Many thanks to all who replied. I've got some good verbage now. In
particular the multi-layer defense.
> -Original Message-
> From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 03, 2003 12:36 PM
> To: [EMAIL PROTECTED]
> Subject: RE:
Thursday, April 03, 2003 4:09 PM
To: [EMAIL PROTECTED]
Subject: RE: hacking challenge [7:66720]
This prompts me to say something about a comment from a previous poster
about how vulnerable Windows is compared to Linux/xBSD etc
I see many, many vulnerability alerts weekly for *nix based systems
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 03, 2003 8:46 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: hacking challenge [7:66720]
> >
> >
> > Wilmes, Rusty wrote:
> > >
> > > this is a general question for the securi
a necessity for -everyone- (IMHO) is not a cure-all; it is a
piece of a very large, very complex puzzle (even for a small network!).
..
Have someone in a Decision-making position there read "Hacking __(pick an os
- Windows2k, Linux, etc.)", or attend a SANS course (or just visit the
,
although just plonking a firewall in front of your unpatched sendmail
server won't achieve a great deal.
My 2c, YMMV
Symon
-Original Message-
From: Wilmes, Rusty [mailto:[EMAIL PROTECTED]
Sent: 03 April 2003 20:05
To: [EMAIL PROTECTED]
Subject: RE: hacking challenge [7:66720]
th
oose on their mail server thats bringing down their
main host system and their internet line (but thats another story).
> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 03, 2003 8:46 AM
> To: [EMAIL PROTECTED]
>
Easy, show them RFC 3514 and let them know you would need a firewall to
block the "Evil" bit...cash, check or charge?
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 11:46 AM
To: [EMAIL PROTECTED]
Subject: RE: hacking ch
Rusty,
I'm not clear from your question if there is an acl blocking everything
inbound to the nt servers except smtp and telnet or if the acl is for
inbound to the router itself. In the former case, unless your client is
forcing their users to use good passwords, it's likely that a brute
force te
cess to the box. After this you can download
> the backup copy of the SAM off the server run a crack program like
> lophtcrack and BLING BLING. You have every user name and password on
> the system. All to easy.
>
> I would recommend the Hacking Exposed book. If you want to prote
Wilmes, Rusty wrote:
>
> this is a general question for the security specialists.
>
> Im trying to convince a client that they need a firewall
>
> so hypothetically,
>
> if you had telnet via the internet open to a router (with an
> access list
> that allowed smtp and telnet) (assuming you
the backup copy of the SAM off the server run a crack program like
lophtcrack and BLING BLING. You have every user name and password on
the system. All to easy.
I would recommend the Hacking Exposed book. If you want to protect your
system from cracker / hackers. You need to know what they
this is a general question for the security specialists.
Im trying to convince a client that they need a firewall
so hypothetically,
if you had telnet via the internet open to a router (with an access list
that allowed smtp and telnet) (assuming you didn't know the telnet password
or the en
look to some sites as :
www.cert.org
www.packetstormattack.com
www.securityfocus.com
to get some procedures for testing firewall installations , otherwise you
must get in touch with experts to evaluate your configuration and the
vulnirability degree of your firewall.
there are also some remote sc
you will probably find
what you're looking for.
Also..."hacking" a firewall can mean several things. Do you mean telnet or
ssh accessibility? Or are you talking about gaining access to servers from
outside passing through the firewall?
One last thing...don't depend on a fir
Don't you think an expert should do this? You have no clue how to do this
yet you think you'll be able to assure your company about the "security" of
the firewall in one day? This would be funny if it were not true. And
companies wonder why they get hacked!
""sami natour"" wrote in message
O boy user Network Scanner na?
Regards.
- Original Message -
From: sami natour
To:
Sent: Saturday, February 09, 2002 12:13 PM
Subject: hacking a firewall [7:34978]
> Hi ,
> I am trying to test how secure BigFire firewall.I need
> to run some tests in other words I want to
Hi ,
I am trying to test how secure BigFire firewall.I need
to run some tests in other words I want to find if I
can hack it or not.It is very important to our company
to know how secure it is .
Best Regards ,
sami ,
__
Do You Yahoo!?
Send FREE Va
am
> "john the
> >ripper", is
> >it working with dictionaries or not? Because my question is,
> if I use
> >passwords
> >like "12eldkvi", which are not in any dics, how long you need
> then to
> >crack a
> >MD5-password?
> &
> The reason I asked was to see if other peoples impression was the same as
> mine. I've got the tools for the level 7 passwords, but was under the
> impression that the enable secret was almost impossible.
This is a dangerous assumption. Nothing is impossible, and this has
little to do with th
f I use
>passwords
>like "12eldkvi", which are not in any dics, how long you need then to
>crack a
>MD5-password?
>
>Regards
>Sacha
>
>-Urspr|ngliche Nachricht-
>Von: Anh Lam [mailto:[EMAIL PROTECTED]]
>Gesendet: Sonntag, 21. Oktober 2001 20:46
>
rithm based on
some "random" seed. Does not matter, you now have a pattern which you can
write your hacking program to work with. Now it will know your pattern if
it can reverse engineer the algorithm (should not be too hard), and you can
kiss every single password that you used
>From: "Brian Whalen"
>Reply-To: "Brian Whalen"
>To: [EMAIL PROTECTED]
>Subject: Re: OT: Enable secret hacking [7:23670]
>Date: Sun, 21 Oct 2001 15:38:37 -0400
>
>perhaps this is why sho run and sho conf are not level 1 commands??
>
>Brian "Sonic
perhaps this is why sho run and sho conf are not level 1 commands??
Brian "Sonic" Whalen
Success = Preparation + Opportunity
On Sun, 21 Oct 2001, Gareth Hinton wrote:
> The reason I asked was to see if other peoples impression was the same as
> mine. I've got the tools for the level 7 password
really want to crack the
password, he/she would use this application on
clustering technology to increase the CPU and memory.
>From: "Maissen Sacha"
>Reply-To: "Maissen Sacha"
>To: [EMAIL PROTECTED]
>Subject: AW: OT: Enable secret hacking [7:23670]
>Date
es or not? Because my question is, if I use
> passwords
> like "12eldkvi", which are not in any dics, how long you need then to
> crack a
> MD5-password?
>
> Regards
> Sacha
>
> -Urspr|ngliche Nachricht-
> Von: Anh Lam [mailto:[EMAIL PROTECTED
-Urspr|ngliche Nachricht-
Von: Anh Lam [mailto:[EMAIL PROTECTED]]
Gesendet: Sonntag, 21. Oktober 2001 20:46
An: [EMAIL PROTECTED]
Betreff: Re: OT: Enable secret hacking [7:23670]
Gareth,
I create an "enable secret" password on a Cisco router 2610 with the
password as you mentione
Hinton"
>Reply-To: "Gareth Hinton"
>To: [EMAIL PROTECTED]
>Subject: Re: OT: Enable secret hacking [7:23670]
>Date: Sun, 21 Oct 2001 13:34:19 -0400
>
>The reason I asked was to see if other peoples impression was the same as
>mine. I've got the tools f
The reason I asked was to see if other peoples impression was the same as
mine. I've got the tools for the level 7 passwords, but was under the
impression that the enable secret was almost impossible.
I do some work for a fairly large company that had some penetration testing
done this week by a g
ire memory and CPU power but it is not as difficult as it sounds.
That's the reason why the /etc/shadow file on unix system is read/writable
only by root.
>From: "John Neiberger"
>Reply-To: "John Neiberger"
>To: [EMAIL PROTECTED]
>Subject: Re: OT: Enable
The enable secret would not be an easy thing to crack. The enable password,
however, can be cracked easily with a number of utilities available for free
on the internet.
If you have hackers attacking your network who have the capability to crack
the enable secret then you have much bigger proble
There are several tools available to reverse the standard cisco password
encryption. However, the output that you show for enable secret isn't the
standard encrypted password; rather, it's the output of a one-way hash on
the password (the whole point of enable secret). So, I'd say that the
c
Hi all,
I'm asking this as a matter of interest after something I saw this week:
Given the following line of config:
enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90
What are the chances of cracking the enable secret? (Without raising
suspicicion by having 40 million attempts on the box itself.)
Excellent article about IRC Bots... For those that ACLs the hell out of
your routers... Read up on this...
http://grc.com/dos/grcdos.htm
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6817&t=6817
--
FAQ, list archives, and subs
t Security
Systems).
-Original Message-
From: Luke [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 10:43 AM
To: [EMAIL PROTECTED]
Subject: Re: Hacking!
Rick,
PMI (pardon my ignorance), I can say it as well as spell it but what the
hell is it and where can
Norfolk Naval Shipyard
Bldg 33 NAVSEA NCOE
757-393-9526
1-800-626-6622
-Original Message-
From: Luke [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 10:43 AM
To: [EMAIL PROTECTED]
Subject: Re: Hacking!
Rick,
PMI (pardon my ignorance), I can say it as
IDS? A must have for a multilayer security posture.
> Security does not start, or end for that matter with just a firewall..!!
>
> -Original Message-
> From: JCoyne [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 09, 2001 7:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re
Can you say NIDS? A must have for a multilayer security posture.
Security does not start, or end for that matter with just a firewall..!!
-Original Message-
From: JCoyne [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 7:55 AM
To: [EMAIL PROTECTED]
Subject: Re: Hacking
Read the book Hacking Exposed 2nd edition.
"imran obaidullah" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi Friends,
>
> I need some information on hacking which is surely to gain knowledge
and secure my corporate n/w
Hi Friends,
I need some information on hacking which is surely to gain knowledge and secure
my corporate n/w. My office has Cisco 3600 Router for internet connaction.
1. How can someone hack the Router.
2. If internet uses is trying to hack webserver using a hacking tool which is
using
Hello all,
Question for you, does Cisco support TCP Rate Control or TCP Flow Control?
MGR
_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Accidentally posted to groupstudy rather than cyberphil, but perhaps
of interest.
>I think Hacking is a very interesting topic but there is something I want
>to mention. I think Haking and Hackers have a positive aspect too, if they
>dont want do harm you (otherwise they would
>David Binder wrote,
>I think Hacking is a very interesting topic but there is something I want
>to mention. I think Haking and Hackers have a positive aspect too, if they
>dont want do harm you (otherwise they would be called crackers).
>If a Hacker broke into your system and
Hi all,
I need to restrict access to an AS5300 in terms
of the users should not be able to see a login prompt.
I've tried "no exec" on the tty lines 1 - 60, but this
stopped all users being able to logon. Survived
getting shot but I don't want to make the same mistake
again.
I'm wondering
43 matches
Mail list logo