At 10:29 30/06/2004, Cyril Guibourg wrote:
AFAIK, a PIX can operate without NAT. Did I miss something ?
Yes, NAT can be disabled on Pix.
See the 'nat' command.
Simply put the appropriate line syntax and it will behaves as a normal
Firewall.
But only behaves because no routing daemon, and Pix
Hi DarkSlaker
At 20:24 29/06/2004, Darkslaker wrote:
My question is PIX or Checkpoint what is better and why.
I dont think I am not skilled enough to provide you an answer about this.
However, I have both solutions under my authority and I can feedback about
a few things:
First CheckPoint (NG4)
FYI
There have been several reports of IIS servers being compromised in a
similar fashion. The result is that each has a document footer specified
which is JavaScript which causes the viewing browser to load a page from
a malicious website. The loaded page installs a trojan via one of
several
Azhar,
Did you checked the security levels values associated with each interface?
Brgrds
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
I confirm...
Another SPAMmer simply...
At 17:45 15/02/2004, Lee wrote:
I have been getting the below mail from numerous email sources all day, can
anyone else confirm this mail is flying around?
Regards
From :
Joel,
Click here, then OPEN the file:
http://torrent.spyderlake.com/download.php?info_hash=f03fc1e04869294d5644d3c8c5d0fb8f2d26aa59
If you aren't familiar with Bit Torrent, Shame on you. Download it here:
http://bitconjurer.org/BitTorrent/
I would like to recall 99% of what peer to peer tools
Nester,
Can you please advise any good Antivirus product for the SUN Solaris
platform.
Cant tell if it is good, but NAI/McAfee has a version of their Antivirus
for Solaris, FreeBSD, Linux, ...
Brgrds
___
Full-Disclosure - We believe in it.
Charter:
Hi Dave,
Just my 2 cents advice.
Can anyone recommend a good scanner or info site where I can compare some of
the binaries I saved (the machine has been wiped)?
The first thing I do to scan filesystems suspected of being intruded is to
launch against them (from remote or booting on CD, ...) an
Paul,
What do you mean by this? I haven't used the Foundstone tool, but are
you saying that the MS tool puts IPs of Win9x/ME hosts on the list of
vulnerable hosts?
Yes, we experimented that ourselves too.
MS Scanning tools is 100% true for NT, 2K XP machines.
It answers unpatched for Win9x
From France, sans.org resolves ok but not www.incidents.org
# dig www.incidents.org
; DiG 8.3 www.incidents.org
;; res options: init recurs defnam dnsrch
;; got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;;
Hi Gentlemen,
Following the article http://www.securityfocus.com/archive/119/333927, I
applied this principle on our IntraNet.
I used the oc192-dcom proof of concept code from securityfocus too.
I create a ms.bat script placed into the startup group (c:\documents and
setting\all
All,
We are experienced some ping floods on our IntraNet with decoys.
this DoS LANs for a few minutes, and restarts again later.
Is someone having this problem too?
Thanks
Brgrds
___
Full-Disclosure - We believe in it.
Charter:
All,
What we have here at the moment is the following:
1) IntraNet machines are pinging to random IP addresses (both targetting our IntraNet
and outside)
2) From time to time, when a particular machine is pinging from a subnet, it appears
some new machines on that subnet are starting to ping
All,
Here is our nemesis: W32/Nachi Worm.
See www.nai.com
Brgrds
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Well I guess it would appear from this portion of NAI's analysis that
someone was listening to the thread on this list about writing an
anti-blaster worm:
In fact, we were infected this morning with this worm and we sent it to NAI
since we are using their products.
NAI's reaction: what are
anybody catched a copy of this new worm?
We have plenties on our internal network ;-)
@+
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Matt,
FYI - we tried this with the worm and it *doesn't* work. msblast.exe
spoofed the source address as the loopback address handed out from our
DNS. We instead created an empty windowsupdate.com zone.
It worked fine for us after multiple tests.
But thanks for the info, we have alternate
,
Christopher Lyon
Affant Communication (formerly DNS Network Services)
[EMAIL PROTECTED]
-Original Message-
From: Marc Maiffret [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 2:58 PM
To: B3r3n; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] msblast DDos counter measures
Yah
Gael,
Try some other tests using no A record for windowsupdate.com in your local
zone,
you will notice that the damages are even smaller doing that instead of
localhost (127.0.0.1).
We also tested this solution to answer nothing to query as with an
unresolved domain.
But finally the solution
All,
We found a simple solution to protect our IntraNet against the DDoS.
Since the msblast.exe will SYN flood windowsupdate.com (or
windowsupdate.microsoft.com) with 50 packets per second (according to our
tests).
Since our IntraNet solves all its DNS queries through internal caches
Guys,
Never read the CISSP trojan? Nice no?
_
Security Advisory MA-2003-01 CISSP - Trojan Security Certification
Original Release Date: Thursday January 16, 2003
Last Revised: --
Source: --
Systems Affected
o Information Security Community
21 matches
Mail list logo
