Whoa stop press! You connected a computer to a public IP and zone alarm starts buzzing away.. FBI! Depends on how the hotel system works, it may be broadcasting or doing some other IP weirdness, either way its not surprising. But there is no security threat from some left over packets from old TCP/IP sessions... as for the question on corporate security, I would hope that any connection to the Internet be it a corporate LAN or a travelling user on a remote network is done from a computer which has been adequately setup to be protected from the latest vulnerabilities and is locked down as much as possible, goes without saying! This is one such way as you mention of how office networks with their fancy one stop, protects all ills firewalls are still succumb to viruses and other nasties. I'd assume your IT department enforces policies on regularly installing OS patches and updating local virus scanners as part of its security policy... right? Steve On Wed, 10 Sep 2003, Christopher Bird wrote:
I am not sure if this post belongs here, so I apologize if it does not. I have been experiencing some weirdness while traveling and wondered if the group has any insight into what seems to be a pretty ugly situation.
I am traveling and have my lap top with me. I am staying in a hotel that offers broadband support. There are 2 of us (with 2 lap tops) sharing a room. I acquire an internet connection and sign up for the service, so get an IP address. In my case that IP address is 12.44.189.24.
I disconnect my cable and pass it to my roommate. He plugs in and acquires IP address 12.44.189.47. He does the email thing for a while and then passes the cable back to me. Imagine my surprise when the network routes packets destined for his IP address (from his email server no less) to my computer. My firewall (Zone alarm) detects these incoming packets and blocks them since they are unsolicited.
In further analysis of the logs, I see that there are a large number of IP addresses that are packet destinations and routed to my computer Zone Alarm detects them and blocks them. According to Zone Alarm I am getting packets for destination IP addresses as follows:12.44.189.244. 12.44.189.178 12.44.189.181 12.189.44.244 and some others too. They are all port 80 requests, identified by Zone Alarm as TCP (flags:S).
This seems strange to me since they are arriving at an IP address that is different from mine.
How can this happen? Is there the potential for a problem (I am thinking particularly about future guests who may not have the degree of protection (limited though it is) that Zone Alarm is affording me.)?
This then got me thinking about corporate security. If I have taken my laptop and put it on an external network (e.g. the hotel network) what protections can I realistically expect, and what should my corporate IT department do to make sure my compute hasn't contracted something nasty while it was away from home. I could see that the kind of network behavior that I observed could infect a less well protected computer and thus cause me to bring an infection back to my office where it can attack from behind the corporate shields and firewalls.
Any comments would be very welcome.
Regards
Chris Bird