Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Erick B. (erickbeyahoo.com)
Date: Mon Jul 02 2001 - 16:44:10 CDT
--- Andrew Daviel <andrewandrew.triumf.ca> wrote:
> Recently a laptop brought onsite here from another
> site triggered
> an IDS alert.
> It seems the laptop was placed in hibernate mode at
> the other site then awakened on our network. It
> proceeded to use in-RAM
> network settings and sent a flurry of DNS requests
> to offsite servers.
> I believe it was running DHCP and don't fully
> understand how it was
> able to find the new gateway without changing the
> DNS settings too.
> Clearly laptops using static settings are going to
> use old values if
> the owner forgets, but I thought DHCP fixed that.
The laptop could learn its IP and gateway, etc via
DHCP but have DNS entries staticly configured. Maybe
this is what happened.
> I have a feeling that there might be more subtle
> security issues
> relating to hibernating a system in a trusted
> environment and awakening it
> in an untrusted one, apart from user education
> issues, but can't put my
> finger on any just now.
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail