Re: [swinog] "Hackerparagraph" (fwd)
Andreas Fink 2009-03-17: > Collegues, > > The federal adminstration wants to change the law about cyber crime. > > See also: > > >http://www.admin.ch/ch/d/gg/pc/pendent.html#EJPD > (or especially Genehmigung und Umsetzung des Übereinkommens des > Europarates über die Cyberkriminalität ) [...] Note that according to the "Adressatenliste", SwiNOG was explicitly invited to comment on the proposed change of law. I guess SwiNOG should comment on Art. 143bis Abs. 2 and request a clarification, in order to make sure that academical, commercial and private IT security research will not be affected by the change of law. The proposed wording of Abs. 2 currently does not adequatly honour the fact that security tools are dual-use goods by nature; i.e. they are not inherently good or evil. Or in other words, there is no practical way to distinguish a tool used by a professional penetration tester from a tool used by a blackhat. The difference between the two is not in the tools, it's in the contracts (i.e. approval of the target's owner). -- Daniel Roethlisberger http://daniel.roe.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] SCTP port scanning - call for testers
Hi SwiNOGers, I'm looking for systems speaking SCTP [1] in order to expose the experimental SCTP port scanning support for Nmap [2] to some more real-world testing. If you have network access to systems with (non-trivial) SCTP-based services, and would be willing to run a scan for me, then I'd be interested in hearing from you off-list. I'm especially interested in tests against proprietary SCTP stacks, but any real-world SCTP services would be of interest. Thanks, -Daniel [1] http://en.wikipedia.org/wiki/SCTP [2] http://www.roe.ch/Nmap_SCTP -- Daniel Roethlisberger http://daniel.roe.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] anyone from netstream (netvs.ch) listening here?
Per Jessen <[EMAIL PROTECTED]> 2008-02-05: > We've got a customer whose emails (from other people but filtered by > us) are frequently being rejected by Netstreams harsh SPF-check. I've > asked Netstream to add our servers to their whitelist, but nothing has > happened. As a more generic alternative, you could implement SRS in order to handle forwarding in an ``SPF compliant'' way. This will fix the problem for all receivers which use SPF for scoring or rejection. I am aware that this suggestion might well provoke yet another SPF/SRS flamewar :-) -Dan -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Cablecom Winterthur blocking outgoing SMB connections?
Jeroen Massar <[EMAIL PROTECTED]> 2007-12-12: > Tobias Goeller wrote: >> Jeroen Massar wrote: >>> You are blocking port 80? Wow. >> Yes, partly. I force those users to use a proxy-system... works >> quite well. > > How exactly does that help anything? [...] Though this might 'help' > (ahum) for worms and other such malicious tools which don't understand > that they can pick the configuration items for the proxy from IE or > Firefox configuration, it won't help a thing for anything else. By enforcing a proxy, you have the option of content filtering, either by MIME type or by running files through an AV scanner. It does not solve all problems, but can solve some of them. (At a cost, of course.) -Dan -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] vtx ADSL /30 subnet practice
Pascal Gloor <[EMAIL PROTECTED]> 2007-06-07: [snip] > This is the normal routed case. I think this is what Daniel was > looking for. Not quite, but oh never mind. The point I was trying to make is the fact that vtx engineers explained to a customer that he would not be able to assign *any* address of his /30 subnet to a server behind his ADSL router because all of the subnet would be consumed by the link from the LNS to the ADSL router (I guess this hasn't come across too well from my message). It seems nobody can imagine how this is supposed to be the case, so I guess that confirms that it's probably bogus information. Thanks anyway for all responses! Cheers Dan -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] vtx ADSL /30 subnet practice
Jérôme Tissières <[EMAIL PROTECTED]> 2007-06-04: > Yes, I confirm if you order a /30, /29, /28, etc to VTX, the first IP > of the subnet is assigned to the CPE with the right mask associated. The "first" being what is normally referred to as the network address (ending in bits 00) or the first "normal" address (end bits 01)? -Dan -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] vtx ADSL /30 subnet practice
[EMAIL PROTECTED] <[EMAIL PROTECTED]> 2007-06-03: > This setup works on Cisco and Zyxel ADSL as the WAN interface is using > the IP from the LAN side and the LNS sees both a /32 and a /30 > route...not sure about other xDSL CPEs though (o; In this setup, the PPP endpoint address of the CPE router is the same as it's LAN address, and the customer still gets his /30 network to use as expected, i.e. there's an address left for, say, a server. In the vtx case (if correct), there is nothing of the /30 left to the customer to use, except the WAN address assigned via PPPoX. Granted, this does not sound very sane, since the customer pays for a /30 which he does not get. Maybe the vtx engineers just had bad luck explaining the above to the customer. Cheers -Dan > > > cheers > rick > > > Daniel Roethlisberger schrieb: > >It seems that vtx has some very strange way of configuring the /30 > >subnet when customers order 4 fix IP addresses. > > > >Normally when someone orders a /30, the ADSL router's PPP interface > >would get an address from an unrelated address range. The 4 addresses > >from the customer's /30 subnet can be used by the custumer for the > >network and broadcast addresses (-2), the router's LAN interface (-1), > >leaving one address for a server or desktop machine. > > > >However, this seems not to be the case at vtx.ch. As two vtx engineers > >explained to a (tech-savvy dipl. Inform.) customer, they use the > >addresses from the /30 subnet for the PPP link between their last router > >and the customer's ADSL router. So in effect, this means ordering a /30 > >subnet (the 4 fix IP addresses option) from vtx gets you the same as > >ordering a single fix IP address -- you get a static address on your > >ADSL router's PPPoA/PPPoE interface, period. To actually use the static > >address on a server/desktop, you need to either configure destination > >NAT on your router or operate it in bridging mode and run PPPoE directly > >from the server/desktop. > > > >Can anybody confirm that this is current practice at vtx? Are other > >providers doing the same? > > > >-Dan > > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] vtx ADSL /30 subnet practice
