Security Magazines

[Amit Gandre]

Hi
   Does anyone know any good magazines in the Networking/Security
field that I could subscribe to?

   I am looking for something that will help me be uptodate with the
technology and be a little fun to read !

amit

Re: Unencrypted Email

[Kevin Crichton]

I know people may be worried about sending unencrypted email over the 
internet, but some critics point out that if you send out encrypted 
email it is more likely to come to the attention of those parties 
interested in users using encryption since they would reason that people 
using encryption have something to hide, even when all they want is privacy.

Yours,

Kevin Crichton PhD (St. Andrews), MCSE
ICL, Lytham

veins wrote:

> 
> It is common knowledge that unencrypted messages sent over an unsecured
> Internet connection *can* be viewed in clear text and thus the contents
> compromised.  My questions:
> 
> 1.  Is it really easy?  How readily available are sniffing tools that
> can do this?
> 
> Any common sniffing tool can allow to do that, sometimes with minor
> alteration.
> 
> 2.  Can it be done from a user's home dial up or DSL type connection?
> Can someone in California somehow be scanning mail leaving a New York
> location?
> 
> basically, someone would need to compromise one of the mail servers between
> the sender and the recipient, so yes it is possible, but no it's not
> possible for
> everyone.
> 
> 3.  Outside of government agencies that have access to selected ISP's,
> how likely is it that a company could be targeted by an outside person
> or organization?
> 
> it still depends on wether or not a mail server is compromised somewhere.
> 
> veins
> 
> 





This message is confidential, its contents do not constitute
a commitment by AXA except where provided for in a written agreement
between you and AXA.
Any unauthorised disclosure, use or dissemintation, either whole
or partial, is prohibited. If you are not the intended recipient of the message,
please notify the sender immediately.
*

Re: MD5

[veins]

you could port vigenere, it's quite easy to do and efficient under some
conditions  :)

- Original Message -
From: "Akeru Ikena" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, February 24, 2002 8:25 PM
Subject: MD5


> Hello,
> you said :
>
> >could anyone feed me with a simple example on how to encrypt data with a
feeded password (symetric encryption like), in C
> >programming language  ?
>
> MD5 is widely used as a crypting system but was not developped as it.
> MD5 will calculate a checksum of a given file/string, thus it won't
> allow you to input a passphrase.
>
>
>
>
> --
> Best regards,
>  Akeru  mailto:[EMAIL PROTECTED]
>

Re: POP3

[Kanikkannanl PN-149709 Dept-corp Audit Div Desg-Asst.Manager 1/421037 Ph-43983/45283]

Gauntlet FW discourages POP3 since contnet scanning for incoming mails
is not supported by their POP3 proxy.

You need to know whether content scanning(among other risks) is possible
for POP3 access via Checkpoint. 

- Kani

On 23 Feb 2002 [EMAIL PROTECTED] wrote:

> 
> 
> My users want me to to give them POP3 access via 
> the firewall. We have an Exchange Server runnig with 
> a Checkpoint Firewall. Are there any security issues 
> that I need to watch out
> 

Re: A question on the law.

[Brian Gibson]

NOPE, hide your identidy. use a payphone drop your ani. go through a few 
PBXs. If you choose to notify. Make it hard for them to find you.

Brian

>If one where to find, say, 44 networks in one night while war driving, and
>with net stumbler and windows, is able to jump on those networks using 
>those
>networks bandwidth free of charge, is there a way LEGALLY to tell these
>people how bad the security is without getting shot.  I don't want to go to
>jail, I don't want to be called a terrorist, I just want to tune these
>people into a clue...?
>
>I know WEP is weak, it was only supposed to be as "secure" as an unsecured
>ethernet cable, but atleast it keeps casual drive by hacking at bay!
>
>
>
>_
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

RE: Backup tools

[Chung, Max]

You have several options: Veritas Backup Exec, Veritas NetBackup and CA Arcserve 2000
All of these softwares can backup to disk and tapes. But they are more oriented to 
tapes.
I hope this can help you.

Max

-Original Message-
From: Jason Pufahl [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 11:57
To: 'Domingos Costa'; [EMAIL PROTECTED]
Subject: RE: Backup tools


Microsoft's Backup bundled with Win2K will backup to both disk and tape.

Jason

-Original Message-
From: Domingos Costa [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 10:28 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Backup tools


 Hello,

Does anybody know about a network backup tool which performs a
backup
on disk and tape devices? I've already searched for these kind of
softwares, such as afbackup, burt, amanda, arkeia, etc. but they write
only on tape devices or they don't support networking. I appreciate any
sugestions. 

Domingos Costa

RE: POP3

[McGee, James]

Hi

IMHO
I personally would not allow it.  If your exchange server is relatively
secure, i.e. protected from viruses, spam, malicious mails etc, allowing
users to pop down their mail from external mail accounts would permit the
above types of mail.

Unless they can prove they have a legitimate business reason for it, why
rick it?



With kind regards

James McGee
Senior Communications Analyst
Voice & Data Communications
Centrica IS
Durie Centre
Priestley Road
Basingstoke
RG24 9NP
01256 494545
[EMAIL PROTECTED]
http://www.centrica.com

> -Original Message-
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday February 2002 22:00
> To:   [EMAIL PROTECTED]
> Subject:  POP3
> 
> 
> 
> My users want me to to give them POP3 access via 
> the firewall. We have an Exchange Server runnig with 
> a Checkpoint Firewall. Are there any security issues 
> that I need to watch out



The information contained in or attached to this email is
intended only for the use of the individual or entity to
which it is addressed. If you are not the intended
recipient, or a person responsible for delivering it to the
intended recipient, you are not authorised to and must not
disclose, copy, distribute, or retain this message or any
part of it. It may contain information which is confidential
and/or covered by legal professional or other privilege (or
other rules or laws with similar effect in jurisdictions
outside England and Wales).

The views expressed in this email are not necessarily the
views of Centrica plc, and the company, its directors,
officers or employees make no representation or accept any
liability for its accuracy or completeness unless expressly
stated to the contrary.

Re: Just a question!!!

[David Hayes]

Navigating to that address in IE it seems to be an ISP called WeGuardYou.
Does that mean anything to you??
Dave
> On Thursday 21 February 2002 09:34 am, Bassam ALHUSSEIN wrote:
> > Hello all ...
> > Every time I make a dial-up connection to the internet I see an unknown
> > (for me) IP address that I am connected on port 80, in the out put of
> > "netstat -an" on a win98SE box.
> > The thing that I don't understand is that this is not the proxy server
> of
> > ISP i'm connected to !!
> > I used samspade.org trying to know what (or where) it is ..but I
> couldn't
> > figure it out ...
> > that IP is 208.255.95.117 ...
> > what do you think ...
> > I know it is a dumb question but ...sorry :-
> hmm, you might have some program installed that sends data to it, like 
> spyware.
> 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

Re: Unclassified Disk "Sanitizers"

[George Chip Smith]

If you are using anything, I would use bcwipe (i know there is a unix 
version, unknow about windows though), it has been approved by the DOD 
for wiping disks and makes any data recovery from wiped disks virtually 
impossible (by virtue of the way it works).
--Chip

[EMAIL PROTECTED] wrote:

> Try:
> 
> http://www.tolvanen.com/eraser/
> 
> For Windows.
> 
> James
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 21, 2002 3:31 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Unclassified Disk "Sanitizers"
> 
> 
> 
> Does anyone have recommendations for freeware or shareware that
> effectively
> erases disks for unclassified but sensitive information? This would be
> used
> for all machines "retired" to school programs, etc. We need one for
> Windows
> and one for UNIX, if one tool can't clean both types of disks. Anybody
> have
> experience with this?
> 
> Thank you!
> 
> Connie
> 


-- 
This is your world ... you can live for yourself today  or  
help build tomorrow for everyone. -- VNV Nation, Foreward
*
*  George 'Chip' Smith*Lawrence Berkeley Lab*
*  [EMAIL PROTECTED]*National Energy Research *
*  (510) 495-2674 *Scientific Computing Center  *
*

RE: Network and Security help

[Eric Six]

Are all the facilites going to have public address space(ip addresses)? Or
will all the facilities lines run to a main complex and hit the internet
from there? 

Drawing from what you have said, it seems like it will be the first of the
aforementioned choices. In this case you would need to figure out an ip
scheme and determine if you want a firewall or all the clients to have
public ip addresses. I would recommend a firewall at each site and all of
your clients behind that firewall and then vpn/gre tunnels to each branch
office. With a *nix box (freebsd or netbsd preferrably) this can be done
easily. Setup the firewall/NAT on the bsd box at each site. Pretty easy to
do, as I have consulted for people doing it here in my city.

There are a lot of options you can go with, all dependent upon how much $$$
you have to invest.


Cheers,
Eric Six

-Original Message-
From: Kirk Ellsworth [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 10:43 AM
To: [EMAIL PROTECTED]
Subject: Network and Security help


I have a client that is install high speed internet into a few building and
leasing the units out.  I am putting a Cisco firewall into the leasing
office, and using a managed Cisco switch as well.

There will be a large amount of units and security from unit to unit is a
concern of mine.  Does anyone have a suggestion on the best way to do this?
Do I add a DHCP server to the leasing office or do I let the router assign
IPs?  What do I need to consider if I only want the units to reach the WAN
via the T1 router and not have any access what so ever to other units?

Also if I have 10 buildings with leased units in each what would be the best
way to subnet these buildings.

What other mail groups should I send this to?

Anything will help here.

Thanks in advance

ke

vunlerability assessment

[Constance Baptist]

Hello All,
Does anyone have a sample report of vunlerability assessment, or a website 
that would provide more explanation of this topic.  Thank You

_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Situation - Need ideas

[Pradeep Kumar]

Folks

Can anyone try your heads on this one.

A company has one WAN link to ISP A and one WAN link to ISP B. Both ISPs
have assigned IP subnets to be used on the company side of the links. There
is a firewall that protects the corporate network. It will have addresses on
both ISP subnets. Trusted hosts have private IP addresses, so NAT must be
used when establishing connections to external servers. SMTP traffic passes
from an external mail relay server to an internal SMTP server via a public
NAT address (from either ISP subnet).

How would you go about building a fault tolerant solution so that both ISPs
can be used (either load-shared or as active/backup) for outbound client
traffic and inbound SMTP traffic? Can this be accomplished currently using a
Cisco PIX (in HA config). If not, what feature would be needed in order to
support this?

I think this  could be  accomplished  if NAT rules had the ability to do
health checks on upstream gateways. Then, just configure two NAT rules (one
to each ISP subnet) in order of priority. If the health check for the first
NAT rule fails, then skip that rule and use the next matching NAT rule.
Route the traffic to the secondary gateway of the secondary ISP.


Anyone faced this situation before

Thanks folks

Pradeep

Re: Network Security Risk Analysis

[mmcgillis]

I found a cool one at Symantec a while back. email me if you want the
pdf. I can't find it on their site anymore.

Here is a list of all their whitepapers:

http://securityresponse.symantec.com/avcenter/whitepapers.html

Melissa

On 22 Feb 2002, A B wrote:

> 
> 
> Hi
> 
> This might seem a very vague question but even a 
> start would be fine. I am interested in knowing how 
> (what are the steps involved) does one initiate in 
> conducting a network security risk analysis. Do you 
> know of any online resources that help in this 
> process?
> 
> TIA
> A.
> 

Disk sharing from main server questions

[ruler]

Hi, this is my first post here..

This is what I am looking to do.  I want to have a "hub" server with
diskless workstations.  The workstations will need to be able to connect to
the hub and run/compile apps.The clients should not be able to log into
each workstation, so how would I determine if they can login or not?  For
instance if they ssh to ws1.me.com it will log them into that, and they
won't have any access to ws2 etc.  Also, each workstation needs to hold IP
aliases. Users on ws2 should not even see IP addresses on WS4 for instance,
or use them.  What is the most secure method and fastest (connection to hub
wise) method for achieving this?

Basically, I'm sure there are daemons that will do pretty much what I am
looking for, but have no idea where to start researching on this topic.


Thanks in advance,
Mike

RE: RAS login banner needed

[Snow, Corey]

> I know this is off list but can someone PLEASE point 
> us in the right direction? This was an audit finding we 
> need to fix. 


Unless the machine in question is a member of the domain in question, I
don't think you'll be able to force a login banner to appear. You could use
a 3rd-party VPN, such as Cisco, which does provide an external login banner
to the one provided by Windows. Of course, that's a pretty expensive way to
go for a login banner.

Regards,

Corey Snow 

#
The information contained in this e-mail and subsequent attachments may be privileged, 
confidential and protected from disclosure.  This transmission is intended for the 
sole 
use of the individual and entity to whom it is addressed.  If you are not the intended 
recipient, any dissemination, distribution or copying is strictly prohibited.  If you 
think that you have received this message in error, please e-mail the sender at the 
above 
e-mail address.
#

Re: Encryption Basics

[Erik Tayler]

As far as source for software go, I have yet to find
a site better than munitions (http://munitions.vipul.net).

And I concur with Bill about people referencing others
to Google (or other engines for that matter). It hardly
demonstrates that you are trying to help someone. I'm
pretty sure I could think of a way to answer every post
on this list with some sort of Google reference, that
isn't going to help anybody at all.

--
[EMAIL PROTECTED]

On Monday 25 February 2002 10:51 am, Bill Barrett wrote:
> You know these kind of relpies really annoy me.  For the beginner a google
> search will turn up lots of resouces, many of them with incorrect
> information.  It can be very intimidateing for those just starting out in
> the field.  We that know more should help those that are tring to learn.
> After all we were all once there too.  If you are going to post a reply
> post something that actually has some helpful information in it.
>
> That being said, try:
> http://www.counterpane.com/labs.html
> http://www.crypto.com/
>
> A exellent book is Applied Crypography by Bruce Schneier available at
> Amazon for about $40 last time I checked.
>
> -WTB
>
> [EMAIL PROTECTED] writes:
> >At 07:38 21.02.02 -0500, [EMAIL PROTECTED] wrote:
> >>What sources would you suggest for getting basic info on encryption? (How
> >>it works, software sources, best practices in business settings, etc.)
> >
> >First I would try to consult a search engine like www.google.com or so.
> >After that I would consult a library in order to find some good books.
> >
> >>Michelle Horner
> >>Outcome Technology Associates, Inc.
> >
> >Dominik
> >
> >
> >--
> >http://www.code-foundation.de
> >217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] "GET
> >/MSADC/root.exe?/c+dir
> >
> >Microsoft? Where do you want to surf today?

RE: Cisco VPN client

[Cflynn . Tech]

I just wanted to add that I have not heard of an instance that IpSec was run over port 
1 its designated port is UDP 500, per the RFC. That is for the ISAKMP/Oakley 
tunnel connection. Then uses IP 50/51 ESP and AH for the IpSec section of the 
transmision. This is news to me...where did you obtain these facts from??? curious to 
know.
---
Regards,


On Fri, 22 Feb 2002 10:06:05  
 Smith, Chris wrote:
>Check the policy/configuration of the VPN concentrator.  The previous
>version (3.0,3.1) provided the ability to wrap the encrypted IKE/IPSEC
>traffic in a UDP packet.  This provided the ability to prevent the traffic
>from being corrupted due to NAT translation, and simplified firewall
>rulesets as well.  The downside is UDP isn't stateful, so WinProxy (or any
>other  firewall) may deny the return traffic from the VPN concentrator to
>the client.  Placing a rule in the firewall to let the udp traffic in from
>the concentrator IP address over the specific UDP port (1 is default)
>may solve your problem.  
>
>RTFL - Read The Fine Logs to determine the traffic being denied.
>
>Chris Smith
>
>-Original Message-
>From: Cflynn . Tech [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 21, 2002 10:55 AM
>To: [EMAIL PROTECTED]; Tumarinson, Max
>Subject: Re: Cisco VPN client
>
>
>Are you passing both phase 1 and Phase 2 ... ??? Can you ping anything in
>the local LAN??
>---
>Regards,
>
>
>On Wed, 20 Feb 2002 12:11:38  
> Tumarinson, Max wrote:
>>I am trying to set up Cisco VPN client 3.5a behind a Winproxy 4.0h.  I
>>am able to authenticate, however I can reach anywhere on the LAN.  I
>>looked in Winproxy support site and they have a document how to fix it.
>>However, that solution did not work for me.  Does anybody have any
>>idea/suggestion how to approach this problem.
>>
>>Thanks
>>***
>*
>>This message contains confidential information and is intended only
>>for the individual named.  If you are not the named addressee you
>>should not disseminate, distribute or copy this e-mail or its attachments.
>>Please notify the sender immediately by e-mail if you have received this
>>e-mail in error and delete this e-mail from your system.
>>
>>E-mail transmission cannot be guaranteed to be secure or error-free
>>as information could be intercepted, corrupted, lost, destroyed,
>>arrive late or incomplete, or contain viruses.  Amalgamated Bank therefore
>>does not accept liability for any errors or omissions in the contents of
>>this message which arise as a result of e-mail transmission.  If
>>verification is required please request a hard-copy version.
>>***
>*
>>
>>
>
>
>Is your boss reading your email? Probably
>Keep your messages private by using Lycos Mail.
>Sign up today at http://mail.lycos.com
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Access control servers

[Ronald Jenkins]

My company is currently researching all available
access control servers to protect our corporate
intranet.  We have found only a minimal set of highly
regarded solutions.  Based on our research, it seems
like Gemplus' eAccess server and Netegrity's
Siteminder product are the way to go?  An advisor also
mentioned a possible solution from a recent company
called Caradas (sp?) (but I'm not familiar with them).
 Does anyone have any preferences/input?  Gemplus
seems to be the standard here.  Thanks in advance.

Regards,

 Ron

__
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

RE: Cisco security

[leon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would like to point out that the certification is valid for only 2
years.  I don't necessarily know if it is worth the 500 (125 an exam
* 4 exams) to have recertify every 2 years.  Additionally, you say
you know about sans, I would say either the sans firewall or ids cert
are much more respected then cisco's equivalent exams.  Finally I
don't really even see cisco ids out there that much in production so
I didn't feel much of a need to pass an exam on it.

Just my thoughts,

If you want to get into security try a vendor neutral cert like sans,
cissp, or SSCP.

Cheers,

Leon

- -Original Message-
From: Dave Mee [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 22, 2002 2:47 PM
To: [EMAIL PROTECTED]
Subject: Cisco security

Has anyone taken the exams for Cisco Security Specialist 1??  How
good are 
they?  Is it worth the time and money?  I'm a CCNA and looking to add
on 
security related certs.  Already know about SANS certs.

thanks

dave



_
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use 

iQA/AwUBPHp/w9qAgf0xoaEuEQLctgCff8SZDQzP5kQdoxJZ5lJmvzqf2f0AoNk8
Nw4EVhRlRqwli/m2+YxxoXMA
=plZV
-END PGP SIGNATURE-

RE: md5

[Smith, Chris]

Check out the following link, with references to code in various languages
and the RFC - 

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

-Original Message-
From: Idan L. [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 2:50 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: md5


On Fri 22 Feb 02 03:27, you wrote:
>  [EMAIL PROTECTED]
-- ORIGNAL MESSAGE --
Hi all

i've been lurking this gracefull maillinglist for quite some time now, like 
any newbie on security, i got a question about md5.

could anyone feed me with a simple example on how to encrypt data with a  
feeded password (symetric encryption like), in C programming language  ? 

pointers to urls would be greatly appreciated too.

Thanks.
SecNewbie
"from all the things ive found, i miss security the most"

Hush provide the worlds most secure, easy to use online applications - which

solution is right for you?
HushMail Secure Email http://fwww.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
-- END OF ORIGNAL MESSAGE -- 
welp 
freebsd's password usaully craeted by the crypt lib as in any other os 

for example 
crypt(,) =  

I hope this is what you need : ).

EOF

Re: Q-Mail, Or How Paranoid Are We Today.

[jrd]

I have to second this statement.  I have used various versions of smail and 
sendmail in the past, for some very large volume sites, but neither package
comes close to qmail for over-all speed, ease of use and security.  While the
original poster points out the annoyances of Maildir, from an OS perspective,
it is a very attractive backing-store model and has shown itself very reliable
over it's lifetime.

Given a choice of the above 3 packages (I can not speak for exim or any other
MTA as my experience if fairly limited with other packages) I would choose
qmail without any hesitation - especially for a large volume site.



John

In previous mail, SecLists spouted...
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Overall, it is the only mail server I use and I am pretty happy with, no
> problems... There are a lot of people that don't like it for various
> reasons but I can't complain...
> 
> Shawn
> 
> On Fri, 22 Feb 2002, Billy D Walls wrote:
> 
> > I recently moved from sendmail to qmail, and so far I'm amazed at A> The
> > ease of use of "qmail the easy way 1.51" B> The annoyance of Maildir.  My
> > travels across the internet and to various qmails sites tell of vast
> > security promises and the like, and the changelogs for qmail show there
> > isn't much security vunerabilites, even relaying isn't a trouble by default.
> >   ... But has anyone had any problems with it anyway?
> >
> > P.S. Yes, I've RTFM and used google.  Just looking for any lose ends. ;)
> >
> > _
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.0.6 (OpenBSD)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE8emwq3Qw8DHute6kRAlSzAJ42xX2xXOseoizGokoUJlZzuqTZHgCgoFbu
> FI03tjd9CrmJ47oF5CdZQLw=
> =hRAi
> -END PGP SIGNATURE-
> 
> 


-- 
"Whenever two people meet, there are really six people present. There is each
man as he sees himself, each man as the other person sees him, and each man
as he really is."  -  William James

Re: Windows 9x last boot

[Michael Lang]

Dear Florentin!

The easiest and most exactly way i guess is:

goto %WinDir%\SYSBCKUP\ and look out for *.CAB files. These files are
the backup of the last functional registry files (user.dat, system.dat),
win.ini and system.ini made at every boot up of windows. The date of the
newest one of these five or six CAB files is your last boot time.

regards - mil

[EMAIL PROTECTED] schrieb:
> 
> Hello,
> 
> Does anyone know how to find out when a Windows 98 machine was last
> booted?
> I have access to the machine in cause, which is up and running.
> 
> many thanks,
> Florentin

-- 
  Besuchen Sie uns auf der CeBIT 2002!
 13. bis 20. März 2002
  Halle 21/D12
  Mitaussteller in Halle 1/4c1

INCOM Information und Computer GmbH
   - Patware -

Anschrift: Bachstraße 32
   D-53115 Bonn
Telefon:   +49-(0)2 28-979 77-64
Fax:   +49-(0)2 28-979 77-98
PATWARE mobil: +49-(0)1 70-290 90 01
E-Mail:[EMAIL PROTECTED]
Internet:  http://www.incom.de
   http://www.patware.com

Storage nach Maß - DVD/CD, RAID, Backup, NAS, SAN ...!

Re: Q-Mail, Or How Paranoid Are We Today.

[carlos]

Dear Mr.Walls ... Well... Qmail is very reliable MTA, however
it lacks on facilities such virtual domains. It stopped in
time. Second off, the source code is half open and *was*
maintained solely by a single man.
On the other hand it emerged a Patch Campaign to Qmail which
the newest facilities were ported to Qmail (such virtual
domains). Theses patches are not cumbersome to apply, and
enhances very much qmail.

I advise you 100% to use qmail, it's secure (more secure than
sendmail), fast (faster than sendmail), it's easy to build
mail cluster (easier and quicker than sendmail) and with the
proper patches it may do whatever any other MTA may do.

Cirello

> I recently moved from sendmail to qmail, and so far I'm
amazed at A>
> The  ease of use of "qmail the easy way 1.51" B> The
annoyance of
> Maildir.  My  travels across the internet and to various
qmails sites
> tell of vast  security promises and the like, and the
changelogs for
> qmail show there  isn't much security vunerabilites, even
relaying
> isn't a trouble by default.
>  ... But has anyone had any problems with it anyway?
>
> P.S. Yes, I've RTFM and used google.  Just looking for any
lose ends.
> ;)
>
>
__
___
> Chat with friends online, try MSN Messenger:
http://messenger.msn.com

Re: whois

[Jason Dixon]

As a DNS admin for a [very large] web hosting company, I can't tell you how 
many headaches I get from support folks using Sam Spade (various 
reasons).  I prefer to see folks using GeekTools 
(http://www.geektools.com), if they don't have the standard Bind UNIX tools 
available.

-Jason

At 09:39 AM 2/23/2002 +0100, J. Reilink wrote:
>[You forgot to quote the original message so I have no idea what's]
>[this about. I assume it's about whois tools.]
>
>[EMAIL PROTECTED] wrote:
> >
> > Bejon,
> >
> > Saw your post about the pilfering and whois...just as an FYI, I
> > used to use a dedicated app on win32 machines but frequently found
> > myself on another machine on the opposite side of the enterprise,
> > etc. This site has a nice online version that works so well I trashed
> > all my apps.
> >
> > http://swhois.net
>
>Try SamSpade 
>It has online tools to do whois 'n stuff, it has a downloadable
>tool and a browser plugin.
>
>Grtz, Jan
>
>--
>Dutch Security Information Network : http://www.dsinet.org
>mailto:[EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

RE: Unclassified Disk "Sanitizers"

[Eric Dumbaugh]

Get a big powered magnet from Radio Shack.

-Original Message-
From: Kevin Maute [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, February 23, 2002 10:29 AM
To: Sadler, Connie J; [EMAIL PROTECTED]
Subject: Re: Unclassified Disk "Sanitizers"

Connie,

I found no (reasonably priced) utility when I looked at this about 2
years
ago.  I was an Air Force contractor at the time and had much the same
problem
that you (probably) do.

My solution was to develop a Linux based solution to do this.  The
advantage of
this was it supports both SCSI and IDE disks and doesn't care what
OS/Data is
on the disk.

There was also a document that dictated that for your needs you needed 3
passes
to "clear" the data and for more sensitive needs require 7 passes to
"sanitize"
the disk.

Many people that are familiar with disk technologies feel this may not
be
enough but to do anything with the data that may still be on the disk
requires
fairly expensive hardware and lots of time...

Kevin


"Sadler, Connie J" wrote:

> Does anyone have recommendations for freeware or shareware that
effectively
> erases disks for unclassified but sensitive information? This would be
used
> for all machines "retired" to school programs, etc. We need one for
Windows
> and one for UNIX, if one tool can't clean both types of disks. Anybody
have
> experience with this?
>
> Thank you!
>
> Connie




--
++
Kevin Maute

Educating people on the avoidable carcinogens in their lives
and how to replace them with safe, superior products.

mailto:[EMAIL PROTECTED]
http://www.ineways.com/kmaute
http://www.newaysonline.com
++

RE: Network and Security help

[Keith T. Morgan]

The combination of VLANS on your cisco switches, and sane firewall rules at the WAN 
access point should accomplish what you need.

> -Original Message-
> From: Kirk Ellsworth [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 25, 2002 11:43 AM
> To: [EMAIL PROTECTED]
> Subject: Network and Security help
> 
> 
> I have a client that is install high speed internet into a 
> few building and
> leasing the units out.  I am putting a Cisco firewall into the leasing
> office, and using a managed Cisco switch as well.

Re: How to search for sniffers on my RedHat Machine?

