Comments inline...

--- Andrew Daviel <andrewandrew.triumf.ca> wrote:
>
> Recently a laptop brought onsite here from another
> site triggered
> an IDS alert.
>
> It seems the laptop was placed in hibernate mode at
> the other site then awakened on our network. It
> proceeded to use in-RAM
> network settings and sent a flurry of DNS requests
> to offsite servers.
> I believe it was running DHCP and don't fully
> understand how it was
> able to find the new gateway without changing the
> DNS settings too.
>
> Clearly laptops using static settings are going to
> use old values if
> the owner forgets, but I thought DHCP fixed that.

The laptop could learn its IP and gateway, etc via
DHCP but have DNS entries staticly configured. Maybe
this is what happened.

> I have a feeling that there might be more subtle
> security issues
> relating to hibernating a system in a trusted
> environment and awakening it
> in an untrusted one, apart from user education
> issues, but can't put my
> finger on any just now.
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376
> securitytriumf.ca

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]