It seems that vtx has some very strange way of configuring the /30 subnet when customers order 4 fix IP addresses. Normally when someone orders a /30, the ADSL router's PPP interface would get an address from an unrelated address range. The 4 addresses from the customer's /30 subnet can be used by the custumer for the network and broadcast addresses (-2), the router's LAN interface (-1), leaving one address for a server or desktop machine. However, this seems not to be the case at vtx.ch. As two vtx engineers explained to a (tech-savvy dipl. Inform.) customer, they use the addresses from the /30 subnet for the PPP link between their last router and the customer's ADSL router. So in effect, this means ordering a /30 subnet (the 4 fix IP addresses option) from vtx gets you the same as ordering a single fix IP address -- you get a static address on your ADSL router's PPPoA/PPPoE interface, period. To actually use the static address on a server/desktop, you need to either configure destination NAT on your router or operate it in bridging mode and run PPPoE directly from the server/desktop. Can anybody confirm that this is current practice at vtx? Are other providers doing the same? -Dan -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Kirill Ponazdyr <[EMAIL PROTECTED]> 2006-09-16: > > The subject says it all: do you know which providers support TLS > > (the technology formerly known as SSL) for SMTP, POP and/or IMAP for > > their residential or small-office dialup/broadband customers? > > TLS for SMTP makes no sence since this will only protect your message > enroute from your machine to SMTP server but after that it is all open > again. Of course TLS does not offer end to end security like S/MIME and PGP do, but still there are plenty of reasons for supporting TLS: * Protection of SMTP AUTH credentials, especially when using insecure auth methods * TLS between MTAs requires no action on behalf of end users and still offers additional protection compared to no TLS, while TLS between MUA and MSA/MTA is still a lot easier to set up for customers than S/MIME or PGP * Given todays many open or insecure wireless networks, TLS on the first hop (MUA <-> MSA/MTA) helps to better protect messages when they are most vulnerable -- it seems to be considerably more difficult for third parties to read messages in transit between MTAs than to read messages on the first (or last) hop on wifi or shared / public access networks * TLS protects the RFC 2822 headers and RFC 2821 envelope too, which S/MIME and PGP cannot -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Formmailer-Scripts and Spam
Randazzo Filippo <[EMAIL PROTECTED]> 2006-08-16: > In my (recent) experience, this problem is not related with the form > but directly with the database.. The spammer seems using an automatic > bot that is sending content to generic database fields (so my > suggestion would be changing the table field names to strange ones > instead of changing field names of the form); Let me tell you what > happened to me: I have a small guestbook in ASP (not self made, is a > free code found online) used by me and 7 more friends for a private > fanta-soccer-game website (so absolutely not a visited website). I > begun to have those spam messages in it and I fgured out the > following: I had since the beginnning the possibility to > enable-disable the form fields 'sender email' and 'sender website' > and, being only 8 ppl, I disabled them immediately during the > guestbook installation: checkingthe database after the spamming I > found those fields in the database FULL WITH INFO even if there was no > input field in the form. This script is simply broken security-wise, it should not accept sender email/website fields in the submitted form data when those fields have not been part of the form it sent to the browser. Changing field names is just security by obscurity, even if it might help in cases where spambots rely on known field names. > Thats why I can tell tah tis problem is not > form-related. Solutions (possibility that I had from this premade > guestbook): > 1) enable Session ID check (so the post must be submitted from the > form and not from outside) > 2) enable cookies (to prevent spamming the gustbook with multiple > comments) > 3) enable the loved/hated security images > > P.S: another system that seems working (I'm testing it) is to put the > guestbook pages on a different server from the main website (im > including it in a ).. Seems that this is confusing the bots.. > > /lurking mode on > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manuel > Krummenacher > Sent: martedì, 15. agosto 2006 18:01 > To: swinog@swinog.ch > Subject: Re: [swinog] Formmailer-Scripts and Spam > > > Matthias Hertzog wrote: > > b) Web-user has to enter a unique number (generated image) in the form > > to prove, he's a human being. > Works fine, but you think of the visually impaired. There are captchas > which provide the number also as sound. But I wouldn't use captchas on > business websites, it's to annoying for the users to type in the number. > > c) Badword-Filtering in the formmail-script, some reqular expressions > > a.s.o. > > Often it helps if you give the fields "unsuspicious" names. "meinfeld4" > instead of "recipient" and so on... > > I use mod_security [1] with the rules from gotroot.com. mod_security > blocks the spam before the form gets processed. Additionally, it > protects the server from SQL-injection and other attacks. > > Greets, > Manuel > > > [1] http://www.modsecurity.org/ > ___ > swinog mailing list > swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Daniel Roethlisberger <[EMAIL PROTECTED]> ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog