Re: [Full-disclosure] talk.google.com
Yahoo's current IM application, highly bloated with features more geared up for a Yahooligans IM client. Yahooligans, The web for kids. www.yahooligans.com Yahoo plan to strip their current Yahoo Messenger 7.0 for a new lite version, to stop half of Yahoo's 20 million IM users from switching to Google Talk, when Yahoo finally pull the switch on Yahoo's older, lighter version of Yahoo Messenger. The version of Yahoo Messenger, 5.6. build 1358 was the last basic, easy to use IM application released by Yahoo. Since then Yahoo introduced the All-New Yahoo Messenger. The All-New was all bloated with features geared up for kids. Users hit out at Yahoo ever since version 6.0. Users of Yahoo Messenger wish Yahoo to rollback to 5.6 1358, adding only the wanted features as listed here: http://www.geocities.com/n3td3v/ymessenger80lite.html You can call it Yahoo Messenger 8.0 so you don't look silly for backtracking to a previous version. Yahoo will be releasing two versions of Yahoo Messenger soon. One will be Yahooligans Messenger. This will be indentical to the current Yahoo Messenger 7.0, just rebranded. Yahoo's new Yahoo Messenger 8.0 will move direction from versions 6.0 and 7.0 with a rollback to the older Yahoo Messenger feel. Yahoo Messenger 8.0 LITE is the future of IM... http://www.geocities.com/n3td3v/ymessenger80lite.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RE: Example firewall script
= ORIGINAL MESSAGE: - Date: Sat, 27 Aug 2005 From: Exibar Subject: Example firewall script The absolute worse Firewal rule you can have: Allow ANY ANY The best: Deny ANY ANY = REPLY: --- Actually, that's not true. I would agree that as a general rule of thumb you should have a deny statement at the end of every ACL. In fact, Cisco places an implicit DENY ANY ANY at the end of their ACL's automatically. However, Access Control Lists are not firewalls. Yes, we use them as firewalls, but that's not what they are. ACL's ARE TRAFFIC SHAPING DEVICES. As traffic shaping devices, they can be used for security, but they are also used for management purposes. For instance; many Autonomous Systems are multi-homed. There are decisions to be made about how traffic will flow in and out of the AS. You also have to decide if you wish to be a transit AS or not. ACLs are the tool that you use to control your traffic. While an ACL being used as a security device should have a deny statement at the end, proper construction of the ACL is more about following the proper construction rules. This is actually a huge subject, far too big for an individual e-mail to a list. But there are some basic rules to keep in mind: ACL's analyze traffic from top to bottom, so keep your most specific entries at the top, with more general entries near the bottom; and do your permits before your denys. That means you deal with hosts first, then subnets, then networks, and at each level you have your permit statements before your deny statements. The reason for this is because once a packet matches a line, it's dealt with right then and there. You don't want to have a packet thrown away just before a line that would have permitted it. There are also issues of what KIND of ACL to use and where to place them; Inbound or Outbound. In terms of the original question, the only difference between a good line item or a bad line item is whether or not the syntax is correct. The only difference between a good ACL and a bad ACL is whether or not it's structure is properly designed and whether or not it's placed in the proper location. This subject REALLY calls for a book, not an e-mail response. I've said very little in this post and look at all the room it took up. ++ mail2web - Check your email from the web at http://mail2web.com/ . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] securityfocus.com outage?
