Hello,
So we have a lab environment where users use Ubuntu and have root access, from the lab network they are only supposed to be able to access a few select resources on the other networks.
However, they have found a way to bypass this by creating a tunnel to the other subnets by using:
sudo ip route add 10.x.x.x/24 dev tun0
Is there a way to detect and/or prevent this on a network level? We use Cisco equipment (incl. Cisco ASA/Firepower).
No comments:
Post a Comment