un-hibernating laptop using old network settings

• Previous message: Tim: "Re: Valid characters on one o/s are invalid on another"
• Next in thread: Erick B.: "Re: un-hibernating laptop using old network settings"
• Reply: Erick B.: "Re: un-hibernating laptop using old network settings"
• Reply: Marukka: "Re: un-hibernating laptop using old network settings"
• Reply: Curt Wilson: "Re: un-hibernating laptop using old network settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recently a laptop brought onsite here from another site triggered
an IDS alert.

It seems the laptop was placed in hibernate mode at
the other site then awakened on our network. It proceeded to use in-RAM
network settings and sent a flurry of DNS requests to offsite servers.
I believe it was running DHCP and don't fully understand how it was
able to find the new gateway without changing the DNS settings too.

Clearly laptops using static settings are going to use old values if
the owner forgets, but I thought DHCP fixed that.

I have a feeling that there might be more subtle security issues
relating to hibernating a system in a trusted environment and awakening it
in an untrusted one, apart from user education issues, but can't put my
finger on any just now.


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
securityat_private

• Next message: Brian Tan: "Re: Cisco IOS HTTP Configuration Exploit"
• Previous message: Tim: "Re: Valid characters on one o/s are invalid on another"
• Next in thread: Erick B.: "Re: un-hibernating laptop using old network settings"
• Reply: Erick B.: "Re: un-hibernating laptop using old network settings"
• Reply: Marukka: "Re: un-hibernating laptop using old network settings"
• Reply: Curt Wilson: "Re: un-hibernating laptop using old network settings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 12:53:02 PDT