Securityfocus.com appears to be unreachable. Anyone else? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] talk.google.com
On 8/27/05, n3td3v [EMAIL PROTECTED] wrote: Yahoo's current IM application, highly bloated with features more geared up for a Yahooligans IM client. Yahooligans, The web for kids. www.yahooligans.com Yahoo plan to strip their current Yahoo Messenger 7.0 for a new lite version, to stop half of Yahoo's 20 million IM users from switching to Google Talk, when Yahoo finally pull the switch on Yahoo's older, lighter version of Yahoo Messenger. snip Yahoo Messenger 8.0 LITE is the future of IM... http://www.geocities.com/n3td3v/ymessenger80lite.html Is it just me, or are you getting more incoherent with every post? It's like you can't decide if you want to make a hacked-up YM client (ala Kazaa Lite), a fake yahoo press release with witty commentary, an open letter to yahoo, or something else entirely. Maybe I missed it, but I don't even think anyone mentioned yahoo up to this point in a way that would provoke this. I guess I just don't get it. -- Robert Wesley McGrew http://cse.msstate.edu/~rwm8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
Screw these arguments. What you should really do is get a security consultant to teach you the basics, and provide you with some exposure to the various different options you may have available, and in the case of your request, offer you some of the old horror stories. If your only aim is to learn, the I would suggest starting with your firewalls documentation. Most firewall developers do have at least a reasonable knowledge of firewall security and rule building. Moreover good documentation will leave references to good physical sources (books, courses, etc.). Getting back to the original question of BAD configurations :) (yep, my ATD is higher today) you may find some reasonable examples in high quality documentation too. You might try looking into any detailed hacking stories and statistics you can find, as these may lead to some other interesting conclusions about firewalls and their impacts on security too. Also, forums might be a good place to pick up bad firewall rules, you know those places are filled with crap because people just can't resist trying to show up the next guy and pretend to be the best. Just out of interest, why are you looking for Bad rule sets? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Tool for Identifying Rogue Linksys Routers
Thomas, I've taken a look at the signature that you used to sign your message, and it says that one of the people it's registered to is [EMAIL PROTECTED]. Now, if I'm not mistaken, this is a spyware company. If this is so, and you know developers that are writing adware/spyware programs, please do me a favor and burn their house down. Thanks Paul Formerly of Greyhats Security - Original Message - From: "Thomas Guyot-Sionnest" [EMAIL PROTECTED] To: "Martin Mkrtchian" [EMAIL PROTECTED]; "Bugtraq" bugtraq@securityfocus.com; "Full-Disclosure (E-mail)" full-disclosure@lists.netsys.com Sent: Thursday, August 25, 2005 5:52 PM Subject: RE: Tool for Identifying Rogue Linksys Routers The right way to fix that is to implement switch-level recurity. Limit thenumber of mac and IP address on each ports. No workstation should ever havemore that one MAC and IP address...If you don't have the budget for that kind of switch, I'd first try toidentify open ports and try to recognize services on a linksys router. Nmapand telnet will be your best friends.Thomas Guyot-Sionnest,Administrateur de systèmesTél: (514) 842-7054Fax: (514) 221-3395Courriel: [EMAIL PROTECTED] -Original Message- From: Martin Mkrtchian [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 14:49 To: Bugtraq; Full-Disclosure (E-mail) Subject: Tool for Identifying Rogue Linksys Routers Dear Group Members We are migrating from Lucent QIP to MetaIP for DHCP services and so far we have had two issues when MetaIP has been implemented for VLAN that has an unauthorized Linksys router giving out IP addresses. Is there a scanning tool out there that can determine if there are unauthorized Linksys (type) routers in a specific VLAN? Your input is appreciated Thank You Martin M http://dotsecure.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Page can't be found for me either. Oh woe is the day :( Regards, Paul Formerly of Greyhats Security - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Saturday, August 27, 2005 1:18 PM Subject: Re: [Full-disclosure] securityfocus.com outage? Ah, me too! Wonder who pulled the wrong switch! On 8/27/05, adf--at--Code511.com [EMAIL PROTECTED] wrote: dead for me from europe. -deepquest Le 27 août 05 à 18:44, n3td3v a écrit : Securityfocus.com appears to be unreachable. Anyone else? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Proably that big hurricane has done something, somewhere. Thats all I can think of right now. Mother nature playing havoc again with one of the biggest security websites in the entire universe! On 8/27/05, Andrew R. Reiter [EMAIL PROTECTED] wrote: Seems to be the same here in southern california. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
On Sat, Aug 27, 2005 at 06:32:30PM +0100, n3td3v wrote: Proably that big hurricane has done something, somewhere. Lots of hurricanes in Canada, eh? :-) Steve :-) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Actually they are called humicanes when they are inland - Original Message - From: Steve Friedl [EMAIL PROTECTED] To: n3td3v [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Saturday, August 27, 2005 11:38 AM Subject: Re: [Full-disclosure] securityfocus.com outage? On Sat, Aug 27, 2005 at 06:32:30PM +0100, n3td3v wrote: Proably that big hurricane has done something, somewhere. Lots of hurricanes in Canada, eh? :-) Steve :-) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Yep: %ping www.securityfocus.com Pinging www.securityfocus.com [205.206.231.15] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 205.206.231.15: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), %traceroute www.securityfocus.com Tracing route to www.securityfocus.com [205.206.231.12] over a maximum of 30 hops: [snip] 1243 ms36 ms35 ms bb1-p4-0.chcgil.ameritech.net [151.164.42.182] 1335 ms35 ms35 ms bb2-p5-1.chcgil.ameritech.net [151.164.191.182] 1436 ms35 ms41 ms ex1-p2-0.eqchil.sbcglobal.net [151.164.42.149] 1535 ms45 ms35 ms asn852-telus.eqchil.sbcglobal.net [151.164.248.1 22] 1674 ms73 ms72 ms clgrab01dr00.bb.telus.com [208.38.16.144] 1773 ms73 ms73 ms 216.123.211.114 1872 ms72 ms72 ms 205.206.231.98 1973 ms73 ms73 ms 205.206.14.145 20 *** Request timed out. 21 *** Request timed out. 22 *** Request timed out. 23 ^C - ferg -- n3td3v [EMAIL PROTECTED] wrote: Securityfocus.com appears to be unreachable. Anyone else? -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Example firewall script
I think the rules explained here are not intended to be actual rules in a firewall, but more of a way to explain what is secure and what is not, correct me if im wrong. Oh and btw, acl's ARE used in CBAC (cisco ios fw) they are just a tad more intelligently created than in a regular acl. Jan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 27. august 2005 18:42 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] RE: Example firewall script = ORIGINAL MESSAGE: - Date: Sat, 27 Aug 2005 From: Exibar Subject: Example firewall script The absolute worse Firewal rule you can have: Allow ANY ANY The best: Deny ANY ANY = REPLY: --- Actually, that's not true. I would agree that as a general rule of thumb you should have a deny statement at the end of every ACL. In fact, Cisco places an implicit DENY ANY ANY at the end of their ACL's automatically. However, Access Control Lists are not firewalls. Yes, we use them as firewalls, but that's not what they are. ACL's ARE TRAFFIC SHAPING DEVICES. As traffic shaping devices, they can be used for security, but they are also used for management purposes. For instance; many Autonomous Systems are multi-homed. There are decisions to be made about how traffic will flow in and out of the AS. You also have to decide if you wish to be a transit AS or not. ACLs are the tool that you use to control your traffic. While an ACL being used as a security device should have a deny statement at the end, proper construction of the ACL is more about following the proper construction rules. This is actually a huge subject, far too big for an individual e-mail to a list. But there are some basic rules to keep in mind: ACL's analyze traffic from top to bottom, so keep your most specific entries at the top, with more general entries near the bottom; and do your permits before your denys. That means you deal with hosts first, then subnets, then networks, and at each level you have your permit statements before your deny statements. The reason for this is because once a packet matches a line, it's dealt with right then and there. You don't want to have a packet thrown away just before a line that would have permitted it. There are also issues of what KIND of ACL to use and where to place them; Inbound or Outbound. In terms of the original question, the only difference between a good line item or a bad line item is whether or not the syntax is correct. The only difference between a good ACL and a bad ACL is whether or not it's structure is properly designed and whether or not it's placed in the proper location. This subject REALLY calls for a book, not an e-mail response. I've said very little in this post and look at all the room it took up. ++ mail2web - Check your email from the web at http://mail2web.com/ . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
On Sat, 2005-08-27 at 12:41 -0400, [EMAIL PROTECTED] wrote: However, Access Control Lists are not firewalls. Yes, we use them as firewalls, but that's not what they are. ACL's ARE TRAFFIC SHAPING DEVICES. ACL identify what traffic you are dealing with. what to do with/on that traffic always depends. you can re-route, shape, filter, crypt, nat and so on [snip] ACL's analyze traffic from top to bottom, so keep your most specific entries at the top, with more general entries near the bottom; ok, but ... and do your permits before your denys. this is not always true. in a nat scenario you may want to crypt all the traffic, exept the one that will be send in your entreprise vpn. you first need to deny the specific traffic of your private networks, then allow the remaining.. in a filtering scenario of a bastion router you first refuse private/reserved addresses from outside, than you allow any to your http port This subject REALLY calls for a book, not an e-mail response. I've said very little in this post and look at all the room it took up. it's true, so please, do not generalize in this way ... a still working mayhem :( -- And the Germans killed the Jews, And the Jews killed the Arabs, And the Arabs killed the hostages, And that is the news RW https://www.recursiva.org - Key on pgp.mit.edu ID B88FE057 signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Looks fine from Brazil at 8:20PM GMT. And no news on what happened earlier that I can find. []s On Sat, Aug 27, 2005 at 05:44:00PM +0100, n3td3v wrote: Securityfocus.com appears to be unreachable. Anyone else? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDEMwCpdyWzQ5b5ckRAkA/AJ4yM6yMOokqwPofQqCXREIpZY4bWACfUfC6 qnsYO0y/JtGZFSppV9wQxOo= =kHLq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] securityfocus.com outage?
Welcome to Full-Disclosure. We make the news. Beer belly media representatives are still in bed. On 8/27/05, Rodrigo Barbosa [EMAIL PROTECTED] wrote: And no news on what happened earlier that I can find. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: securityfocus.com outage?
main site looks fine but on a lot of pages i am getting database error :( anyone has clue what happened actually to them On 8/28/05, Rodrigo Barbosa [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Looks fine from Brazil at 8:20PM GMT. And no news on what happened earlier that I can find. []s On Sat, Aug 27, 2005 at 05:44:00PM +0100, n3td3v wrote: Securityfocus.com appears to be unreachable. Anyone else? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFDEMwCpdyWzQ5b5ckRAkA/AJ4yM6yMOokqwPofQqCXREIpZY4bWACfUfC6 qnsYO0y/JtGZFSppV9wQxOo= =kHLq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
For the record, I just got a phone call from this guy - apparently he's afraid that because I call bullshit on him in public, I'm also going to fill [his] email box with spam and stuff. Very entertaining. He even calls back and leaves messages when you hang up on him! Of course, while he's willing to call you on your cell phone to bitch and moan, he's also a pussy: he hides his calling number. HEY - ERIC!!! FUCK OFF. On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote: Date: Sat, 27 Aug 2005 16:27:14 -0400 From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Full-disclosure] RE: Example firewall script As does Juniper, as does. Your Point? Uh... No. Traffic shaping may make use of ACLs, but ACL != Shaping. Sorry, but... By definition, ACLs are a traffic shaping device. Bzzzt. *All* Autonomous Systems are multihomed. Thats the definition of AS. That's completely wrong. The definition of an AS is not that it's multihomed, and not all AS's are multihomed. Again, wrong. ACLS are involved, but what you are talking about are called ROUTING DECISIONS, and ACLS != Routing Decisions. Sorry, but that's EXACTLY what they are. They are a set of instructions by which a routing device DECIDES where to route packets. This is true for *most* ACL implementations, but NOT for all. Again, you are trying to paint the entire world with your only available [Cisco] brush, and it is making you look like a self-important fool. Sorry, but... you're wrong again. The very nature of how ACL's work mean that you move from specific to general. I can probably find a few good ones to recommend - if you will promise to read them prior to spewing more of this. Based on your statements so far, I would not be inclined to follow your suggestions. And still managed to screw up most of what you said. Actually, what I said is entirely correct. That's expected: hot gas expands. You would know. mail2web - Check your email from the web at http://mail2web.com/ . -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Eric Scher - Ball-less Poster Boy
So this maniac is willing to cal peoples cell phones to complain that he's been somehow mischaracterized in public, but at the same, he does it from behind a caller-ID blocker. This would be merely annonying if this weren't the same asshole who has posted here previously (Tue, 16 Nov 2004 18:33:50 -0500) complaining that some guy sending him anonymized email was some zipperhead without the courage to use his real e-mail address. HEY ERIC!!! WHATS YOUR FUCKING PHONE NUMBER, ZIPPERHEAD??? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Synopsis
In 2000, we had Gary Burnore. Look what happened to him. In 2004, we had Savvis. 'nuff said. For 2005, we get Eric Scher. Hang On Eric - The Ride Is Just Beginning. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] talk.google.com
Do you get this? http://news.bbc.co.uk/2/hi/americas/4190926.stm You have a moron as a president. Some things will never be understood. On 8/27/05, Robert Wesley McGrew [EMAIL PROTECTED] wrote: I guess I just don't get it. -- http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
The problem with knowing a thing or two about a thing or two is that you're constantly arguing with other people who know nothing about things that nobody else can possibly understand, and that nobody will be forced to learn about or consider carefully until it's too late for the knowledge to save them from harm. This is yet another reason that full disclosure is crucial to everyone's readiness and to our ability to defend ourselves... Discussion and analysis of complex subjects, with real-world study and disclosure of failures and mistakes, prepares us to understand new risks and classify new threats according to actual significance in our situations. So, thank you both for sharing your debate and thereby calling attention to an area of uncertainty in practice, but if you're going to argue about definitions of routing tables vs. ACLs, why not do it in a way that mere mortals are able to understand some day in the future when they find your debate archived somewhere because their Cisco router's ACL ruleset failed to consider the fact that they had routes and multihomed interfaces configured dynamically by an attacker who knew better than the victim just how ACLs are parsed and precisely what the difference is between a good ACL and a bad one -- or where an attacker knew there was another interface physically attached to the Cisco device where a small wireless access point could be attached, which WAP would automatically assign the Cisco device another endpoint address in the WAP's address space. Fuck off doesn't add to the substance of the technical arguments, and even trying to understand why you are debating at all there does not appear to be any reason -- other than that you are both feeling stressed because the stock market keeps falling and you're counting on Wall Street to make you wealthier than your hard-working but lesser-compensated friends and neighbors. Don't worry, you'll figure out when you're unemployed and broke that all the time you spent being upset about little things distracted you from living life well, and you'll really only regret not having done more to make sure other people had as much opportunity as you did to do good work and document then publish details about the things they found important at the time, and to share your knowledge publicly for the benefit of everyone who comes after you. Regards, Jason Coombs [EMAIL PROTECTED] -Original Message- From: J.A. Terranson [EMAIL PROTECTED] Date: Sat, 27 Aug 2005 15:38:11 To:[EMAIL PROTECTED] [EMAIL PROTECTED] Cc:Full-Disclosure Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] RE: Example firewall script For the record, I just got a phone call from this guy - apparently he's afraid that because I call bullshit on him in public, I'm also going to fill [his] email box with spam and stuff. Very entertaining. He even calls back and leaves messages when you hang up on him! Of course, while he's willing to call you on your cell phone to bitch and moan, he's also a pussy: he hides his calling number. HEY - ERIC!!! FUCK OFF. On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote: Date: Sat, 27 Aug 2005 16:27:14 -0400 From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Full-disclosure] RE: Example firewall script As does Juniper, as does. Your Point? Uh... No. Traffic shaping may make use of ACLs, but ACL != Shaping. Sorry, but... By definition, ACLs are a traffic shaping device. Bzzzt. *All* Autonomous Systems are multihomed. Thats the definition of AS. That's completely wrong. The definition of an AS is not that it's multihomed, and not all AS's are multihomed. Again, wrong. ACLS are involved, but what you are talking about are called ROUTING DECISIONS, and ACLS != Routing Decisions. Sorry, but that's EXACTLY what they are. They are a set of instructions by which a routing device DECIDES where to route packets. This is true for *most* ACL implementations, but NOT for all. Again, you are trying to paint the entire world with your only available [Cisco] brush, and it is making you look like a self-important fool. Sorry, but... you're wrong again. The very nature of how ACL's work mean that you move from specific to general. I can probably find a few good ones to recommend - if you will promise to read them prior to spewing more of this. Based on your statements so far, I would not be inclined to follow your suggestions. And still managed to screw up most of what you said. Actually, what I said is entirely correct. That's expected: hot gas expands. You would know. mail2web - Check your email from the web at http://mail2web.com/ . -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly
Re: [Full-disclosure] RE: Example firewall script
On Sun, 28 Aug 2005, Jason Coombs wrote: The problem with knowing a thing or two about a thing or two is that you're constantly arguing with other people who know nothing about things that nobody else can possibly understand, and that nobody will be forced to learn about or consider carefully until it's too late for the knowledge to save them from harm. Slow day Jason? This is yet another reason that full disclosure is crucial to everyone's readiness and to our ability to defend ourselves... Discussion and analysis of complex subjects, with real-world study and disclosure of failures and mistakes, prepares us to understand new risks and classify new threats according to actual significance in our situations. So, thank you both for sharing your debate and thereby calling attention to an area of uncertainty in practice, but if you're going to argue about definitions of routing tables vs. ACLs, why not do it in a way that mere mortals are able to understand some day in the future when they find your debate archived somewhere because their Cisco router's ACL ruleset failed to consider the fact that they had routes and multihomed interfaces configured dynamically by an attacker who knew better than the victim just how ACLs are parsed and precisely what the difference is between a good ACL and a bad one -- or where an attacker knew there was another interface physically attached to the Cisco device where a small wireless access point could be attached, which WAP would automatically assign the Cisco device another endpoint address in the WAP's address space. Heartily agreed. In spite of that agreement, thank you for providing that wonderful tidbit. Fuck off doesn't add to the substance of the technical arguments, and even trying to understand why you are debating at all there does not appear to be any reason Actually, I accept responsibility for the ambiguity: the FUCK OFF was not directed at the technical pseudodebate, it was directed at the lunatic telephone calls. So, for the sake of clarity and in the spirit of Full Disclosure, allow me to be clearer the second time around: Eric: FUCK YOU. (As opposed to FUCK OFF). There. I feel better now :-) //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] talk.google.com
Bah,that's old news. You are right however, he is a complete moron. But hey, he's power hungry! :-/(Sarcasm) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Saturday, August 27, 2005 8:33 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] talk.google.com Do you get this? http://news.bbc.co.uk/2/hi/americas/4190926.stm You have a moron as a president. Some things will never be understood. On 8/27/05, Robert Wesley McGrew [EMAIL PROTECTED] wrote: I guess I just don't get it. -- http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.16/83 - Release Date: 8/26/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.16/83 - Release Date: 8/26/2005 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is this a phishing attempt?
Hi: I have3 a couples of stories to talk about this. Jejej I have even interchanged mail with those guys doing that. Do the following. If they are a prince or a king or a pressident or whomever wants to give you millions. Jejej tell them to pay you the airplane ticket that you have no money at all. Jajaja is only a couple of thousands that compared to a million is nothing. If they do jeje you take a free vacations. Beleive meyou will receive an excuse. The intention behind those mails is to steal your money getting your data and make someone similar to you to for instance make bank transactions etc. Beware in such case you could later become a problem that needs to be erradicated so by all means never give your personal data.When you find someone owning a fortune beleivme it worth it to do that. They ask personal information as well as pictures of you. You could even follow themwith the gameand give them fake picturesor fake data. I remember that once one of them said he was from my country. Jejej instead of a message in english I made the guy to translate the mail if he wanted to answer me. And he/she did and also investigated. He complainted about the language that heleft tha country a long time ago.Jajajaj it was very funny to look at him/her doing mistakes. Finally he/she gave up with me. Another one also told me to scan my passport and later to send it using a fax or e-mail. Jejej I told him that I didn't have one and that I didn't have the money to get it that if he could send me that it was all right. I received an excuse and never knew about that guy again. Regards Waldo Alvarez On 8/24/05, winsoc [EMAIL PROTECTED] wrote: Hi,has anyone else received this?I seriously cannot believe that someone would be so mundane in thinking that people would reply to this.QUOTE :-Original Message-From: prince josey [mailto:[EMAIL PROTECTED]]Sent: Wednesday, August 24, 2005 4:11 AM Subject: - TREAT AS URGENT -ATTN: Dear Friend,How are you doing with your family?I presume that all is well withyou.I am Prince Jocelyn, the manager of audit and accounting department (LaBanque De L'Afrique) Ouagadougou, Burkina Faso.I got your contact from theinternational business directory when i was searching a foreigner who willassist me in a profitable business deal that will yeild us life success.Before I wrote you,I prayed that you will be a honest and reliable person whom i can work with to achieve this deal of our life.From my section in thebank, I discovered an abandoned sum of FOURTEEN MILLION UNITED STATESDOLLARS ($USD14M) thatbelongs to one of our customer who died along with his entire famillies,on 25TH JULY,2000 CONCORDE PLANE CRASH[Flight AF4590 ] with thewhole passengers on board.The name od the deceased man was (MR. ANDREASSCHRANNER from Munich,Germany.You have to understand that I come across this huge amount of fund when i was balancing an Internal Audit account of thedepartmental customers file tosubmit to the bank management for the annual audit of the year.Since the bank got information about the death of the deceased man, the bank have been expecting his next of kin to apply and claim this fund because thebank cannot release the fund to any a person unless a foreigner apply forthe transfer of the fund as the next of kin or relation to the deceased relating to this inheritance, but unfortunately i learnt throughinvestigations that no one has come up for the claim.This is the reason why I am making this business proposal to you so that youwill apply to the bank for them to wire this fund to your nominated account as the next of kin or relation to the deceased customer.For us to achieve this businesss immediately,the percentage ratio forsharing the fund when the bank release the fund for you must bearranged accordingly upon your confirmation of your intent. Thereafter I will visit your country for sharing modalities ofpercentages indicated above.So for the immediate transfer of this fund intoyour bank account as arranged, you must apply first to the bank as the only existening next of kin to the deceased customer by indicating in theapplication the bank account information where you will request the bank towire the fund.So if you accept to help me in order to achieve this great business,i will send to you through email or by fax an application form ofclaim which you will fill with your account information and send to the bankfor the transaction to start immediately.Please i would like you to know the following information.(1.) This business is completely free fromrisk while your personality and reputation will be protected.(2.)You will not face any circumstances beyond our control because theapplication will bear the brief information of the deceased which the bank may like to know.(3.) If you will follow my directives,this transactionwill be completed within a short time.(4.)You should keep this businessCONFIDENTIAL or SECRET until the completion of this deal.Please contact me through my email address
RE: [inbox] Re: [Full-disclosure] Is this a phishing attempt?
On Sat, 2005-08-27 at 00:55 -0400, Exibar wrote: It's not just people giving them bank routing info. They have people sending them thousands of dollars in cash in hopes of getting millions for nothing. The 419'ers wind up either kidnapping or killing the person they scammed and assume their identity abroad. The 419'ers have even been known to go after family members as well. It's too risky to try and scam the scammers, perhaps we on this list could cover our tracks well enough to not be found by these criminals, but most people couldn't. Scam the scammers? I'm not suggesting people try anything like that. For one, it would be attempting to defraud someone who's probably been spending a lot more time thinking up ways to defraud people. ...and moral issues notwithstanding, there's probably not that much money to be taken from people so desperate for money as to try to trick the old and mentally infirm out of their cash. I just want to be a _complete and utter waste of their time_. My thinking is that this is a 4 teh win scenario since for every one of them, there's hundreds of thousands if not millions of us. If those of us who happen to be interested in wasting the time of 419'ers even matches the number of people who fall for their stunts (which I'd like to think is a really small fraction) we'll have doubled the amount of work they have to do to get anything--reducing their profit margin by half. If lots and lots of us started acting like retarded citizens who can't properly copy down a routing number, we could pretty much bring them to a screeching halt. The serendipitous thing is that it's absolutely trivial to get tools to help you make up perfectly legitimate looking profiles to waste a spammer's time with. There's still tons of leftover parts from AOHell and utilities for rolling up phony (but kosher as far as a modulus check is concerned) credit card numbers that you can pull off the 'net in mere moments. What might take someone thirty seconds to generate will take a 419 spammer quite a bit more time (and with any luck, some fee money as well) to figure out is complete bullshit. signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [inbox] Re: [Full-disclosure] Is this a phishing attempt?
On Sat, Aug 27, 2005 at 09:23:37PM -0500, Dagmar d'Surreal wrote: I just want to be a _complete and utter waste of their time_. Subscribe them to FD, perhaps? :-) Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] J. A. Terranson
I did a dumb thing today. I decided to be nice to someone who didn't deserve it and correct his mistakes offline so that he wouldn't have to look like a dumbass in public. In return, I got an earful of profanity. Honestly, I should have known better. I've watched Terranson participate on this list long enough to know that he's not merely rude and obnoxious, he's mean. Bottom line, when you're dealing with someone who isn't a particularly good person; there's no point in trying to treat them like a human being. Like the man said; it wastes your time and annoys the pig. I get it. This is a place where he gets to feel like a big man. A tough guy. Fine. Whatever floats his boat. HOWEVER, that's no excuse for: a) Acting like a JackAss. (Is that what the J.A. stands for?) b) PUTTING OUT BAD INFORMATION. For the record, Kid... (Act like a child, you'll get treated like one.) 1) An Autonomous System is a network or group of networks under the control of a single administrator and/or administrative policy. 2) A Multihomed network is one which has more than one WAN connection to one or more service providers. 3) The one has nothing to do with the other. ALL Autonomous systems are NOT multihomed. In fact, the vast majority are not. If you actually understood what an autonomous system was, you'd know that. But then, you wouldn't have put your foot in your mouth. 4) Access Control Lists ARE traffic shaping devices. A device is a contrivance, invention or technique serving a particular purpose. In this case, the purpose being served is the movement of packets. The packets may be moved to another port or they may be moved to the trash. The ACL tells the machine to examine the packet based on certain defined criteria that the administrator chooses and make decisions about the movement of the packet based on that criteria. This may serve a security purpose or it may not. 5) Access Control Lists are constructed in a particular manner; complex to simple. Specific to general. They don't HAVE to be written that way, but they should be and there is a damned good reason for it. Once a packet matches a particular line, the packet is moved. It may go to another port or it may get dropped; but the point is that it doesn't stick around for a second analysis. If you put a deny statement about a particular subnet ABOVE a permit statement for a particular host FROM that subnet, it's too late. The packet from that host has already been dumped. But hey, if you don't mind having a buggy network because you insist on doing things YOUR way, go ahead and write your ACL's any way you want. Not my problem. As has already been pointed out, this is a subject better addressed in a textbook. Whether you want to learn Cisco ACLs, iptables or whatever; you need some in depth subject matter. This is a complex subject and one in which you CLEARLY need remedial study. One last thing, Kid... You said that you could suggest some books for me? If those are the same books that you got YOUR monumentally incorrect information out of, no thanks. I actually know something about this subject, and I'd like to keep it that way. You may now feel free to have the last word. I'd know that sort of thing is important to someone like you. mail2web - Check your email from the web at http://mail2web.com/ . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] J. A. Terranson
Great... thanks for the extra commentary. Now how about you both shut the fuck up and disclose something, other than the fact that you are both douche knobs. -KF [EMAIL PROTECTED] wrote: I did a dumb thing today. I decided to be nice to someone who didn't deserve it and correct his mistakes offline so that he wouldn't have to look like a dumbass in public. In return, I got an earful of profanity. Honestly, I should have known better. I've watched Terranson participate on this list long enough to know that he's not merely rude and obnoxious, he's mean. Bottom line, when you're dealing with someone who isn't a particularly good person; there's no point in trying to treat them like a human being. Like the man said; it wastes your time and annoys the pig. I get it. This is a place where he gets to feel like a big man. A tough guy. Fine. Whatever floats his boat. HOWEVER, that's no excuse for: a) Acting like a JackAss. (Is that what the J.A. stands for?) b) PUTTING OUT BAD INFORMATION. For the record, Kid... (Act like a child, you'll get treated like one.) 1) An Autonomous System is a network or group of networks under the control of a single administrator and/or administrative policy. 2) A Multihomed network is one which has more than one WAN connection to one or more service providers. 3) The one has nothing to do with the other. ALL Autonomous systems are NOT multihomed. In fact, the vast majority are not. If you actually understood what an autonomous system was, you'd know that. But then, you wouldn't have put your foot in your mouth. 4) Access Control Lists ARE traffic shaping devices. A device is a contrivance, invention or technique serving a particular purpose. In this case, the purpose being served is the movement of packets. The packets may be moved to another port or they may be moved to the trash. The ACL tells the machine to examine the packet based on certain defined criteria that the administrator chooses and make decisions about the movement of the packet based on that criteria. This may serve a security purpose or it may not. 5) Access Control Lists are constructed in a particular manner; complex to simple. Specific to general. They don't HAVE to be written that way, but they should be and there is a damned good reason for it. Once a packet matches a particular line, the packet is moved. It may go to another port or it may get dropped; but the point is that it doesn't stick around for a second analysis. If you put a deny statement about a particular subnet ABOVE a permit statement for a particular host FROM that subnet, it's too late. The packet from that host has already been dumped. But hey, if you don't mind having a buggy network because you insist on doing things YOUR way, go ahead and write your ACL's any way you want. Not my problem. As has already been pointed out, this is a subject better addressed in a textbook. Whether you want to learn Cisco ACLs, iptables or whatever; you need some in depth subject matter. This is a complex subject and one in which you CLEARLY need remedial study. One last thing, Kid... You said that you could suggest some books for me? If those are the same books that you got YOUR monumentally incorrect information out of, no thanks. I actually know something about this subject, and I'd like to keep it that way. You may now feel free to have the last word. I'd know that sort of thing is important to someone like you. mail2web - Check your email from the web at http://mail2web.com/ . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] talk.google.com
Okay, at least before, you were posting about an instant messenger client (albeit the wrong one) in a thread about an instant messenger client. But when I ask what on earth you are talking about, you respond with something that makes even less sense. Whether or not I like the president, I don't think any of my posts have had a political slant, and I don't see how what you've responded with has anything to do with what I said. If anything it proves my point that your posts are getting more surreal and off-topic every time. On 8/27/05, n3td3v [EMAIL PROTECTED] wrote: Do you get this? http://news.bbc.co.uk/2/hi/americas/4190926.stm You have a moron as a president. Some things will never be understood. On 8/27/05, Robert Wesley McGrew [EMAIL PROTECTED] wrote: I guess I just don't get it. -- http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Robert Wesley McGrew http://cse.msstate.edu/~rwm8/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
