Vulnerability Development mailing list archives
Re: un-hibernating laptop using old network settings
From: "Erick B." <erickbe () yahoo com>
Date: Mon, 2 Jul 2001 14:44:10 -0700 (PDT)
Comments inline... --- Andrew Daviel <andrew () andrew triumf ca> wrote:
Recently a laptop brought onsite here from another site triggered an IDS alert. It seems the laptop was placed in hibernate mode at the other site then awakened on our network. It proceeded to use in-RAM network settings and sent a flurry of DNS requests to offsite servers. I believe it was running DHCP and don't fully understand how it was able to find the new gateway without changing the DNS settings too. Clearly laptops using static settings are going to use old values if the owner forgets, but I thought DHCP fixed that.
The laptop could learn its IP and gateway, etc via DHCP but have DNS entries staticly configured. Maybe this is what happened.
I have a feeling that there might be more subtle security issues relating to hibernating a system in a trusted environment and awakening it in an untrusted one, apart from user education issues, but can't put my finger on any just now. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 security () triumf ca
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Current thread:
- un-hibernating laptop using old network settings Andrew Daviel (Jul 02)
- Re: un-hibernating laptop using old network settings Erick B. (Jul 02)
- Re: un-hibernating laptop using old network settings Zow (Jul 04)
- Re: un-hibernating laptop using old network settings Ron DuFresne (Jul 04)
- Re: un-hibernating laptop using old network settings Marukka (Jul 04)
- Re: un-hibernating laptop using old network settings Curt Wilson (Jul 04)