oi oi oi. this is the new nimda virus. ntbugtraq has been talking all about
it. a few quick links for you to read up on.
http:[EMAIL PROTECTED]
http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D253
http://slashdot.org/article.pl?sid=01/09/18/151203&mode=thread
this is
>>> Jeff <[EMAIL PROTECTED]> 18.09.01 19:54:16 >>>
>I viewed the default web page on a machine known to be infected with Code
>Red II. In doing so, another browser window that appeared to be blank
>popped open, and the address in the title bar the name 'readme.eml'
>appeared. When I viewed the s
You have also been infected by the Nimida ("admin" backwards) virus.
Yaakov Yehudi
Security Administrator
Project Tehila
Israel Ministry Of Finance
1 Kaplan St.
Jerusalem
Israel
- Original Message -
From: "Jeff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: September 18, 2001 19:54
Thanks. After two hours of troubleshooting everthing
imaginable, it came down to being the Nimda virus.
Strangly, it wasn't the IIS servers that were affected
(they are all patched, etc), but the massive amount of
traffic caused by Nimda was overloading Apache on the
Linux servers. Fixed it by
Running Windows 2000 Advanced Server (no Service Packs).
Found a mysterious folder under C:\Documents and Settings\
called $
ie: BlackBox-01$ since the name of the computer is BlackBox-01.
What catches my attention:
1) Not all of the servers that are running Win2000 A.S. have this
Hi all.
I have a 3 site intranet connected over private leased lines.
we are usng MS exchange servers at all 3 sites & Outlook 2000 for about 100
clients.
how do I issue digital certificates to the mail so that we can eliminate
paper & signatures on paper & use e-mail for all important work.
this
Recieved from another list, relatied to Nimda worm.
HTH!!
I am not sure if anyone has posted this info yet but we were able to
figure out how to remove the W32.Nimda.A@mm from Windows 95/98. So far
it has been effective,
1) boot in DOS mode
2) edit system.ini file in c:\windows
3) look for this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi All,
I'm going to install one of the *bsd's for the first time.
I have experience with *nix like, OS's and of course security.
I'll be glad to have some refferences regarding:
1. where to get the most up-to-date code and patches.
2. some "install
> -Original Message-
> From: Joost De Cock [mailto:[EMAIL PROTECTED]]
> "Neither keys nor
> passwords are stored
> on the PC's hard disk. "
> and furthermore:
> "Finally, a secure challenge/ response procedure is available
> to re-issue
> the password, if a PC has been blocked beca
I'm tried with Snort 1.8.1 on Debian Linux... but ther'isnt problem.
I'v not some strange set of Snort.
I use like snort -dev
Walter
> I just started playing around with Snort a few days ago...
> Today, I had just compiled it on my laptop running Slackware 7.1.
> I then started Snort a
>>> somogyi lorand <[EMAIL PROTECTED]> 19.09.01 15:03:58 >>>
>Hi,
>I'm wondering if this is normal behaviour.
>My primary DNS is on x.x.x.x, and my ip is
>y.y.y.y. Snort portscan.log extr.:
>
>
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32783 UDP
>Se
Hi !
Sorry I`ve made a mistake in my prevoius post :-(
Is it posible to redirect all traffic comming for 0.0/0 80 to remote
^^
squid proxy using ipchains and ipmasqadm.
Here is what I try to use:
ipchains -A input -i eth0 -p tcp
Hardware. It runs on a specialized Cisco box.
-Original Message-
From: satyam [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:51 PM
To: [EMAIL PROTECTED]
Subject: Re: Hardware Firewall vs Software Firewall
Hi
what is Cisco PIX
a s/w or h/w firewall?
regards
dp-newbie
PIX are the Cisco firewall. This is a pure hardware firewall. Check the
following URLs
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/
http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm
They are layer 2-3 firewall working more like ACL mode than any other
firewall
Regards
Francois
**
On Tue, 2001-09-18 at 19:54, Jeff wrote:
> Can anybody tell me what purpose this might serve?
>
> --=_1000846456==_
>
>
> cid:EA4DMGBP9p height=0 width=0>
Hi Jeff.
You have is a piece of the nimda worm. You can find lots of discussions
and writeups on it right now (to i
My mistake earlier, Google.com had indeed not been infected with the virus.
They had just problems with their WAP (mobile phones, etc..) code on their
front page. the file extension was awfully similar to the .eml which is that
used
by the virus thats running about.
Michael
Jeff wrote:
> I view
On 18 Sep 01, at 11:05, Hatley, Brian D. wrote:
> I have not seen any response yet that actually addresses Fabian's stated
> objective to NOT give his users those permissions... While I was unable to
> get it to work without those permissions, has anyone else worked this out?
