Re: Protecting an open VPN connection from a local home LAN
From: -Lone_Wolf- (lone_wolfs_den_at_CLOTHEShotmail.com)
Date: 02/23/05
- Previous message: kent: "Re: Kaspersky service"
- In reply to: winged: "Re: Protecting an open VPN connection from a local home LAN"
- Next in thread: ROBERT S AMP BA Drake: "Re: Protecting an open VPN connection from a local home LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Feb 2005 04:07:32 GMT
winged wrote:
> -Lone_Wolf- wrote:
>> Yesterday I opened my firewall only to notice repeated attempts to
>> my VPN listening service. I took a screen capture and then locked
>> out the VPN. When I looked back at the log it showed 892 attempted
>> connections (I assume he/she was trying to crack the password) in
>> the hour for which the log went back (and presumably much longer).
>>
>> So here is my question...
>>
>> I have taken an old PC (Win98) and turned it into a VPN gateway to
>> my LAN. There is a NAT Router and all connections to the open VPN
>> ports are directed to the new Gateway. I have set up the Win98 box
>> to always log out with a very good password but I am not too sure
>> this will be enough? So to hack in one needs to beat the VPN password,
>> beat the Win98
>> password then open another (password protected) VPN connection on
>> the Win98 Machine to any of my other PC's.
>>
>> Do you think this is unwarranted protection, not enough protection,
>> or flawed in theory?
>>
>> Thank you
>>
>> John
>>
>>
> Win 98 is flawed theory. Win 98 can be walked right through using
> several methods, even with a respectable software firewall. I would
> consider other OS alternatives. There are a number of exploitable
> flaws in Win98 at the winsock level, which is below software
> protection levels.
I had a feeling this was so..!
>
> The attacker "might" have been running a script that was designed to
> provide the packet pad of your nic card when you logged in. A number
> of NIC cards on the market have this flaw. They use memory to pad the
> window size for a packet. If an attacker hits the system at the time
> you log in they can get your in clear passwords to the system (as the
> pad is pulled from system memory).
>
> You don't mention what VPN software/hardware you are using. I know
> that there is a major exploit with a number of IPSEC firewalls (I
> know CISCO was one) where the VPN can be hacked at the concentrator on
> the
> boundary. If I remember right the exploit it revealed the login
> password exchange.
Ultr@VNC (WinVNC)
>
> You don't mention what review you have made of running services on the
> system. While you are firewalled if you have running services opening
> ports, some services can be exploited. The best site I have seen for
> reducing running services is located at http://www.blackviper.com/. Of
> course I am assuming (big assumption that your primary PC is
> XP/2000).
I have been to this site and have shut down anything that was not necessary.
All scans for running services end up negative.
>
> I don't fully know the risk value, but I wouldn't bet the farm on the
> security of your setup. Then again there is no such thing as a
> completely secure system.
Yeah I think I will just keep VNC from accessing the WAN and only use it on
the LAN for now.
Thank you for you input!
John
- Previous message: kent: "Re: Kaspersky service"
- In reply to: winged: "Re: Protecting an open VPN connection from a local home LAN"
- Next in thread: ROBERT S AMP BA Drake: "Re: Protecting an open VPN connection from a local home LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
