This seems relevant in that it's a new incarnation of an old threat to
one's perimeter. I'm not able to go into all of the details yet, as
we're beta testing the product, but what I've seen so far gives me
some cause for concern.
There's an organization testing a new information service, which uses
a Microsoft Windows-based user interface for their customers. It just
so happens, when I looked a little under the hood, that this service
is shipping the Distinct TCP/IP stack, minus the configuration panel,
with their software. The service operates via what appears to be a PPP
connection over a terminal session on one of the X.25 public data
Now I haven't thrown a packet monitor on this yet, and I don't know
whether they're even using RFC1597 network numbers, but the idea that
an off-the-shelf subscription service requires that I allow a
back-door TCP/IP connection into my corporate LAN really bothers me.
No where in their documentation do they address any of these issues.
I'm going to talk to them about that.
Of course, I suspect it goes both ways - heh, heh.
Anyway, since there's been more talk of policy lately, I thought this
might be something worth thinking about - easy-to-use services which
shoot tunnels into your enterprise without the knowledge of the casual
user, or the consent of the network administrators.
Yours for losing sleep,
Bob Stratton Sr. Engineer
UUNET Technologies, Inc. strat @
3110 Fairview Park Dr., Suite 570 Voice) +1 703 204 8000
Falls Church, Va 22042 Fax) +1 703 204 8001