Re: X and port 6000
try to put an alias in .bashrc alias startx=startx -- -nolisten tcp it's working for me good luck :) ___ Cosmin Florea Linux Unix Fan http://www.upet.ro email: [EMAIL PROTECTED] phone: +40 93 43 98 38 ___ If your sexual fantasies were truly of interest to others, they would no longer be fantasies. -- Fran Lebowitz On 22 Feb 2002, Kerberus wrote: Hrmmm I thought they fixed that in X, Well at least under *BSD they did, what version of XFree is mandrake using these days??? On Thu, 2002-02-21 at 12:24, sege wrote: Hello Folks: I am running Mandrake Linux 8.1, and I am trying to stop X from listening 0n port 6000. Any hint on how to do this will be appreciated. TIA, Qv6 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Excel File
Hi Friends I have a excel file that i set with password 2 years ago with personal information, but today i tried to opened it; but i miss the password, how can i open the file?. Thanks in advance for your help. Regards, Fabian Internet Email Confidentiality Footer La información contenida en este e-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Cualquier retención, difusión, distribución o copia de este mensaje es prohibida y sancionada por la ley. La compañía no asume responsabilidad sobre información, opiniones o conductas contenidas en este mail que no este relacionada con negocios oficiales de nuestra compañía. Internet Email Confidentiality Footer The information in this e-mail is intended to be confidential and only for the use of the individual or entity to whom it is addressed. Any retention, dissemination, distribution or copying of this message is strictly prohibited and sanctioned by law. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it. Otecel S.A.
RE: Unclassified Disk Sanitizers
I am really disappointed in the continuing answer use Google or use something else. All of the people on this list know how to use a search engine. What the beginners are asking is for advice on which ones are good sites and which ones are bad. I remember the trouble I had finding good sites. My time was very limited and I needed to concentrate on getting the best info in the little time available to me. This is Security BASICS after all. There are a lot of beginners on this list and understandably there will be a lot of duplication of questions and answers. What were you people like in the beginning of your studies. I am sure we are all alike. I knew next to nothing and thanks to a great bunch of people I was able to gather a lot of info despite thanks to the use Google crowd. Samuel Harris A+, MCP, Networking Certificate, Phi Theta Kappa Portsmouth Naval Shipyard Portsmouth , NH 03801 (207) 438-1275 -Original Message- From: Phil Park [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 10:50 AM To: Sadler, Connie J Cc: [EMAIL PROTECTED] Subject: Re: Unclassified Disk Sanitizers -BEGIN PGP SIGNED MESSAGE- PGP (go to www.pgpi.org) has a wipe feature. The Windows version will wipe files and free space as well. You can also go to google and search for secure delete. thx - --phil - -- phil park system administrator [EMAIL PROTECTED] 208.885.5562 (phone) 208.885.7099 (fax) 419.730.3247 (e-fax) http://www.csds.uidaho.edu On Thu, 21 Feb 2002, Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybody have experience with this? Thank you! Connie -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQEVAwUBPHe58FDd4eFw884XAQEZ9wf+PjDitYEWW8ctMhXEPRZbFscGXwOGSN+Q psrqZtKT86Mw3wlQJHtIS0n8ClN4vshytnFy1KOhrAHTHmPnfdAimxUOXd8Fhwpv 55cv/2DdvBZn58QJXUQsAVekNZXDnwX79kcKwHFtWBv/bAGOvP+EZI3nsZsElOkh a+N0VWhuVwYfjE0z8I6EcH2FTXZ8dw7JMmvvV55ijy2KrO2wEGSpbnCD9nHwety4 K+8N8u/3j469uO0PZXGSFmQ6HBDclz0eWdrYyf0pUZevggZmIDuxbz5XCJw9s0FE qIlAsBX57YcpFEYRY5WCHncA+o8V33s/jh/nllxpKlF80YRrBrG0bg== =qP3v -END PGP SIGNATURE-
Re: Encryption Basics
Recommending a book like applied cryptography to a beginner is like giving a 3 year old a car and telling them to drive, that book is okay I have a copy but you best know lots and lots of calculus cause that is what most of it is the actual algorithms. This book looks like more of a beginners book: Basic Methods of Cryptography by Jan C.A. Van Der Lubbe List Price: $35.00 Our Price: $35.00 Availability: Usually ships within 6 to 7 days from www.amazon.com Also this book is great... Computer Security Basics by O'Reilly chapter has a low level overview of encryption... --- Regards, On Mon, 25 Feb 2002 09:51:55 Bill Barrett wrote: You know these kind of relpies really annoy me. For the beginner a google search will turn up lots of resouces, many of them with incorrect information. It can be very intimidateing for those just starting out in the field. We that know more should help those that are tring to learn. After all we were all once there too. If you are going to post a reply post something that actually has some helpful information in it. That being said, try: http://www.counterpane.com/labs.html http://www.crypto.com/ A exellent book is Applied Crypography by Bruce Schneier available at Amazon for about $40 last time I checked. -WTB [EMAIL PROTECTED] writes: At 07:38 21.02.02 -0500, [EMAIL PROTECTED] wrote: What sources would you suggest for getting basic info on encryption? (How it works, software sources, best practices in business settings, etc.) First I would try to consult a search engine like www.google.com or so. After that I would consult a library in order to find some good books. Michelle Horner Outcome Technology Associates, Inc. Dominik -- http://www.code-foundation.de 217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] GET /MSADC/root.exe?/c+dir Microsoft? Where do you want to surf today? Is your boss reading your email? Probably Keep your messages private by using Lycos Mail. Sign up today at http://mail.lycos.com
Re: Network and Security help
vlans will help with sme of thisdhcp on each vlan; seperate the vlans according to the leased physical spotsthis is just for basic connectivity; if the tenents want to host services it'll be more complicated my 2 pesos -scm On Mon, 25 Feb 2002, Kirk Ellsworth wrote: I have a client that is install high speed internet into a few building and leasing the units out I am putting a Cisco firewall into the leasing office, and using a managed Cisco switch as well There will be a large amount of units and security from unit to unit is a concern of mine Does anyone have a suggestion on the best way to do this? Do I add a DHCP server to the leasing office or do I let the router assign IPs? What do I need to consider if I only want the units to reach the WAN via the T1 router and not have any access what so ever to other units? Also if I have 10 buildings with leased units in each what would be the best way to subnet these buildings What other mail groups should I send this to? Anything will help here Thanks in advance ke