Yes, it is describ
ammending a minor error in what i posted previously.
Systems Affected: Systems running Microsoft Windows 95, 98, ME, NT, and 2000
Basically it preys upon a bug of I.E. and outlook to automatically execute
.eml files
my bad.
Michael
Jeff wrote:
> I viewed the default web page on a machine know
What you have got there is one of the latest self propogating viruses,
it can be read about at http://www.cert.org/advisories/CA-2001-26.html
What it does (for those that cant be bothered reading the advisory. Is
scan through your subnet (class c, b, or a) and for each IP it finds it
tried to d
On 19 Sep 2001, somogyi lorand wrote:
// Hi,
// I'm wondering if this is normal behaviour.
Yes, this is normal behavior.
If you want to avoid you must add your DNS server in snort.conf like:
var DNS_SERVERS x.x.x.x
and then you must uncomment the line
preprocessor portscan-ignorehosts: $DNS_S
Hi all,
Do you know any software that add auditability (when a new users is
created, change of rights, etc.)to Peoplesoft. Also any software that
define password policies, that enforce the periodic change of passwords
within Peoplesoft.
Thanks for your comments,
Gustavo
Cisco is using the PIX software on it's 'network appliance' firewall. I have
seen PIX used on a NOKIA firewall. very powerful firewall rulesets. enjoy
learning how to configure them!
>From: "satyam" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Re: Hardware Firewall vs Software Firewal
Hello all!
I would like to know how to locate a device on my network.
The only thing I know is the IP-address, and I would really like to know
what switch and portnumber the device is connected to.
Thanks!
Best regards
Nils Kristiansen
http://www.itpapers.com/cgi/SubcatIT.pl?scid=277
http://secinf.net/info/unix/lance/nt.html
http://secinf.net/iwine.html
http://www.8wire.com/articles/?AID=2100
http://www.neohapsis.com/neolabs/Tech_Docs/wins.htm (outdated, but still
somewhat useful, since, in most enterprises with mixed NT and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What are some of the different ways NameServers are compromised?
There are many levels of scanning from simple reverse lookups to nmap,
I have not seen anything in terms of
some way of scanning for virtually hosted/name based sites (on a simple
IP).
Dear list,
We've got TrendMicro's Interscan v.3.6 in a CVP configuration with
CheckPoint 4.1sp4.
We've configured this squeme to analyze all incoming HTTP traffic that
crosses the FW.
The problem is that now we can navigate certain URLs (Webs) but not others.
Have you got any idea? any HOWTO to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -Original Message-
From: Greg Ardpic [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2001 14:41
To: [EMAIL PROTECTED]
Subject: path disclosure
Hello
A friend of mine said that my IIS server has path disclosure
vulnerability. So i wonder
Hard Ware with proprietary IOS.
Luke S. LeBoeuf
Riptech, Inc.
Real-Time Information Protection
(c)703.593.6127
(e)[EMAIL PROTECTED]
http://www.riptech.com/
-Original Message-
From: satyam [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 1:51 AM
To: [EMAIL PROTECTED]
Subj
On Tue, 18 Sep 2001, Daniel Chojecki wrote:
> Is it posible to redirect all traffic comming for 0.0/0 80 to local
> squid proxy using ipchains and ipmasqadm.
Using ipchains - yes. I'm not sure for ipmasqadm (I've never used it)
I'm using those lines for that. Of course, you have to enable 'IP
On Wed, 2001-09-19 at 03:47, TD - Sales International Holland B.V.
wrote:
> you'll get scared hehe, besides that, like you already mentioned, IIS has a
> lot of security problems, I believe there were over 30 in the first half of
> this year alone. Next to that, Linux admins tend to know more th
On Wed, 2001-09-19 at 01:55, Devdas Bhagat wrote:
> control over what the system does. They don't try to do the right thing
> irrespective of what the admin says. So that line shoule be read as
> *nix machines are more easily securable than NT machines.
... depending on the services being deploye
Hello All,
I have a home computer that I would like to run some networking utilities,
such as sniffers, on. Can anyone recommend any applications that will not
take up too many resources, but give me good info on the analyzer?
Thanks in advance.
Jim
On Tue, 2001-09-18 at 17:30, Peter Mueller wrote:
> > default install of popular Linux distributions.
>
> As you know default installs are not considered secure by anyone in the
> security business. They are not a measure of security in any way shape or
> form.
For those interested, we recently
When using this command, the IP snort spits out is always the one given with
"-S", but in the /var/log/messages i can see a lookup for the real IP of the
machine which is doing the scan. So I don't really believe, that it's binding
another one. I tried to have a closer look in the headers with sno
34 matches
Mail list logo