Re: Win2K and Lview.exe -- am I infected?

[Ryan Hilton]

I have seen this problem as well on Windows 2000 running LView, it does not 
appear that LView, or the version I was running, will work on Win2k.  This 
was tested on 2 seperate machines with similar configurations as far as 
software, one was an 866 and the other was a 1.0 Ghz both with 256 Megs of 
RAM and Win2k Professional.

Hope this helps,
RTH

On Monday 10 December 2001 10:03 am, H Carvey wrote:
> In-Reply-To: <[EMAIL PROTECTED]>
>
> >Any idea if I have been infected with something
>
> and what I can do about it?
>
> You have not provided any information to suggest
> that you're infected with anything.  You can use
> Task Manager to identify which processes are
> eating up your CPU cycles and memory.
>
> Have you tried running a virus scanner?
>
> Do you have any other information which might
> suggest that you've been infected with something?

-- 
==
   Ryan Hilton
   [EMAIL PROTECTED]
   "No answer is also an answer"
==

RE: NAT/PAT (Hide NAT) Vulnerabilities?

[Ray]

Howdy,

I have never seen PAT described in an RFC to date. Could someone point me in
the right
direction with this outside of a Cisco website? Or is this really a
"standardized" acronym?


Ray


-Original Message-
From: Paul Leroy [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 14, 2001 12:56 AM
To: 'Reaves, Timothy CECOM RDEC STCD JANUS'; SecurityBasics
Subject: RE: NAT/PAT (Hide NAT) Vulnerabilities?


Hi,

PAT is Port Address Translation, it is also called NAT overload. Instead of
mapping internal IPs to external IPs, it maps internal IPs to external
source ports. This means that only one IP (that of the outside interface of
the PAT device) is seen by the outside world. This also increases the number
of concurrent connections to roughly 64000 instead of just the size of the
outside IP pool.

Hope that helps


Regards,

Paul Leroy

-Original Message-
From: Reaves, Timothy CECOM RDEC STCD JANUS
[mailto:[EMAIL PROTECTED]]
Sent: 12 December 2001 08:26
To: SecurityBasics
Subject: RE: NAT/PAT (Hide NAT) Vulnerabilities?


could someone please explain PAT?

Thanks




"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."

Re: IBM Laptop Logging

[I. Brugman]

access can be done with regular auditing

the other part, (MOM) Microsoft Operations Manager, in which you can define
rules and take actions on it.
it access is made to a file, run script or page or whatever, generate alert.
An agent runs on every client.

regards,

ivo

- Original Message -
From: "willie domingo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 13, 2001 9:40 AM
Subject: IBM Laptop Logging


> Hi all,
>
>   Our company issued an IBM laptop  running Windows ME to our field
> officers.  In order for these people to be apply the policies of the
company
> we downloaded it to their laptop.
>
>   Due to the sensitivity of these policies we would want to protect the
bank
> by having a logging mechanism if ever they copied such policies to a
> diskette or cd.  Or better yet everytime they access said policy it should
> be logged.
>
>   Is there a utility in Windows ME to do this.  If not is there a utility
> freeware or not that can do this. It should produce good reports.
>
>Thanks for your comments.
>
>Willie
>
> _
> Join the world's largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>

Re: Which Proxy Server...

[Pheh]

Take a look at Raptor for lots of application proxies.  Now named Symantec
Enteriprise Firewall.

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=47&PID=na&EID=0

It has proxies for at least 1., 2., and 3. -- it may for 4. as well, but
I'm not positive.  Runs on Solaris and HP/UX.  There is also a Linux based
appliance version called Velociraptor which has all the same
functionality (though there is no Linux port to run on your own hardware
(go figure)).

On Fri, 14 Dec 2001 [EMAIL PROTECTED] wrote:

> Dear users,
>   I am planning to upgrade my Proxy Server. It runs on IBM AIX(Unix Like)
> operating system. I tried to search Proxy Server for Unix on Internet.
> But the results were not much and also their performances were unknown.
> Can you help me out to select a suitable one proxying the following
> services, at least:
> 1. HTTP,FTP,news
> 2. Telnet
> 3. Streaming Video/Audio Service
> 4. Messanger Service
> 
> I need the Proxy Server to run on Unix like Operating System only.
> 
> Rakesh
> ==
> 
> 
> -
> 

Cross Site Scripting questions

[Jeroen Beerstra]

Could somebody please explain to my how to 
test/secure your site from CSS vulnerabilities? 

I understood from Cert's and Apache's explanations 
that the best thing to do is to encode the output of the 
dynamic parts of your site or else install a filter that 
monitors your web servers output. But why encode, 
did I understand it correctly that this way the output is 
interpreted by the browser as text and not as a tag?? 
And more important how and when do you encode 
your output? 

And does anybody know a (opensource) filter for 
apache that eliminates malicious strings or is the 
whole CSS security issue to site specific for this?

Jeroen Beerstra

Re: Passwords On Paper

[gminick]

On Thu, Dec 13, 2001 at 02:29:44PM -0500, you ([EMAIL PROTECTED]) wrote:
> Is anyone familiar with a government or private study that surveyed the top 10 
>places to store passwords that were written down on paper; e.g. under the keyboard, 
>etc?

If you're searching for statistics you wouldn't find any.
Why ?
Because it's hard to do so.
Maybe it could be done by some questionnaire somewhere
on a well-known, popular web site.
Many of my friends simply forgot passwords (to emails
accounts etc), and when it is needed again they ask me to 
crack their mailboxes :)
At my work password on all of the computers (even on the 
clients computers) in BIOS(only) is "ENTER". 
It isn't written anywhere, because it's simple and everybody
knows that password.
I've got a lot of passwords to protected sites in my mobile
phone. I do not need to remember them, because they aren't
so important to trash my head...
More important passwords for me is a list of logins and 
passwords figuring only in my head.
I use them in various configurations, and I don't care
what confiration is right. When I need to log-in somewhere
I'm shooting as long as my config is wrong :>
It takes max 4 minutes, but generally I remember configurations.
All of these passwords are hard to crack by using some sort
of brute force etc.
Nowadays any hidden passwords aren't needed, all you need 
to do is able an option in your m$ stuff to remember passwords ;P

ps. before i started work in my current job, all the passwords
were well known. My cheef have had always running notebook,
with a file hasla.txt(passwords.txt) on the c:\ with logins 
and passwords to his mail/bank accounts etc.
Everybody were non interested in security/privacy.
After a few weeks I've got every possible password and 
I showed them what they're doing bad, why they should
take care of their passwords, and now it looks more
secure indeed :)

-- 
[ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ]
[ gminick (at) hacker.pl ][ gminick (at) klub.chip.pl ]

Re: Passwords On Paper

[Zeshan Ghory]

On Thu, Dec 13, 2001 at 02:29:44PM -0500, [EMAIL PROTECTED] 
([EMAIL PROTECTED]) wrote:
> Is anyone familiar with a government or private study that surveyed the top 10 
>places to store 
> passwords that were written down on paper; e.g. under the keyboard, etc?

I would imagine that it would be very difficult to obtain enough
information to carry out such a survey effectively.

Personally, I have certainly seen passwords (with corresponding 
user names) written on post-it notes stuck to monitors, on 
whiteboards, and sometimes just scribbled down on random bits of paper
lying on a desk.

This is much more likely to occur if people are *given* passwords
instead of choosing their own.


Zeshan 

Re: bug in ssh2 or secureCRT?

[AFE]

Hi

 Ctrl+S is the shortcut of scroll lock. Just close (turn the light of) the 
scroll lock. That's all. Also you can type Ctrl+Q to close scroll lock.

 Hope this helps,
 Regards
 AFE

On Sunday 09 December 2001 02:16, Liu Wen wrote:
> I am using SecureCRT with SSH in windowsXP, but everytime I press Ctrl-S
> in a session window, it lost response. I have to manually disconnect it
>
> :(
>
> Cheers
> Liu

_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re: Closing open ports

[Duane Beck]

> >   TCP0.0.0.0:4450.0.0.0:0  LISTENING
> >   UDP0.0.0.0:445*:*
>
> The ports are not currently open to any foreign machines; the
0.0.0.0:0 and
> *:* are just showing the ports are listening for connections
from -your-
> machine to -your- machine, and it's nothing to really worry about.

Actually, I believe the 0.0.0.0 and * mean your machine is listening for
connections from anywhere to any locally bound address.  Once a
connection is established, you'll see the local and remote addresses for
each connection.

Re: Which Proxy Server...

[Jared C. Lovell]

Apache (www.apache.org) w/ mod_proxy works fine for http.  Apache builds
under most anything.  For the others, I'm not sure you want a proxy server
so much as a NAT service.  I've never heard of a telnet "proxy", since
it's interactive (ie, not stateless file serving like http).

Hope that helps.  

- Jared Lovell


On Fri, 14 Dec 2001 [EMAIL PROTECTED] wrote:

> Dear users,
>   I am planning to upgrade my Proxy Server. It runs on IBM AIX(Unix Like)
> operating system. I tried to search Proxy Server for Unix on Internet.
> But the results were not much and also their performances were unknown.
> Can you help me out to select a suitable one proxying the following
> services, at least:
> 1. HTTP,FTP,news
> 2. Telnet
> 3. Streaming Video/Audio Service
> 4. Messanger Service
> 
> I need the Proxy Server to run on Unix like Operating System only.
> 
> Rakesh
> ==
> 
> 
> -
> 
> 

Re: Telnet

[Igor D. Spivak]

no log unless auditing on,

error log on evntvwr.exe


- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 13, 2001 8:41 AM
Subject: Telnet


> 
> 
> On my W2000 Prof workstattion, I found that 
> someone had tried to use telnet ( i found it listed 
> under run in the start menu).  HOw do I check to see 
> what activities they were up to?  Where is a log?
> 
> thanks
> dp
>