Re: Encryption Basics
I was refering to Applied Cryptography with Source Code in C Second Edition by Bruce Schnider of counterpane labs not Handbook of Applied Cryptography by Alfred J. Menezes et al. However this is a exellent resouce as well. I bought it in dead tree form myself but it's a little expensive -B [EMAIL PROTECTED] writes: Found the link. http://www.cacr.math.uwaterloo.ca/hac/ You can also download Applied Cryptography for free. I can't remember where but I have done it myself. I had the whole book, but I wiped my hard drives. Trevor - Original Message - From: Bill Barrett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, February 25, 2002 8:51 AM Subject: Re: Encryption Basics You know these kind of relpies really annoy me. For the beginner a google search will turn up lots of resouces, many of them with incorrect information. It can be very intimidateing for those just starting out in the field. We that know more should help those that are tring to learn. After all we were all once there too. If you are going to post a reply post something that actually has some helpful information in it. That being said, try: http://www.counterpane.com/labs.html http://www.crypto.com/ A exellent book is Applied Crypography by Bruce Schneier available at Amazon for about $40 last time I checked. -WTB [EMAIL PROTECTED] writes: At 07:38 21.02.02 -0500, [EMAIL PROTECTED] wrote: What sources would you suggest for getting basic info on encryption? (How it works, software sources, best practices in business settings, etc.) First I would try to consult a search engine like www.google.com or so. After that I would consult a library in order to find some good books. Michelle Horner Outcome Technology Associates, Inc. Dominik -- http://www.code-foundation.de 217.229.69.207 - - [14/Oct/2001:02:29:41 +0200] GET /MSADC/root.exe?/c+dir Microsoft? Where do you want to surf today?
Security Services
Do you know someone that provide services of penetration of network? Thanks, Manuel Peña [EMAIL PROTECTED]
RE: Encrypted share question
Just a shot in the dark. But what if you are using EFS from Microsoft. It uses the public key and private key scheme. What if I gave, lets say 4 users that need to share confidential data, the same private key? They should then be able to share. mrcorp The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard Poor's
RE: POP3
We have removed our previous mail server and have installed a Sendmail/Qpopper *nix server running John D Hardin's procmail sanitizer to block certain content and many many types of file attachement. http://www.wolfenet.com/~jhardin/ Viruses have dropped by 99%. Removing access to HOTMAIL will also be a good idea. - Chris Payne On Mon, 25 Feb 2002 13:45:38 -0500, Ferguson, Scott wrote: we took pop3 away from our users not long ago due to virus concerns, technically the desktop software will scan attachments/emails if configured properly, but we like to control the specific types of attachments they can/cannot receive and scan all mail at the server level first -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 5:00 PM To: [EMAIL PROTECTED] Subject: POP3 My users want me to to give them POP3 access via the firewall. We have an Exchange Server runnig with a Checkpoint Firewall. Are there any security issues that I need to watch out - - Chris Payne Network Administrator Physical Resources Dept, University of Guelph (519)824-4120 x2882 [EMAIL PROTECTED]
Re: IPChains PortFowarding
On Mon, Feb 25, 2002 at 12:57:58PM -0500, [EMAIL PROTECTED] wrote: Is it possible to do port-fowarding with ipchains, rather than using ipmasqadm, or ipportfw? I have a firewall running linux 2.4.x kernel, and don't want to switch to iptables unless I have to. No, there is no way to do that with ipchains. You can try rinetd, if you really don't want to change. ipchains works just fine, but switching to iptables would require too much downtime. Unless there is a rc.firewall converter app? I have seen some of these around, but never tested one. -- Rodrigo Barbosa - rodrigob at tisbrasil.com.br TIS - Belo Horizonte, MG, Brazil Quis custodiet ipsos custodes? - http://www.tisbrasil.com.br/ Brainbench Certified - Transcript ID #3332104
RE: Websites can execute code on users machine
Hi I was affected by this bug, with Win2K SP2 + pre SP3 Patches and IE6 with Q312461 and Q313675 updates (Medium Level) I modified sources of the web page and was so abble to launch every soft on my computer! Incredible! Benoit On Thu, 21 Feb 2002, Mike Carney stated: Setting your browser to high disables this from happening but I figured I'd share this link to a Hungarian web site I believe that the site has notified Microsoft of this problem http://wwwkurthu/iebughtm I checked all the browsers in my office and they were set to medium (Is this the default?) and turned off active scripting Have a good day Mike
RE: Encrypted share question
If I may humbly respond. It occurs to me that encrypting the data in the "container"/share/partition/volume is not even half the battle. When the user(s) connect to the share and request data, you will need to encrypt the data stream, else a simple packet sniffer could capture the data. B. -Original Message- From: Mike Donovan [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 2:23 PM To: [EMAIL PROTECTED] Subject: RE: Encrypted share question --- I'm looking for a product that can create an encrypted 'container' or 'share' that can be accessed simultaneously by several users. --- I don't know the answer to the "share" question, but you might check on three other very good products: www.drivecrypt.com DriveCrypt(the successor to the well-respected ScramDisk) www.jetico.com BestCrypt (The new version is far and away the best they've produced yet!) http://www.pcdynamics.com/SafeHouse/ SafeHouse I am wondering about a partition that is encrypted, if that would make any difference. DriveCrypt is the only one of the above that has that capability. Good luck -- and let us know! It's a good question! Mike Donovan This transmission (and any information attached to it) may be confidential and is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient or the person responsible for delivering the transmission to the intended recipient, be advised that you have received this transmission in error and that any use, dissemination, forwarding, printing, or copying of this information is strictly prohibited. If you have received this transmission in error, please immediately notify LabOne at (800)388-4675.
Re: Home network security issues
1 Do I need to upgrade to bind9 from bind8 ? if you are worried about security use djbdns 2 The network is secure enough or do I still need to buy a cable/dsl router ? Use OpenBSD 3 Do, I need some IDS like snort? Not if you use OpenBSD 4 I can configure to run pptpd but can't find pptp is it installed? whereis pptp __ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetingsyahoocom
Re: To domain or not to domain? :-)
On Mon, 25 Feb 2002, Gegerfelt, Michael stated: Hi all I have a question regarding topology in a DMZ zone How does you guys put up a network with the following design? (It is a customer to us and I want to implement the best solution) Today they have three domains (One for their internal site, one for their external site - the DMZ and one for their sister company (Sorry for my limited vocabulary and my spelling) They have one NT domain for their internal (lets say that one is called internal), they also have an NT4 domain called (lets say external, great imagination huh ) Is it even recommended to have a separate domain for the DMZ? I have heard from some guys that they prefer to put their NT boxes as Stand Alone instead Any pros and cons for different topologies? Yours sincerely --- Michael Gegerfelt Well, I suppose that you are only using the term domain as in WinNT domain and not Internet domain here The reason for using NT domains is to use the single logon feature, whcich means that you will only have to authenticate once to access resources in that domain (or trusted domains) I case of the DMZ I suppose that this DMZ will _not_ have any servers posing as file, print or logon servers - right? In that case, I don't see any reason why those boxes should be in the same domain If I remember correctly (was a while ago I poked around with NT), the NT domain authentication model relies upon NetBIOS, which there is not reason to have accessible (or even running) on an Internet connected (and reachable) machine Disable NetBIOS over TCP/IP, Microsoft Share and Printing (or whatever it's called) and block ports 135-139 at your firewall (the firewall should not let anything throughh except for traffic bound to ports offering public services in your DMZ) Do as your NT friends told you run those servers as stand alone machines (don't forget patching - if NT4 they'll certainly need it ;) Patrik Birgersson
RE: POP3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We also took away pop3 for virus concerns. Even if you have a scanner like McAfee setup, with a feature like mailscan enabled (so the virus scanner checks mail as it comes into outlook, there is a change that (even if automated) the virus definition files the scanner is using are out of date, and more importatly, if the users system has become unstable or for whatever reason the virus scanner may not even be running. If the virus scanner is set up as a service and permission isn't given to the user, the user can't change parameters or turn off the scanning, but if Word crashes, and Word was the default email editor for Outlook, and VirusScanning was integrated into Outlook then the virus service may stop. Then the user opens Outlook but doesn't restart the computer (since permissions that's the only way to get the vscan service to start) then email virus' coming in over pop3 are not scanned. I realize that automatically restart service paramters and such can be set, but any number of things can crash the service. If we disable pop3 and make everyone go though the exchange (or notes or whatever) server, then we only have to worry about scanning at the server. - -t - -Original Message- From: Ferguson, Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 12:46 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: POP3 we took pop3 away from our users not long ago due to virus concerns, technically the desktop software will scan attachments/emails if configured properly, but we like to control the specific types of attachments they can/cannot receive and scan all mail at the server level first - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 5:00 PM To: [EMAIL PROTECTED] Subject: POP3 My users want me to to give them POP3 access via the firewall. We have an Exchange Server runnig with a Checkpoint Firewall. Are there any security issues that I need to watch out -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBPH0RueNpgK+KgsrYEQIIFgCdGjyRTf/hO9ajQPv6dy70UrK95H8AnR2U hHpV7Rx+TPvvZ21xLvQudHsH =fbi3 -END PGP SIGNATURE-
FW: Unclassified Disk Sanitizers
Try Digisecret from TamosSoft - does up to 35 passes... only $30US for one-user license... Windoze only tho... http://www.tamos.com/products/digisecret/ -J -Original Message- From: Kevin Maute [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 10:29 AM To: Sadler, Connie J; [EMAIL PROTECTED] Subject: Re: Unclassified Disk Sanitizers Connie, I found no (reasonably priced) utility when I looked at this about 2 years ago. I was an Air Force contractor at the time and had much the same problem that you (probably) do. My solution was to develop a Linux based solution to do this. The advantage of this was it supports both SCSI and IDE disks and doesn't care what OS/Data is on the disk. There was also a document that dictated that for your needs you needed 3 passes to clear the data and for more sensitive needs require 7 passes to sanitize the disk. Many people that are familiar with disk technologies feel this may not be enough but to do anything with the data that may still be on the disk requires fairly expensive hardware and lots of time... Kevin Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybody have experience with this? Thank you! Connie -- ++ Kevin Maute Educating people on the avoidable carcinogens in their lives and how to replace them with safe, superior products. mailto:[EMAIL PROTECTED] http://www.ineways.com/kmaute http://www.newaysonline.com ++
Re: A question on the law.
I am not a lawyer. I have no legal background. This is not legal advice. This is my personal opinion based on personal experience and observation within various Infosec activities in Corporate and US Government environments. And its cynical. You have been warned. :) On Fri, 2002-02-22 at 21:54, Billy D Walls wrote: networks bandwidth free of charge, is there a way LEGALLY to tell these people how bad the security is without getting shot. I don't want to go to jail, I don't want to be called a terrorist, I just want to tune these people into a clue...? In the perfect world, dropping a quick email to the network owners alerting them of their vulnerability would be enough. You would get a polite thank-you. Maybe a request for more information. You would feel happy that you helped and they would be better off for your help. Enter the real world. Your notification will cause confusion within the IT ranks. Decision Makers will be asking about evil hackers managing to hack the network despite the expensive firewalls and anti-virus software. Managers will go in to CYA mode. It will be decided something must be done although its very possible nobody will understand the technical issues involved. Someone will mention knowing an agent at the FBI. You will become the focus of a criminal investigation. In short, its possible your warning will be well received. But it is more likely that you will be punnished for your effort. Your gain probably does not justify your risk if you came forward with this information. Infosec has a number of tenets. For those who are interested in infosec, the most important may very well be before you test any organization's information security posture, you should have WRITTEN permission to do so. This comes from an ongoing history of individuals being prosecuted for minor infractions in the name of computer security. One of the most famous of such cases is Randal Schwartz: http://www.lightlink.com/spacenka/fors/ http://www.rahul.net/jeffrey/ovs/ -- .: Paul Hosking . [EMAIL PROTECTED] .: InfoSec . 408.829.9402 .: PGP KeyID: 0x42F93AE9 .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9
RE: Best means to block MSN Messenger, AIM and other chat programs? Thank you!
Actually, I disagree slightly with what you have said here. This is a real technical problem when programs like MSN Messenger have been found to have vulnerabilities within them that can allow the exploitation of malicious code. Last week when chatting with a fellow network admin across MSN, I received a link from him that, if I had clicked on it would have taken me to a site with questionable material. The URL (when translated to English) would have targeted a Spanish porn site. Who knows what code may have been lying on the page waiting for an HTTP request? This was obviously an attack exploiting MSN because I received the same URL at the exact same time from another individual at that same company. Fortunately, if any of my users would have received something similar, my firewall and content filtering would have denied access to the page. But suppose you do not have these tools in place to protect against users who are not so savvy? This goes beyond just a social problem. Anyway, those are just my two shinny pennies on the subject you brought forth. :-) Enjoy, Bejon -Original Message- From: Kevin Guidry [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 1:39 PM To: [EMAIL PROTECTED] Subject: RE: Best means to block MSN Messenger, AIM and other chat programs? Thank you! --- KEN MORRIS [EMAIL PROTECTED] wrote: we will stopping them from downloading the program Just out of curiosity, how do you plan on doing this? It seems to me that doing this may as difficult as blocking the program (as in your original question). I think that setting a company policy prohibiting the installation of these programs is the way to go. At its core, this is a social problem and not a technological one. Kevin __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Key Server...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Everyone, We are planning to set up our own keyserver so what we can digitally sign and encrypt our mails. Ideally users would be using either pgp or gnupg. What I would like to know is: 1. Are their any good GPLed Keyservers out there? I have tried the one by Mark Horowitz (http://mit.edu/people/marc/pks/pks.html). Was interested in knowing what people here think are the other possible options. 2. How compatible are gnupg and pgp? 3. Lastly, anyone can send their keys to the keyserver. How does the keyserver authenticate that [EMAIL PROTECTED] is really X and not some impersonator?? Or is that beyond the jurisdiction of the key server? Does the key server also act as some sort of Certification Authority?? If no, how can I integrate these two functions? With Regards Sumit Dhar - -- pub 1024D/7AB2D05A 2002-02-24 Sumit Dhar (Sumit Dhar, SLMSoft.com) [EMAIL PROTECTED] Key fingerprint = 4A18 D20D 3D15 6C5B CD2F 8E45 B903 0C29 7AB2 D05A sub 1024g/C57534F6 2002-02-24 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8fS9huQMMKXqy0FoRAnjyAJ9iStXE4QJvng1rz1vP5feXmOfw+gCfW0Br LavhmNxaNCN3Ca/WAWhVvcc= =83c2 -END PGP SIGNATURE-
Re: Port scan reporting?
There's nothing illegal about it. I would do a whois on Arin (http://www.arin.net) with that IP address, find and call whoever the ISP is and see if you can get them kicked or banned for abuse. It's a long shot but worth a try. Could be fun too! -Matt On Monday 25 February 2002 12:35, Ben Schorr wrote: Our ISA server reported a number of attempted port scans of our server over the weekend; no biggie, but the log files indicate the IP address they supposedly came from. Is there any agency I should be reporting these to or is there any value in trying to report them to the ISP? What's the best practice in this case, do I just ignore them? Mahalo! -Ben- Ben M. Schorr, MVP-Outlook, CNA, MCPx3 Director of Information Services Damon Key Leong Kupchak Hastert http://www.hawaiilawyer.com http://www.hawaiilawyer.com
RE: Unclassified Disk Sanitizers
You can try Format Secure by East Technologies. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:06 AM To: Kevin Maute Cc: [EMAIL PROTECTED] Subject: Re: Unclassified Disk Sanitizers For the price of that kind of utility, you might as well physically destroy the hdd's, and replace them with new or used drives picked up at auction. Price per gb at least for IDE drives has gotten cheap enough for this to be a plausible situation. Just depends on how gone you want that information. Kevin Maute kmaute@mindsTo: Sadler, Connie J [EMAIL PROTECTED], pring.com [EMAIL PROTECTED] cc: 02/23/2002 Subject: Re: Unclassified Disk Sanitizers 09:29 AM Connie, I found no (reasonably priced) utility when I looked at this about 2 years ago. I was an Air Force contractor at the time and had much the same problem that you (probably) do. My solution was to develop a Linux based solution to do this. The advantage of this was it supports both SCSI and IDE disks and doesn't care what OS/Data is on the disk. There was also a document that dictated that for your needs you needed 3 passes to clear the data and for more sensitive needs require 7 passes to sanitize the disk. Many people that are familiar with disk technologies feel this may not be enough but to do anything with the data that may still be on the disk requires fairly expensive hardware and lots of time... Kevin Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybody have experience with this? Thank you! Connie -- ++ Kevin Maute Educating people on the avoidable carcinogens in their lives and how to replace them with safe, superior products. mailto:[EMAIL PROTECTED] http://www.ineways.com/kmaute http://www.newaysonline.com ++
Re: Unclassified Disk Sanitizers
hehe.. true., then again, STM can work wonders if you have the luxury of unlimited time! ;-) dd will work as well, realistically, data only has to be overwritten ONCE to be unrecoverable using standard forensic methods! _ John Daniele Technical Security Intelligence Toronto, ON Voice: (416) 605-2041 E-mail: [EMAIL PROTECTED] Web:http://www.tsintel.com On Mon, 25 Feb 2002, Meritt James wrote: Sorta depends if you ever want to use it again. If not, a blowtorch would probably work nicely. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
RE: Unclassified Disk Sanitizers
While taking a sledgehammer to a drive does sound quite therapeutic, I would suggest rather, to look around for your local metal recycling company. They will gladly take your old hard drives, monitors, Sun IPCs (on second thought, instead send them over my way! :p) and mince them to itty bitty peices for you! And in much smaller chunks than you could ever possibly replicate with a sledgehammer. www.resourcecon.com is one company that a few of my clients have used. ttyl, _ John Daniele Technical Security Intelligence Toronto, ON Voice: (416) 605-2041 E-mail: [EMAIL PROTECTED] Web:http://www.tsintel.com On Tue, 26 Feb 2002 [EMAIL PROTECTED] wrote: DoD wipe, Norton Wipe, KO. Three passes for sensitive info. Seen KO and DoD used for higher than that. And all three could have been the same program. They sure did look alike. No idea on price I can't find my link at the moment, but there used to be a link to a paper that went into painful detail how you could build your own -- oops!! found the link. Luck I remembered Magnetic force scanning tunneling microscopy (STM) Made the search pretty quick. This link tells you just how safe your old hard drive is. YOU have to determine how much effort YOU want to spend to be safe. If it was my hard drive with my excel spreadsheet of all my unreturned public library books (Which I do really intend to turn back in, some day when I return to the USA (Any lawyer types out there know the statute of limitations on overdue library books??)) I'd open the drive up and sand off the magnetic media with an electric sander, then use an 8 pound fine alignment tool (sledgehammer) to reduce it to shards. The link, for those that held out: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gut mann/ When you read this, don't feel inferior. Uncle Peter Guttmann doesn't want you to feel that way; he's just oh so much more brilliant than most of us. I sure felt humbled. D. Weiss CCNA/MCSE/SSP2 -Original Message- From: Kevin Maute [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 4:29 PM To: Sadler, Connie J; [EMAIL PROTECTED] Subject: Re: Unclassified Disk Sanitizers Connie, I found no (reasonably priced) utility when I looked at this about 2 years ago. I was an Air Force contractor at the time and had much the same problem that you (probably) do. My solution was to develop a Linux based solution to do this. The advantage of this was it supports both SCSI and IDE disks and doesn't care what OS/Data is on the disk. There was also a document that dictated that for your needs you needed 3 passes to clear the data and for more sensitive needs require 7 passes to sanitize the disk. Many people that are familiar with disk technologies feel this may not be enough but to do anything with the data that may still be on the disk requires fairly expensive hardware and lots of time... Kevin Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybody have experience with this? Thank you! Connie -- ++ Kevin Maute Educating people on the avoidable carcinogens in their lives and how to replace them with safe, superior products. mailto:[EMAIL PROTECTED] http://www.ineways.com/kmaute http://www.newaysonline.com ++
Just a question ........NEWWWWS !!!!!
Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso
RE: Unencrypted Email
heheh, well I'd place my spy at the company itself and have them perform a security walkaround of the building to locate the (normally unprotected) demark point and install my sniffer physically on the wire there. Not to say that there aren't any lame ISPs/datacenters around (I have definately seen my share) but this is their primary line of business, you are perhaps more likely to gain access to the end user's infrastructure. I say that the direct approach will probably be more successful. You'd be suprised how many large companies don't even think to set up a surveillance camera within their telecom/switching rooms, or even in the hallway leading up to the door. _ John Daniele Technical Security Intelligence Toronto, ON Voice: (416) 605-2041 E-mail: [EMAIL PROTECTED] Web:http://www.tsintel.com On Mon, 25 Feb 2002, Coffey, Christopher S. wrote: I'll add my opinions here, hopefully you will find them interesting: 1. Yes most sniffers can be configured to find just curtain types of traffic by headers (mail, ftp, etc.) 2. Yes but it takes more work than that, let me explain (this is but a sample scenario btw). Say I was a company in LA and I wanted to snoop the email of my competitor in NY city. I would need to find out who there ISP is (who runs there T1 or whatever) then I would need to Hack into that ISP ( Ok yes this is complicated it might require breaking into multiple routers and servers within the ISP to find the right link into there T1 ) and install my sniffer software to grab all the mail coming and going from that company. This could either be done by a group of black hat mercenaries or by a well placed inside at the ISP. 3. This is a rough scenario, it would be a very big case of corporate espionage that so far we haven't seen yet ( or at least not made public) but it is possible, with enough time money and luck it could be done, it all depends on how much $$$ the data is worth ??? Christopher Coffey Network Security Officer AAC-VA -Original Message- From: Dave Bujaucius [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 10:58 AM To: [EMAIL PROTECTED] Subject: Unencrypted Email It is common knowledge that unencrypted messages sent over an unsecured Internet connection *can* be viewed in clear text and thus the contents compromised. My questions: 1. Is it really easy? How readily available are sniffing tools that can do this? 2. Can it be done from a user's home dial up or DSL type connection? Can someone in California somehow be scanning mail leaving a New York location? 3. Outside of government agencies that have access to selected ISP's, how likely is it that a company could be targeted by an outside person or organization? I realize that like most IT issues everything is relative. I'm questioning the relative risk in sending confidential information over the Internet. Real life experiences versus theory. Dave Bujaucius
RE: The Best Network Scanner?
Nessus (www.nessus.org) is probably one of the most popular. Sara (www-arc.com/sara/) and saint (www.wwdsi.com/saint/) as well. mrcorp The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard Poor's
RE: Just a question ........NEWWWWS !!!!!
Windows 98 machine? Run msconfig and remove the support-http.exe program from start up and remove it from the startup list in the System Registry. Also go to the file and left-click on it and look at it's properties. It might have some more company information that will might jog your memory about it being something you installed or something someone else has tricked you into installing. Also, see if you can go to your Control Panel and Add/Remove the program. More than likely, if it is a Trojan, it will try to mutate itself and change its name, and install itself all over the place. Either way, I wouldn't trust it, because it sounds like it is trying to be covert, and I am a control freak. Hunt it and kill it like the invader it is! Douglas Gullett, CCNA, CCDA, CCNP -Original Message- From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Just a question NES ! Hi Again thank you all for answering, but I've got some news I didn't use fport ( which was a proposition of someone of you ), but I tried to block this address by ZoneAlarm Pro that is installed and running. ZApro gave me then an alert every 20 seconds, and said that Microsoft outlook express tried to connect to www.myhost.com which resolves in the browser directly to weguardyou.com !! the alert is : Your computer was prevented from connecting to a restricted site (www.myhost.com). User: Bassam ALHUSSEIN Program: Microsoft Outlook Express . Time: 23/02/2002 03:34:20 PM the problem is that I never visited that site before or downloaded something from there ...!!! softwares that I use at startup are : some Norton utilities and AV, ZoneAlarmPro, and getright !! I have had these alerts even when outlook is not running ...!!! So when I passed on PROGRAMS SETTINGS in ZApro I found TWO outlooks 1)Outlook Express (which is the file msimn.exe) 2)Microsoft Outlook Express (which is support-http.exe ) and it is this one that was trying to connect to myhost.com ..but why ??? ( it exists even in the registry to run at the startup ..!! wow but with name of http tunnel ?? I remember ..http-tunnel is a program I used once to bypass my the proxy server of my ISP that blocks free email sites ...!!! ) what do you think ??? should I still block the address and have the alerts every 20 sec... should I delete that key from the registry ??? Do you know if support-http is really a program from microsoft ? ( cause it is in the system folder and http-tunnel that I used is just one exe file on another hard drive ) I am lost .help I sent email to [EMAIL PROTECTED] but got no answer . Bisso
Re: Unclassified Disk Sanitizers
C'mon kids, why waste money just to destroy data? It's easier than all that Drop disk in question in a free unix box, then: dd if=/dev/urandom of=/dev/daWhateverdisk If you're really paranoid, put it in a while true, run it all night It takes longer than a blowtourch but get the drive just as hot and delicious without the open flame - Jared Lovell On Thu, 21 Feb 2002, Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc We need one for Windows and one for UNIX, if one tool can't clean both types of disks Anybody have experience with this? Thank you! Connie
ssh ip-tunnel?
hi listmembers has some1 ever managed to get a ssh-secured ip-tunnel from a debian linuxbox to a debian linuxbox? i would like some more infos on this, if some1 has some howto laying arround, please let me know, cause i didn't find anything down the net about how to set this up or how to configure this... tnx very much Gruss/Regards, Joachim Schiele -- Joachim Schiele [qknight] [EMAIL PROTECTED] Live free or die - Free software for a free world www.gnu.org http://www.dune2.de - A free resource for information and music http://www.mutt.org - for the best email client on the world
Re: How to search for sniffers on my RedHat Machine?
Or check your syslog messages for devices leaving and entering promicuous mode. I'm not for if all distributions of Linux log such data to syslog, I'd imagine they do. I run SuSE Linux 7.2, and it does. [EMAIL PROTECTED] On Tuesday 26 February 2002 11:54 am, frederic de-villamic wrote: On Mon, Feb 25, 2002 at 07:20:13PM +0530, Krishna wrote: -BEGIN PGP SIGNED MESSAGE- Hash: MD5 Monday, February 25, 2002 7:16:40 PM Hello , I used Anasil to detect sniffers on my network. It tested positive on some of the machines. Now how should I search for these sniffers on the machines. The machines are running on RedHat Linux 6.0. Any help would be appreciated - -- regards, Krishna mailto:[EMAIL PROTECTED] Krishna Shekhar Network Administrator Wiplash.com __ | / /___ _/__ __ \__ /___|_ ___/__ / / / __ | /| / / __ / __ /_/ /_ / __ /| | \__ /_/ / __ |/ |/ / __/ / _ /_ /___ ___ |___/ /_ __ / /|__/ /___/ /_/ /_/_/ |_// /_/ /_/ http://wiplash2000.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPHpBGeg6KamseJ9hAQGwuAP+LFRw5Q9UZdI6EDtbe2WIJ5nXKyP0vPHj 9WioR+ivqZe4QrZSlddzvsCeGg9QJO4c5SeztRtruSCsUpgjdakTUrYY/skWwXa5 bbjwYu3Ng+8fLKQglcKRS0HUDxZfVO9BQSB64o6285v7sQS10QKU8D1qnxMmVTQQ +GYMSqzVgkU= =Wmns -END PGP SIGNATURE- you should just try ifconfig and then see if the ethernet card is in promiscuous mode. No need some tools. neuro
Re: The Best Network Scanner?
Hello Bejon, This is my vote: Retina - Network Security Scanner. http://www.eeye.com/html/Products/Retina/index.html Thanks, -Mark Bejon ParsiniaTo: Security-Basics (E-mail) [EMAIL PROTECTED] bejon@superte cc: l.com Subject: The Best Network Scanner? 02/25/2002 05:20 PM Please respond to bejon Good day, I just wanted to pose this question to the group, what are some of the best network scanners on the market for finding vulnerabilities on your network, reporting on issues, and suggesting fixes for the known vulnerabilities that are found? When you respond, please note if this is a *nix or Win32 app (I'm in a Win32 environment). I've been working on testing a few different products and have had a tough time on picking one to go with. Also worth noting, I haven't found an application that is thorough enough for my liking yet either. The real dilemma is, I have such a tight budget (who in IT doesn't these days though) that I am forced to make a very informed decision. So, with that in mind here is your challenge. I appreciate any feedback you can give me, and am looking forward to putting my servers under even greater stress with your recommendations (assuming there is a trial demo available or you suggest a free app). :) Sincerely, Bejon Parsinia [EMAIL PROTECTED]
FW: Secure Fileserver
I would run Windows 2000 server. It would allow you to run an easy setup with what you have now plus grow in the future. It also will offer several types of backups. Just make sure that you run the latest service pack. What kind of connection are you running?(T1, DSL, Cable, etc.) That would determine what kind of protection you need being that the proxy would be gone. Michael Gilmer Network Engineer -Original Message- From: Matthias Kerstner [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 4:53 AM To: [EMAIL PROTECTED] Subject: Secure Fileserver Hello list. I need your advice for a secure OS in my NT-environment. Currently we are running 8 machines (NT, SP6) that are connected to an Novell Dataserver, which also serves as a proxy. Now since our network capabilities have to grow, I decided to set up a different OS on the server. Therefore I need your suggestions which OS (Windoze preferred) are suitable for my configuration. This OS must also be able to perform backups on daily basis Any recommendations are welcome! Thanks! Kindly regards, - matt
RE: Secure Fileserver
Matt, I don't only want to toot Microsoft's horn, but I would suggest Windows 2000 Server (or Advanced Server if needed). MS has made some good strides with integrating a greater level of security in Win2k. With the policies you can create, Kerberos, and the usual file and user security (just to name some of the options), it is a good alternative. I personally wouldn't suggest rolling out XP due to the FBI Software Advisory release a month or so ago advising that organizations hold off on installing XP in their network environment due to security vulnerabilities that exist within the OS. While MS claims to have resolved them, I'm not dazzled with XP and have no intent of installing it on my network any time soon. In actuality, I've only rolled out 2k within the last few months and am very happy with the way it has performed and the options it presents to me as an admin. And yes, it allows for centralized backup of the network, but I always try to shy away from an MS backup software. I use and prefer Veritas. So, that is my suggestion. Good luck! Bejon -Original Message- From: Matthias Kerstner [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 2:53 AM To: [EMAIL PROTECTED] Subject: Secure Fileserver Hello list. I need your advice for a secure OS in my NT-environment. Currently we are running 8 machines (NT, SP6) that are connected to an Novell Dataserver, which also serves as a proxy. Now since our network capabilities have to grow, I decided to set up a different OS on the server. Therefore I need your suggestions which OS (Windoze preferred) are suitable for my configuration. This OS must also be able to perform backups on daily basis Any recommendations are welcome! Thanks! Kindly regards, - matt
RE: The Best Network Scanner?
There is a command line version of NMap for Win32 but it is flaky somewhat. Shadow Security scanner is a great freeware scanner for Win32 but if you want really Heavy Duty for an NT environment, go with Retina, available in a limited demo from www.eeyes.org Chris Chandler MCSE Windows 2000 NT4, A+, Network +, MCP-I -Original Message- From: Bejon Parsinia [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 6:20 PM To: Security-Basics (E-mail) Subject: The Best Network Scanner? Good day, I just wanted to pose this question to the group, what are some of the best network scanners on the market for finding vulnerabilities on your network, reporting on issues, and suggesting fixes for the known vulnerabilities that are found? When you respond, please note if this is a *nix or Win32 app (I'm in a Win32 environment). I've been working on testing a few different products and have had a tough time on picking one to go with. Also worth noting, I haven't found an application that is thorough enough for my liking yet either. The real dilemma is, I have such a tight budget (who in IT doesn't these days though) that I am forced to make a very informed decision. So, with that in mind here is your challenge. I appreciate any feedback you can give me, and am looking forward to putting my servers under even greater stress with your recommendations (assuming there is a trial demo available or you suggest a free app). :) Sincerely, Bejon Parsinia [EMAIL PROTECTED]
RE: Unclassified Disk Sanitizers
But remember, it has to be approved based on unclassified government standards. ;-) -Original Message- From: Jared C. Lovell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 11:18 AM To: Sadler, Connie J Cc: [EMAIL PROTECTED] Subject: Re: Unclassified Disk Sanitizers C'mon kids, why waste money just to destroy data? It's easier than all that. Drop disk in question in a free unix box, then: dd if=/dev/urandom of=/dev/daWhateverdisk If you're really paranoid, put it in a while true, run it all night. It takes longer than a blowtourch but get the drive just as hot and delicious without the open flame. - Jared Lovell On Thu, 21 Feb 2002, Sadler, Connie J wrote: Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines retired to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybody have experience with this? Thank you! Connie
RE: Linux hardware firewall question
Hi. I have at home a small network of 4 computers hooked up to an 8 port netgear 10/100 switch, which then feeds into my Linux router / firewall which feeds into my 3com cable modem which feeds into att's cable modem network. My linux firewall/router is basically a Pentium 233 MMX with 64 Megs of ram and 8Gb hard drive. I wrote a script called 'firewall' and chmod +x 'd it. snip # allow packet forwarding echo 1 /proc/sys/net/ipv4/ip_forward # flush tables iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -t nat -F OUTPUT # allow packes from my work iptables -A INPUT -i eth0 -s 64.244.234.0/23 -j ACCEPT # log and drop everything else connecting TO my firewalll iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j LOG --log-prefix input-drop iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP # allow certan packets through to interanll computers iptables -A FORWARD -i eth0 -p tcp --dport 4000 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --sport 5190 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 1214 -j ACCEPT # log and drop everything else iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j LOG --log-prefix forward-drop iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP # setup masquerading for outgoing traffic iptables -t nat -A POSTROUTING -j MASQUERADE /snip This setup has basically worked fine so far. If anyone has any suggestions on my setup, I am open to suggestions. At 02:53 2002-02-26, you wrote: I operate a small network of about 5 computers and am considering setting up a pc to operate as a firewall/router for the network. The network does no recieve much traffic at all and trying to figure out hardware wise what I need the topology I have decided to go with is that each box on the network will have its own nic on the pc. Additionally, if anyone can suggest documentation on how to set this up software wise I would appreciate it. I have some experience with iptables, but an unsure exactly how I would set this up? Again any help would be appreciated. Thank you. J. Ferguson Lee [EMAIL PROTECTED]
MSN Yahoo messengers
Hi folks my customer wants to log the usage / login/logout timings etc of MSN Yahoo messengers. also the text being sent if possible. how do i log that. through a passive listening station. we have a hardware based proxy (NAT device d-link ) no software based proxy. not possible to implement. regards durga prasad
RE: Access control servers
Just a thought, but you may want to look into AAA Radius Server type of authentication and tracking as well. I use this technology for other purposes but it has capabilities similar to what you are looking for and can work in conjunction with various hardware. Good luck! Bejon -Original Message- From: Ronald Jenkins [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 9:12 PM To: [EMAIL PROTECTED] Subject: Access control servers My company is currently researching all available access control servers to protect our corporate intranet. We have found only a minimal set of highly regarded solutions. Based on our research, it seems like Gemplus' eAccess server and Netegrity's Siteminder product are the way to go? An advisor also mentioned a possible solution from a recent company called Caradas (sp?) (but I'm not familiar with them). Does anyone have any preferences/input? Gemplus seems to be the standard here. Thanks in advance. Regards, Ron __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Re: The Best Network Scanner?
Hi Bejon For win nt for me the one of good one's is Retina from www.eeye.com And concerning the linux platform one of good one's is nessus. Regards Kulla - Original Message - From: Bejon Parsinia [EMAIL PROTECTED] To: Security-Basics (E-mail) [EMAIL PROTECTED] Sent: Tuesday, February 26, 2002 00:20 Subject: The Best Network Scanner? Good day, I just wanted to pose this question to the group, what are some of the best network scanners on the market for finding vulnerabilities on your network, reporting on issues, and suggesting fixes for the known vulnerabilities that are found? When you respond, please note if this is a *nix or Win32 app (I'm in a Win32 environment). I've been working on testing a few different products and have had a tough time on picking one to go with. Also worth noting, I haven't found an application that is thorough enough for my liking yet either. The real dilemma is, I have such a tight budget (who in IT doesn't these days though) that I am forced to make a very informed decision. So, with that in mind here is your challenge. I appreciate any feedback you can give me, and am looking forward to putting my servers under even greater stress with your recommendations (assuming there is a trial demo available or you suggest a free app). :) Sincerely, Bejon Parsinia [EMAIL PROTECTED]
RE: Port scan reporting?
Aloha Ben, (I'm replying to you as well as the list because I just received this.) Was it a targeted or complete scan? I usually send the documentation off to the ISP or IP registrant much as I would an attempted relayer or spammer. I wouldn't expect a quick follow-up though :) -Original Message- From: Ben Schorr [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 2:36 PM To: '[EMAIL PROTECTED]' Subject: Port scan reporting? Our ISA server reported a number of attempted port scans of our server over the weekend; no biggie, but the log files indicate the IP address they supposedly came from. Is there any agency I should be reporting these to or is there any value in trying to report them to the ISP? What's the best practice in this case, do I just ignore them? Mahalo! -Ben- Ben M. Schorr, MVP-Outlook, CNA, MCPx3 Director of Information Services Damon Key Leong Kupchak Hastert http://www.hawaiilawyer.com http://www.hawaiilawyer.com