[vpn-help] Outlook interrupted
Roper, Andrew
aroper at bcsvoicedata.com
Fri Jan 27 10:16:18 CST 2012
In Juniper's SSL VPN you can implement a route-change monitor and choose to drop the connection in the event of a change. You could also pre-scan the client for the presence of any malware.
On an IPsec connection, I would suppose that you would have to be restrictive in the level of access. If you wanted to protect against such threats, I would set up a VPN zone and have the client tunnel bound to that zone. Then, through policy, allow/disallow access and run a UTM feature like DI on the inter-zone communications. I'm speaking to ScreenOS. I'm sure there's probably some sort of VPN quarantine feature in ASA. In MS, you can do the same in IAS/NPS.
-Andrew
-----Original Message-----
From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Kevin VPN
Sent: Thursday, January 26, 2012 11:03 PM
To: vpn-help at lists.shrew.net
Subject: Re: [vpn-help] Outlook interrupted
On 01/26/2012 01:45 PM, Jernej SimonÄiÄ wrote:
> On Thursday, January 26, 2012, 15:58:15, Greene, Teri wrote:
>
>> When connected to a client site through Shrew VPN (2.1.7), my Outlook
>> (MS Office 2010) drops connection and cannot re-establish. I also
>> have trouble connecting to the Internet (IE 8). Are you aware of this
>> issue, and is there anything that can be done about it? I basically
>> have no email when connected to this client. Others within our
>> organization have the same issue.
>
> The VPN tunnel probably overrides your default route, and thus
> prevents you from accessing the LAN. One client has his VPN set up
> this way, I just delete the route after establishing the connection,
> and add a route to just the segment I need.
>
Hi Jernej,
I'm disappointed that deleting the route actually works. I just tried it. I would have thought (hoped!) that Shrew might watch for things messing with the routes and reset them if they change.
I'd think that would be a potential way for trojan to get into an organization - wait for a tunnel to come up, enumerate the remote network, add a non-tunneled route to it's C&C server and call home for instructions. Sort of defeats one of the purposes of a full-tunnel VPN. :(
Does anyone know if this route hack can be done with other VPN clients like Cisco or Juniper?
More information about the vpn-help
mailing list