Comments inline... --- Andrew Daviel <andrewat_private> wrote: > > Recently a laptop brought onsite here from another > site triggered > an IDS alert. > > It seems the laptop was placed in hibernate mode at > the other site then awakened on our network. It > proceeded to use in-RAM > network settings and sent a flurry of DNS requests > to offsite servers. > I believe it was running DHCP and don't fully > understand how it was > able to find the new gateway without changing the > DNS settings too. > > Clearly laptops using static settings are going to > use old values if > the owner forgets, but I thought DHCP fixed that. The laptop could learn its IP and gateway, etc via DHCP but have DNS entries staticly configured. Maybe this is what happened. > I have a feeling that there might be more subtle > security issues > relating to hibernating a system in a trusted > environment and awakening it > in an untrusted one, apart from user education > issues, but can't put my > finger on any just now. > > -- > Andrew Daviel, TRIUMF, Canada > Tel. +1 (604) 222-7376 > securityat_private __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 22:07:55 PDT