto:ilazar () burtongroup com> Office: 703-742-9659 Cell: 703-402-4119 "DrivingNetworkEvolution" -----Original Message----- From: Jim MacLeod [mailto:jmacleod () earthling net] Sent: Wednesday, October 09, 2002 5:21 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Tunnel intruder There's a lot of FUD being touted by firewall vendors about the possibility of a home computer being hacked, then the attacker using that computer's VPN connection to the office to break into the company network. I can see this as a possibility and realize that we could easily get into an extended discussion of the probability/impossibility/inevitability of it occurring. I personally want to avoid speculation. Does anybody know of an actual incident where this attack was used, successfully or not? Thanks, -Jim _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Tunnel intruder Jim MacLeod (Oct 09)
- Re: Tunnel intruder Josh Welch (Oct 09)
- Re: Tunnel intruder John Adams (Oct 09)
- Re: Tunnel intruder Frank Knobbe (Oct 10)
- Re: Tunnel intruder Harald Koch (Oct 10)
- Re: Tunnel intruder Dragos Ruiu (Oct 10)
- Re: Tunnel intruder David Kennedy CISSP (Oct 12)
- Re: Tunnel intruder Dave Piscitello (Oct 12)
- <Possible follow-ups>
- RE: Tunnel intruder Gibson, Brian (Oct 09)
- RE: Tunnel intruder R. DuFresne (Oct 09)
- RE: Tunnel intruder Irwin Lazar (Oct 09)
- RE: Tunnel intruder Desai, Ashish (Oct 10)