OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: VPN hijacking
From: ejovi nuwere (ejoviEJOVI.NET)
Date: Wed Oct 25 2000 - 15:08:20 CDT

This isn't VPN hijacking. The attacker is hijacking your PC which just
happens to be connected to a VPN. What would be cool is trojaning the
client itself to leak data in clear text to a remote machine, even nicer,
installing a trojan that intercepts text typed into the VPN client
software. ie; passwords.

This is why the idea of having the VPN download firewall rules to the
client sounds good, but in practice almost never works out.

hrms...brb

ejovi nuwere
http://www.ejovi.net

On Wed, 25 Oct 2000, Wertheimer, Ishai wrote:

: Hi,
:
: Did any of you come across an incident of VPN hijacking? Theoretically, if I
: use an unprotected client to access the VPN, if someone hacks into my client
: PC, he can hijack the session. Did this ever happen ?
:
: Thanks,
:
: Ishai Wertheimer
: *****************************************************************************
: The information in this email is confidential and may be legally privileged.
: It is intended solely for the addressee. Access to this email by anyone else
: is unauthorized.
:
: If you are not the intended recipient, any disclosure, copying, distribution
: or any action taken or omitted to be taken in reliance on it, is prohibited
: and may be unlawful. When addressed to our clients any opinions or advice
: contained in this email are subject to the terms and conditions expressed in
: the governing KPMG client engagement letter.
: *****************************************************************************
: