Security Incidents mailing list archives

Re: VPN hijacking

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 25 Oct 2000 15:45:25 -0700

Sure, it's possible.  I've done it against machines under my
responsibility.

At the job where I was involved in this, I had policy against users
running services on their VPN clients, reserved the right to audit their
machines for such services, and was investigating personal firewalls.

                                        Ryan

On Wed, 25 Oct 2000, Wertheimer, Ishai wrote:

Did any of you come across an incident of VPN hijacking? Theoretically, if I
use an unprotected client to access the VPN, if someone hacks into my client
PC, he can hijack the session. Did this ever happen ?

Current thread:

VPN hijacking Wertheimer, Ishai (Oct 26)
- Re: VPN hijacking Michael H. Warfield (Oct 27)
- Re: VPN hijacking ejovi nuwere (Oct 27)
- Re: VPN hijacking John Duksta (Oct 27)
- Re: VPN hijacking Ryan Russell (Oct 27)
- Re: VPN hijacking Neil Sequeira (Oct 27)
- <Possible follow-ups>
- Re: VPN hijacking David Desvoigne (Oct 27)
- Re: VPN hijacking Laumann, Dave (Oct 28)