On 1/26/2012 10:02 PM, Kevin VPN wrote:
Hi Jernej, I'm disappointed that deleting the route actually works. I just tried it. I would have thought (hoped!) that Shrew might watch for things messing with the routes and reset them if they change. I'd think that would be a potential way for trojan to get into an organization - wait for a tunnel to come up, enumerate the remote network, add a non-tunneled route to it's C&C server and call home for instructions. Sort of defeats one of the purposes of a full-tunnel VPN. :(
There is no mechanism that I'm aware of the can "lock" a route in the OS. You could have two processes fight over which routes it believes should be the correct routes for a given point in time. Having a route added or removed from your route table can happen at any point by a process with the correct privilege level. The only thing the client can really do is monitor the route table and potentially disconnect if it sees a change.
Does anyone know if this route hack can be done with other VPN clients like Cisco or Juniper?
What do you want in a VPN client? IPsec security policies define source and destination IP networks and request or require that a transform be applied to the traffic pattern to encrypt or authenticate the content. It doesn't prescribe any particular methods to ensure that packets are allowed to originate from an authorized process. Further more, there is no distinction made between server or client insofar as IPsec protocols or vanilla IKE are concerned. For additional protection, a firewall and anti-malware software should be used to protect your machine. Otherwise it could be used as an attack vector to any remote network you may be connected to. Some VPN clients bundle these with their software ( cisco can push firewall rules to their VPN Client ) and some don't. The Shrew Soft client falls into the latter category.
-Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
