Jerry Walker at ISS (X-Force) gave a live demonstration of how you compromise a host that is using split-tunneling at Rubicon 2002. I've visited the web site but can't find the presentation, tho maybe you can. The attack comes in from the "open Internet" and a rootkit allows the attacker to use the "VPN Tunnel" into the corporate network. As many have indicated, this form of attack isn't rocket science, and is similar to lots of attacks people use on dual-connected PCs (cable modem and dialup, DSL and dialup) At 04:21 PM 10/9/2002 -0700, Jim MacLeod wrote: >Does anybody know of an actual incident where this attack was used, >successfully or not? David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 daveat_private 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Sat Oct 12 2002 - 11:46:34 PDT