[Full-disclosure] can you answer this?
gvm at nemesys.com
Fri Feb 3 18:59:21 GMT 2012
On 03/02/2012 18:15, Full Disclosure mailing list wrote:
> On 03/02/2012 08:20, RandallM wrote:
>> since no one could answer the last one how bout this. In my FW log
>> Trust (our 10.0.0.0. network) to untrust picked this up:
>> 2012-02-02 10:08:10 184.108.40.206:68 220.127.116.11:67 0.0.0.0:0
>> 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied
>> My "any" to "any" denied queue.
> I've seen this sort of thing before, from misconfigured VPNs.
> Do you have someone using "Tunngle" on your network?
> It's a VPN product (as far as I understand it, primarily for gaming),
> and it appears to (mis)use the 7.xxx.xxx.xxx IP address space. See this
> for a report of similar packet sightings:
> My guess is that one of your users has set up this VPN in order to
> tunnel through your firewall, but it's not configured correctly and its
> DHCP requests are going onto your main network rather than (as intended)
> through the tunnel. You might want to look into who is using this...
> Granville Moore
> Nemesys Computer Consultants
Sorry - my "From" address was screwed up in my previous reply.
Nemesys Computer Consultants
/Dr Granville Moore/
/Nemesys Computer Consultants Ltd/
/17 High Street/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.