[NJ_gent]

Out of curiosity, have you seen anything coming through the VPN connections? We maintain a number of VPN connections with several clients for support purposes. We're pretty good about preventative security, but I'd like to know whether this bug is poking at that particular weak point.

[D-fendr]

Depends on how you filter the tunnels.

If it's not filtered at all, a VPN IPsec tunnel sends all traffic through a properly established tunnel. It encrypts it and verifies both ends, but it will send a virus, trojan, worm, just as easily as it will good data. (It's sometimes described as a hard shell and soft inside security.)

You can filter the tunnel, (direct traffic to only addess x and port x), assuming you have the equipment and knowledge to do so.

But don't assume your VPN does this.

[Arthalion]

Yes we have. One of our VPN clients apparently became infected with Sasser.D about an hour ago, and then jumped through our VPN to infect a couple of other VPN clients before our operations guys were able to secure and shut down those users (they apparently have Ciscoworks set to alert them of any internal 445 activity). The good news is that the new VLAN and intermediate firewalls apparently worked like a charm and kept the virus out of our main network. The bad news is that it apparently jumped despite the fact that our Cisco concentrators should be filtering 445 completely (we're not yet sure what the problem is). Since our VPN clients sit in their own VLAN, however, all they can do right now is infect each other.