[frederic de-villamic]

On Mon, Feb 25, 2002 at 07:20:13PM +0530, Krishna wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: MD5
> 
> Monday, February 25, 2002   7:16:40 PM
> Hello ,
> 
>  I used Anasil to detect sniffers on my network. It tested
>  positive on some of the machines. Now how should I search for
>  these sniffers on the machines. The machines are running on
>  RedHat Linux 6.0.
> 
>  Any help would be appreciated
> 
> - --
> regards,
> Krishna  mailto:[EMAIL PROTECTED]
> 
> Krishna Shekhar
> Network Administrator
> Wiplash.com
> 
> __ | / /___  _/__  __ \__  /___|_  ___/__  / / /
> __ | /| / / __  / __  /_/ /_  / __  /| | \__  /_/ /
> __ |/ |/ / __/ /  _  /_  /___  ___ |___/ /_  __  /
> /|__/  /___/  /_/ /_/_/  |_// /_/ /_/
> 
> 
> http://wiplash2000.com
> 
> -BEGIN PGP SIGNATURE-
> Version: 2.6
> 
> iQCVAwUAPHpBGeg6KamseJ9hAQGwuAP+LFRw5Q9UZdI6EDtbe2WIJ5nXKyP0vPHj
> 9WioR+ivqZe4QrZSlddzvsCeGg9QJO4c5SeztRtruSCsUpgjdakTUrYY/skWwXa5
> bbjwYu3Ng+8fLKQglcKRS0HUDxZfVO9BQSB64o6285v7sQS10QKU8D1qnxMmVTQQ
> +GYMSqzVgkU=
> =Wmns
> -END PGP SIGNATURE-
> 

you should just try ifconfig and then see if the ethernet card is in
promiscuous mode. No need some tools.
neuro
-- 
"I love peanuts. You drink a beer and then get fed up with the taste
so you eat peanuts. Amd then, you're thirsty and drink more
beer. Peanuts is perpetual move affordable to man." J-C Van Damme.

Secure Fileserver

[Matthias Kerstner]

Hello list.
I need your advice for a secure OS in my NT-environment. Currently
we are running 8 machines (NT, SP6) that are connected to an Novell
Dataserver, which also serves as a proxy. Now since our network capabilities
have to grow, I decided to set up a different OS on the server. Therefore
I need your suggestions which OS (Windoze preferred) are suitable for
my configuration. This OS must also be able to perform backups on daily
basis
Any recommendations are welcome!
Thanks!

Kindly regards,
- matt

RE: Cisco VPN client

[Smith, Chris]

The UDP port 1 configuration reference is proprietary to the Cisco VPN
3000 concentrator (formerly Altiga).  It does not replace the protocols
above, but instead those protocols are encapsulated in the UDP packet for
transit between the VPN client and the concentrator.  This allows NAT to
operate on the UDP header and not on the ISAKMP/ESP/AH directly.  If the NAT
modification was made on the IPSEC packet directly the integrity of the
packet would be destroyed, as header information has been modified and the
SHA/MD5 hash comparison would not match.  The packet would then be
discarded, and the tunnel will not be setup.

Chris

-Original Message-
From: Cflynn . Tech [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 10:42 AM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
Tumarinson, Max; Smith, Chris
Subject: RE: Cisco VPN client


I just wanted to add that I have not heard of an instance that IpSec was run
over port 1 its designated port is UDP 500, per the RFC. That is for the
ISAKMP/Oakley tunnel connection. Then uses IP 50/51 ESP and AH for the IpSec
section of the transmision. This is news to me...where did you obtain these
facts from??? curious to know.
---
Regards,


On Fri, 22 Feb 2002 10:06:05  
 Smith, Chris wrote:
>Check the policy/configuration of the VPN concentrator.  The previous
>version (3.0,3.1) provided the ability to wrap the encrypted IKE/IPSEC
>traffic in a UDP packet.  This provided the ability to prevent the traffic
>from being corrupted due to NAT translation, and simplified firewall
>rulesets as well.  The downside is UDP isn't stateful, so WinProxy (or any
>other  firewall) may deny the return traffic from the VPN concentrator to
>the client.  Placing a rule in the firewall to let the udp traffic in from
>the concentrator IP address over the specific UDP port (1 is default)
>may solve your problem.  
>
>RTFL - Read The Fine Logs to determine the traffic being denied.
>
>Chris Smith
>
>-Original Message-
>From: Cflynn . Tech [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 21, 2002 10:55 AM
>To: [EMAIL PROTECTED]; Tumarinson, Max
>Subject: Re: Cisco VPN client
>
>
>Are you passing both phase 1 and Phase 2 ... ??? Can you ping anything in
>the local LAN??
>---
>Regards,
>
>
>On Wed, 20 Feb 2002 12:11:38  
> Tumarinson, Max wrote:
>>I am trying to set up Cisco VPN client 3.5a behind a Winproxy 4.0h.  I
>>am able to authenticate, however I can reach anywhere on the LAN.  I
>>looked in Winproxy support site and they have a document how to fix it.
>>However, that solution did not work for me.  Does anybody have any
>>idea/suggestion how to approach this problem.
>>
>>Thanks
>>**
*
>*
>>This message contains confidential information and is intended only
>>for the individual named.  If you are not the named addressee you
>>should not disseminate, distribute or copy this e-mail or its attachments.
>>Please notify the sender immediately by e-mail if you have received this
>>e-mail in error and delete this e-mail from your system.
>>
>>E-mail transmission cannot be guaranteed to be secure or error-free
>>as information could be intercepted, corrupted, lost, destroyed,
>>arrive late or incomplete, or contain viruses.  Amalgamated Bank therefore
>>does not accept liability for any errors or omissions in the contents of
>>this message which arise as a result of e-mail transmission.  If
>>verification is required please request a hard-copy version.
>>**
*
>*
>>
>>
>
>
>Is your boss reading your email? Probably
>Keep your messages private by using Lycos Mail.
>Sign up today at http://mail.lycos.com
>
>


Is your boss reading your email? Probably
Keep your messages private by using Lycos Mail.
Sign up today at http://mail.lycos.com

Linux hardware firewall question

[jnf]

I operate a small network of about 5 computers and am considering setting up
a pc to operate as a firewall/router for the network. The network does no
recieve much traffic at all and trying to figure out hardware wise what I need
the topology I have decided to go with is that each box on the network will have
its own nic on the pc. Additionally, if anyone can suggest documentation on how
to set this up software wise I would appreciate it. 

I have some experience with iptables, but an unsure exactly how I would set this
up? Again any help would be appreciated. 

Thank you.

J. Ferguson

RE: Best means to block MSN Messenger, AIM and other chat programs? Thank you!

[Kevin Guidry]

--- KEN MORRIS <[EMAIL PROTECTED]> wrote:
> we will stopping them from downloading
> the program

   Just out of curiosity, how do you plan on doing
this?  It seems to me that doing this may as difficult
as blocking the program (as in your original
question).
   I think that setting a company policy prohibiting
the installation of these programs is the way to go. 
At its core, this is a social problem and not a
technological one.


Kevin


__
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

Re: POP3

[Dominik Birk]

At 22:00 23.02.02 +, [EMAIL PROTECTED] wrote:

>My users want me to to give them POP3 access via
>the firewall. We have an Exchange Server runnig with
>a Checkpoint Firewall. Are there any security issues
>that I need to watch out

I'm not an expert in Checkpoint Firewalls, but the problem is, you have to 
open another port (110) and my opinion is: Every new open port brings a 
potential security problem with it.
If you search for Exchange Server Security holes you will find a lot on 
www.securityfocus.com or other security related sites. With the exchange 
server, there are often many problem in a securityrelates respect. (Sorry 
for bad english)

I hope, I could help you.

Greetings

Dominik



--
http://www.code-foundation.de
217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] "GET
/MSADC/root.exe?/c+dir

Microsoft? Where do you want to surf today?

RE: Unclassified Disk "Sanitizers"

[David]

DoD wipe, Norton Wipe, KO.

Three passes for sensitive info. Seen KO and DoD used for higher than that.

And all three could have been the same program. They sure did look alike.

No idea on price

I can't find my link at the moment, but there used to be a link to a paper
that went into painful detail how you could build your own -- oops!! found
the link. Luck I remembered "Magnetic force scanning tunneling microscopy
(STM)" Made the search pretty quick.

This link tells you just how safe your old hard drive is. YOU have to
determine how much effort YOU want to spend to be safe.

If it was my hard drive with my excel spreadsheet of all my unreturned
public library books (Which I do really intend to turn back in, some day
when I return to the USA (Any lawyer types out there know the statute of
limitations on overdue library books??)) I'd open the drive up and sand off
the magnetic media with an electric sander, then use an 8 pound fine
alignment tool (sledgehammer) to reduce it to shards.

The link, for those that held out:

http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gut
mann/

When you read this, don't feel inferior. Uncle Peter Guttmann doesn't want
you to feel that way; he's just oh so much more brilliant than most of us. I
sure felt humbled.

D. Weiss
CCNA/MCSE/SSP2


-Original Message-
From: Kevin Maute [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 4:29 PM
To: Sadler, Connie J; [EMAIL PROTECTED]
Subject: Re: Unclassified Disk "Sanitizers"


Connie,

I found no (reasonably priced) utility when I looked at this about 2 years
ago.  I was an Air Force contractor at the time and had much the same
problem
that you (probably) do.

My solution was to develop a Linux based solution to do this.  The advantage
of
this was it supports both SCSI and IDE disks and doesn't care what OS/Data
is
on the disk.

There was also a document that dictated that for your needs you needed 3
passes
to "clear" the data and for more sensitive needs require 7 passes to
"sanitize"
the disk.

Many people that are familiar with disk technologies feel this may not be
enough but to do anything with the data that may still be on the disk
requires
fairly expensive hardware and lots of time...

Kevin


"Sadler, Connie J" wrote:

> Does anyone have recommendations for freeware or shareware that
effectively
> erases disks for unclassified but sensitive information? This would be
used
> for all machines "retired" to school programs, etc. We need one for
Windows
> and one for UNIX, if one tool can't clean both types of disks. Anybody
have
> experience with this?
>
> Thank you!
>
> Connie




--
++
Kevin Maute

Educating people on the avoidable carcinogens in their lives
and how to replace them with safe, superior products.

mailto:[EMAIL PROTECTED]
http://www.ineways.com/kmaute
http://www.newaysonline.com
++

Port scan reporting?

[Ben Schorr]

Our ISA server reported a number of attempted port scans of our server over
the weekend; no biggie, but the log files indicate the IP address they
supposedly came from.  Is there any agency I should be reporting these to or
is there any value in trying to report them to the ISP?

What's the "best practice" in this case, do I just ignore them?

Mahalo!

-Ben-
Ben M. Schorr, MVP-Outlook, CNA, MCPx3
Director of Information Services
Damon Key Leong Kupchak Hastert
http://www.hawaiilawyer.com  

The Best Network Scanner?

[Bejon Parsinia]

Good day,

I just wanted to pose this question to the group, what are some of the best
network scanners on the market for finding vulnerabilities on your network,
reporting on issues, and suggesting fixes for the known vulnerabilities that
are found?  When you respond, please note if this is a *nix or Win32 app
(I'm in a Win32 environment).  I've been working on testing a few different
products and have had a tough time on picking one to go with.  Also worth
noting, I haven't found an application that is thorough enough for my liking
yet either.

The real dilemma is, I have such a tight budget (who in IT doesn't these
days though) that I am forced to make a very informed decision.  So, with
that in mind here is your challenge.

I appreciate any feedback you can give me, and am looking forward to putting
my servers under even greater stress with your recommendations (assuming
there is a trial demo available or you suggest a free app).  :)

Sincerely,

Bejon Parsinia
[EMAIL PROTECTED]

Encryption for masses or E4M

[Kulla]

Hi all

Does anyone know how to recover password from volume file that is =
encrypted with e4m?

I have some files that I need to recover some files but I forgot =
password. I would appriciate any kind of help or advice.

Regards
Kulla

RE: Q-Mail, Or How Paranoid Are We Today.

[Demitrious S. Kelly]

I've been using qmail in various situations for quite some time now and,
though I am definitely no serious security expert, I've never had any
problems with it.  I've use standalone installations, as well as qmail
with all of the goodies (vpopmail, ezmlm, webmail, qmailadmin, sslwrap,
etc, etc) in both private and public environments (on shell hosting
servers, etc) and it's never once been the source of a security
compromise (not in my experience anyhow).  Also you can still use the
mailfile (mbox (?)) format with qmail, you just have to configure it a
little differently. The info on doing this is in the docs that come with
email (something like README.MBOX or some such...)

Hope this helps.

-Original Message-
From: Billy D Walls [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 22, 2002 7:51 PM
To: [EMAIL PROTECTED]
Subject: Q-Mail, Or How Paranoid Are We Today.

I recently moved from sendmail to qmail, and so far I'm amazed at A> The

ease of use of "qmail the easy way 1.51" B> The annoyance of Maildir.
My 
travels across the internet and to various qmails sites tell of vast 
security promises and the like, and the changelogs for qmail show there 
isn't much security vunerabilites, even relaying isn't a trouble by
default. 
  ... But has anyone had any problems with it anyway?

P.S. Yes, I've RTFM and used google.  Just looking for any lose ends. ;)

_
Chat with friends online, try MSN Messenger: http://messenger.msn.com

RE: Encrypted share question

[Mike Donovan]

---
I'm looking for a product that can create an encrypted 'container' or
'share' that can be accessed simultaneously by several users. 
---

I don't know the answer to the "share" question, but you might check on three 
other very good products:

www.drivecrypt.com  DriveCrypt(the successor to the well-respected ScramDisk)

www.jetico.com   BestCrypt (The new version is far and away the best they've 
produced yet!)

http://www.pcdynamics.com/SafeHouse/  SafeHouse

I am wondering about a partition that is encrypted, if that would make any 
difference. DriveCrypt is the only one of the above that has that capability.

Good luck -- and let us know! It's a good question!

Mike Donovan

RE: Unclassified Disk "Sanitizers"

[Mike Donovan]

I would recommend the "Security and Encryption FAQ Revision 16.1" by Dr. 
WhoThis is a recent revision and is quite good. A keeper. It is a good 
introduction to *applied* encryption focusing on tools, etc. You can find it 
all over the web, but here's a URL where the latest revision can be found:
http://www.privacy.li/security_faq.htm
Anything more than an introduction, email me and I'll send you a good list of 
books.
Good Luck!
Mike Donovan

Re: Unclassified Disk "Sanitizers"

[Cavell . McDermott]

  For the price of that kind of utility, you might as well physically destroy the 
hdd's, and replace
them with new or used drives picked up at auction.  Price per gb at least for IDE 
drives has gotten
cheap enough for this to be a plausible situation.  Just depends on how gone you want 
that
information.




   

Kevin Maute

, 

pring.com>   [EMAIL PROTECTED] 

 cc:   

02/23/2002   Subject: Re: Unclassified Disk 
"Sanitizers"   
09:29 AM   

   

   





Connie,

I found no (reasonably priced) utility when I looked at this about 2 years
ago.  I was an Air Force contractor at the time and had much the same problem
that you (probably) do.

My solution was to develop a Linux based solution to do this.  The advantage of
this was it supports both SCSI and IDE disks and doesn't care what OS/Data is
on the disk.

There was also a document that dictated that for your needs you needed 3 passes
to "clear" the data and for more sensitive needs require 7 passes to "sanitize"
the disk.

Many people that are familiar with disk technologies feel this may not be
enough but to do anything with the data that may still be on the disk requires
fairly expensive hardware and lots of time...

Kevin


"Sadler, Connie J" wrote:

> Does anyone have recommendations for freeware or shareware that effectively
> erases disks for unclassified but sensitive information? This would be used
> for all machines "retired" to school programs, etc. We need one for Windows
> and one for UNIX, if one tool can't clean both types of disks. Anybody have
> experience with this?
>
> Thank you!
>
> Connie




--
++
Kevin Maute

Educating people on the avoidable carcinogens in their lives
and how to replace them with safe, superior products.

mailto:[EMAIL PROTECTED]
http://www.ineways.com/kmaute
http://www.newaysonline.com
++

Re: Redhat firewall problem

[Mike O'Toole]

Hi Phil,

Do you have WINS set up on these PC and can you ping the mail server by it's
NetBios name (NOT the FQDN). Another remote possibility is a typo in the
LMHOSTS file. A ping by NetBios name will show this too. If no WINS is
configured a typo in the DNS search suffix can do this also. Another thing
to check is if the intermediate routers and hubs are blocking the WINS UDP
packets. I have an old laptop that I keep W98 and an e-mail client on to
show the network folks the 'result' of seemingly low impact router 'tweeks'
such as this.

Hope that helps,

Michael O'Toole
Messaging Engineer


- Original Message -
From: "Phil Sheldon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 22, 2002 8:48 PM
Subject: Redhat firewall problem


> Hi,
>
> I have a problem with a Redhat firewall using the Monmothas firewall
script.
> On my internal network I have several dual boot machines. When booted in
to
> Redhat they connect through the gateway firewall server as if they have a
> direct connection to the internet. When they are booted in to Windows 98
they
> don't seem to connect at all i.e. applications like Limewire and mail
clients
> just don't seem to resolve anything. Even though I can ping domain names
from
> the command line and get a good responses. All the TCP/IP settings are
right
> I'm sure otherwise I wouldn't get ping responses, especially by domain
> name...I'm totally baffled... Why would the Linux clients have no problems
> but the Windows clients be so useless. Is it the MTU settings? I fiddled
with
> these. I set up a squid proxy on the Redhat server just for the windows
> machines so they could browse. I would be greatful for any suggestions.
>
> Thanks
> Phil Sheldon


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

RE: Unencrypted Email

[Coffey, Christopher S.]

I'll add my opinions here, hopefully you will find them interesting:

1. Yes most sniffers can be configured to find just curtain types of traffic
by headers (mail, ftp, etc.)

2. Yes but it takes more work than that, let me explain (this is but a
sample scenario btw). Say I was a company in LA and I wanted to snoop the
email of my competitor in NY city. I would need to find out who there ISP is
(who runs there T1 or whatever) then I would need to "Hack" into that ISP (
Ok yes this is complicated it might require breaking into multiple routers
and servers within the ISP to find the right link into there T1 ) and
install my sniffer software to grab all the mail coming and going from that
company. This could either be done by a group of black hat mercenaries or by
a well placed inside at the ISP.

3. This is a rough scenario, it would be a very big case of corporate
espionage that so far we haven't seen yet ( or at least not made public) but
it is possible, with enough time money and luck it could be done, it all
depends on how much $$$ the data is worth ???

Christopher Coffey
Network Security Officer
AAC-VA




-Original Message-
From: Dave Bujaucius [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 22, 2002 10:58 AM
To: [EMAIL PROTECTED]
Subject: Unencrypted Email


It is common knowledge that unencrypted messages sent over an unsecured
Internet connection *can* be viewed in clear text and thus the contents
compromised.  My questions:

1.  Is it really easy?  How readily available are sniffing tools that
can do this?
2.  Can it be done from a user's home dial up or DSL type connection?
Can someone in California somehow be scanning mail leaving a New York
location?
3.  Outside of government agencies that have access to selected ISP's,
how likely is it that a company could be targeted by an outside person
or organization?

I realize that like most IT issues everything is relative.  I'm
questioning the relative risk in sending confidential information over
the Internet.  Real life experiences versus theory.

Dave Bujaucius

IPChains PortFowarding

[rsavage]

All,

Is it possible to do port-fowarding with ipchains, rather than using
ipmasqadm, or ipportfw?  I have a firewall running linux 2.4.x kernel, and
don't want to switch to iptables unless I have to.

ipchains works just fine, but switching to iptables would require too much
downtime.  Unless there is a rc.firewall converter app?

Thanks,

-- 
Rory Savage

RE: POP3

[Ferguson, Scott]

we took pop3 away from our users not long ago due to virus concerns, technically the 
desktop software will scan attachments/emails if configured properly, but we like to 
control the specific types of attachments they can/cannot receive and scan all mail at 
the server level first

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 23, 2002 5:00 PM
To: [EMAIL PROTECTED]
Subject: POP3




My users want me to to give them POP3 access via 

the firewall. We have an Exchange Server runnig with 

a Checkpoint Firewall. Are there any security issues 

that I need to watch out

Re: Basic setup for a home RedHat 7 box

[SecLists]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would recommend a combo of network IDS and host-based IDS:
On the network side, you can't go wrong with Snort... somewhat of a
learning curve but totally worth it... or you could use something like
PortSentry...
For Snort: http://www.snort.org
For PortSentry: http://www.psionic.com
Also, check out Demarc which works with Snort: http://www.demarc.com

For Host Based, I would go with Tripwire or AIDE...
Tripwire: http://www.tripwire.org
AIDE: http://www.cs.tut.fi/~rammer/aide.html

hope that helps...

shawn

On Sat, 23 Feb 2002, Thomas Madhavan wrote:

> Hi all.
>
> Most of the information on this lists regarding firewalls, sniffers etc seem
> to be concerned with LANs, or computers using Ethernet cards.
>
> I want to set up at least some basic IDS and firewall tools on my box at
> home, which isn't on any sort of network.
>
> Do the same rules apply to me, using a modem? Or are there other
> applications more suited to individual systems, rather than networks?
>
> Preferably the tools will be not *too* complicated to use, although I don't
> mind learning.
>
> Thanks a lot.
> Thomas Madhavan
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, February 21, 2002 3:50 PM
> Subject: Re: Detecting Sniffers?
>
>
> > Ettercap 0.6.2, Arpwatch 2.1a4 & Snort 1.8-RELEASE all running on Linux
> Redhat 7.2 sounds like what you need. Got to http://packetstormsecurity.org
> >
> > Let me know how it goes.
> >
> > Cheers
> >
> > Taiye.
> >
> > In a message dated Thu, 21 Feb 2002 21:30:35  Greenwich Mean Time, Sumit
> Dhar <[EMAIL PROTECTED]> writes:
> >
> > >
> > > Hello All,
> > >
> > > I was wondering the other day as to how one could go about detecting a
> > > sniffer on the network. If it is a Shared Ethernet, I wouldn't even
> > > try... but on a Switched Ethernet, I feel there still is a chance.
> > >
> > > Specifically,
> > >
> > > 1. What would be the best method to see if someone is carrying
> > > out ARP-Spoofing?
> > >
> > > 2.  Would it be possible to locate a machine that is flooding
> > > the network with fake MAC replies?
> > >
> > > Also, what would be the other methods that a person *MIGHT* be used to
> > > sniff in a switched environment?
> > >
> > > Most of the anti-sniffing tools (from L0pht etc.) are not very
> > > reliable.. any other tools that you people are aware of? And lastly,
> > > though I think it is practically impossible, would it be possible to
> > > detect a sniffer on a Shared Ethernet (where it is usually passive).
> > >
> > > Also let me clarify, each user on this network controls his machine
> > > completely as the root user, no user has access to every machine..
> > >
> > > Regards
> > > Dhar
> >
> >
>
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8encn3Qw8DHute6kRAjIvAJ4sJb/L4QUT5HGEsILFXnPhawEZ+gCeJgI1
C+S/d/cNTEKxjqGKIoMWbNA=
=ncqy
-END PGP SIGNATURE-

Re: Unclassified Disk "Sanitizers"

[Meritt James]

Sorta depends if you ever want to use it again.

If not, a blowtorch would probably work nicely.

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

Re: X and port 6000

[Philipp Steinkrüger]

Am 23.02.2002 06:00:01, schrieb dewt <[EMAIL PROTECTED]>:

>On Thursday 21 February 2002 11:24 am, sege wrote:
>> Hello Folks:
>> I am running Mandrake Linux 8.1, and I  am trying to stop X from listening
>> 0n port 6000. Any hint on how to do this will be appreciated.
>> TIA,
>>
>> Qv6
>start X with the "-nolisten tcp" , if you're starting x manually with startx 
>the format would be "startx -- -nolisten tcp", if you have the system start X 
>automagically edit /etc/X11/xdm/Xservers and change:
>:0 local /usr/X11R6/bin/X
>to
>:0 local /usr/X11R6/bin/X -nolisten tcp
>
>(these instructions are for rh7.2 but i'm pretty sure it's all you need for 
>mdk8.1 too)


they work for sure with Caldera Open Server/Workstation. Just figured it out
today

Regards,
philipp

RE: screening router

[Vachon, Scott]

>why should I setup ACLs on a screening router for some kind of traffic
(e.g. ICMP, >maybe restrict some ports) although the firewall itself filters
that traffic? Why >should I setup ACLs on an internal screening router?

You should base all your network security on the principal of "defense in
layers." For example, (INET)-->|FW-->ACLs and IDS -->OS patches/end user
security training. This builds in reliability, redundancy, and increases the
time it takes to penetrate a network. ACLs also help to slow or prevent
internal (employee) snooping and/or hacking. If you only use a firewall and
it is defeated, what do you have left ???

~S~

Disclaimer: My own two cents.

Re: College advice

[Roy Pait]

Careful what you sign up for The udergraduate program specifies 1.5 times service 
for each year of college, not the 1:1 you mention.

>>> "Terry J Dunlap Jr" <[EMAIL PROTECTED]> 02/23/02 10:32AM >>>
I can vouch that this is true. I'm currently undergoing "processing" at the
NSA for employment in the area of network security.
.

However, you will need to "pay them back" with time. In other words, if it
takes you two years to earn your masters, then you commit to the NSA for
another two years.

RE: Just a question ........NEWWWWS !!!!!

[Jean-François Asselin]

This looks like a cleverly disguised trojan or spyware which tries to
pass off as Outlook express. I suggest you run ad-aware
(www.lavasoft.de). And see if itès a known spyware. Running fport might
be a good idea to see if itès a trojan as previously suggested. In any
event, remove this from your system, it is not in any way a Microsoft ot
system file.

> -Original Message-
> From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] 
> Sent: February 23, 2002 10:32 AM
> To: [EMAIL PROTECTED]
> Subject: Just a question NES !
> 
> 
> Hi Again  thank you all for answering, but I've got 
> some news  I didn't use fport ( which was a proposition 
> of someone of you ), but I tried to block this address by 
> ZoneAlarm Pro that is installed and running. ZApro gave me 
> then an alert every 20 seconds, and said that Microsoft 
> outlook express tried to connect to www.myhost.com  which 
> resolves in the browser directly to weguardyou.com !! the 
> alert is :
> "Your computer was prevented from connecting to a restricted site
> (www.myhost.com).
> User: Bassam ALHUSSEIN
> Program: Microsoft Outlook Express .
> Time: 23/02/2002 03:34:20 PM  "
> 
> the problem is that I never visited that site before or 
> downloaded something from there ...!!! softwares that I use 
> at startup are : some Norton utilities and AV, ZoneAlarmPro, 
> and getright !! I have had these alerts even when outlook is 
> not running ...!!! So when I passed on PROGRAMS SETTINGS in 
> ZApro I found TWO outlooks 
> 1)Outlook Express (which is the file msimn.exe)
> 2)Microsoft Outlook Express  (which is  support-http.exe 
> ) and it is
> this one that was trying to connect to myhost.com 
> ..but why ??? ( it exists even in the registry to 
> run at the startup ..!!  wow but with name of http tunnel ??
> I remember ..http-tunnel is a program I used once to 
> bypass my the proxy server of my ISP that blocks free email 
> sites ...!!! )
> 
> 
> what do you think ??? should I still block the address and 
> have the alerts every 20 sec... should  I delete that key 
> from the registry ???  Do you know if support-http is really 
> a program from microsoft ? ( cause it is in the system folder 
> and http-tunnel that I used is just one exe file on another 
> hard drive ) I am lost .help
> 
> I sent email to [EMAIL PROTECTED] but got no answer .
> 
> Bisso
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 

Home network security issues

[Chandrama Mishra]

Hi,

I have dual homed  SuSE Linux(7.3) machine running iptables as my firewall
cum gateway to cable modem connection. The other two machines on the network
are win2k machines ( a desktop and a laptop). I'm running ZoneAlarm as well
on the desktop.

The iptables firewall is configured to allow  domain and dhcp related
services on the external interface while all the services are allowed from
the internal network ( Configured it via SuSEfirewall2). When I dumped the
iptables rules in a file, it's a complex mess running upto 8 a4 pages.

 My questions are :

1. Do I need to upgrade to bind9 from bind8 ?
2. The network is secure enough or do I still need to buy a cable/dsl router
?
3. Do, I need some IDS like snort?
4. I can configure to run pptpd but can't find pptp. (I have got script to
connect to office network that uses pptp from linux). So, pptp daemon and
pptp are separate packages?

Thanks in advance,
C. Mishra