Hi securityzer's
I was wondering if some of you knows some 'Security' products for Solaris??
In fact we would like to enhance the security architecture of Solaris, with
a product, acting as a 'Security Layer'
making complex management of security under Solaris.
Some kind of Role-Based security
...why not use VPN tunnel to encrypt FTP ?
-Original Message-
From: Peter 'Luna' Runestig [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 3:58 AM
To: [EMAIL PROTECTED]
Subject: Re: Encryption for FTP/MAil/Web
From: "Myers Chad" <[EMAIL PROTECTED]>
Sent: Thursday, October 25,
Ok Rory, more details,:
- I'm going to set up an internal CA.
- I want use X509 certificate based authentication to log on unix workstation
(I have AIX and Solaris).
- The certificate shall have to be used to authenticate user to local and remote
service.
(both Client and server authenticat
hi there
I try to use snort with "-i" option (-i eth0, -i if0 ...) and I have
that answer :invalid interface '0'
where is my mistake?
It is true that the addresses *can* be routed; however, they are not routed
on or over the Internet. Several large public and private networks use these
internal addresses on their private networks (WANS covering not only the US,
but also other regions). It is also true that internal addresses are
The RFC 1918 address are not supposed to be routed on the Internet.
Within a network, you can do what ever you want with them.
So an ISP that adopts 10. addressing among it's users may (doesn't have to)
route the 10. block among it's users. That is, customer one could be
assigned 10.1.x.y and c
The 10.0.*, 127.*, and 192.* are not routable addresses, they are
'reserved'. I don't recall ever seeing ISP's using a 10. address as a
public ip. I would wonder if I did.
Robert Clark
MCSE, MCP+I, MCP, A+
MIS - Texas Cellular
> -Original Message-
> From: Andrew Blevins [mailto:[EMAIL P
You could modify the permissions on the shortcut to read-only except for
admins.
> -Original Message-
> From: scott [gts] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, October 26, 2001 3:33 PM
> To: security-basics
> Subject: RE: permission for nero
>
>
>
> -BEGIN PGP SIGNED MESSAGE
http://sourceforge.net/projects/pptpclient
http://cag.lcs.mit.edu/~cananian/Projects/PPTP/
> -Original Message-
> From: Shane Ryan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 25, 2001 1:52 PM
> To: [EMAIL PROTECTED]
> Subject: Linux VPN Client using PPTP?
>
>
> I was wondering
I wholeheartedly agree, but only if system administrators count as "qualified
security devices.," which would be good for IT salaries!
On Friday 26 October 2001 07:45, Chapman, Ralph wrote:
> Has anyone else seen this?
>
> If I read this correctly, we can write off any purchases of security
> pr
My question to you is - what are you going to do with the sniffed
traffic.Are you clear on what you want to "read off ".
Sniffing tools are used for troubleshooting. What is your purpose ?
-Original Message-
From: Jacques Chicourel Nunes Vaz - BA
[mailto:[EMAIL PROTECTED]]
Sent: Thursday,
The Cox@home network here in southern Cal uses 10. addresses for routers and
switches in their network. It caused us some problems with our VPN, since we
use 10. addresses for our private network.
Andrew Blevins
Arrowhead Help Desk
1-800-669-1889
x. 8569
-Original Message-
From: Robert
Both of the replies I've seen thus far don't take into account the "Switched
LAN" portion of your question - so I'll attempt a more in depth answer.
Unless you are running on switches that allow you port monitor you will not
see all the traffic - from all the ports - all the time, no matter what
Hi Folks,
First of all , I´d like to thank you guys who are giving me support to solve
this problem. Let me give you some information :
1-About almost a month ago , we had problems with Nimda virus ( we had the
Norton Anti-virus but not updated ). So the performance of our network was
terrible
I'm holding a Security News Page on my website, and I am using the same
source (moreover.com) snp.com did use before getting defaced. You will
probably find the same kind of info the SNP.com ticker used to tick around
the globe.
The page is at : http://misitano.com/secnews.html
Otherwise i recomme
127 is for localhost purposes
regards
On Saturday 27 October 2001 00:05, Laurie E. McQuillan stuffed this into my
mailbox:
> RFC 1918 restricts these address ranges to internal, privately-assigned IP
> subnets:
>
> 10.0.0.0- 10.255.255.255
> 172.16.0.0 - 172.31.255.
Hi, I got this attributes to some of my web directory, last week I
experienced remote connection denial.
I was sure the remote IP address im using is in included in the access list.
When I rebooted the machine, the attributes of following folder was change
from drwxr__r__ to the one below:
c--xrw
Jacques,
the software people mentioned here works great (ethereal, ettercap,
etc), but if it's a switched environment (and you're not sniffing in
the gateway), you'll need 'arpspoof', of the dsniff package (or some
similar tool) to get all the packets. I'm not sure if the current
versions of t
Hi all,
Any help with the following greatly appreciated!
Can anyone point me in the right direction for good white papers/documents on deciding
where to locate an IDS on a network?
The background to this is that I want to implement an IDS on a network which has an
incoming/outgoing Internet c
At 08:35 AM 10/24/01 -0400, leon wrote:
>Does anyone have links, mailing lists, or etc that they would like to
>sure?
>
>It would be much appreciated and to the people who read
>securitynewsportal.com I will miss it as much as you do.
>
>Cheers,
>
>Leon
Hi,
You can start here:
http://www.secur
Yes. (It's a Java applet.) Try:
http://www.shellinabox.com
It's free. It's been tested on Linux, but *may* compile under windows.
Also a security note here. If you run this you should do so over port
443, otherwise the traffic (user name and password) is not encrypted.
'ken'
Bassam ALHUSSEI
Mailer: SecurityFocus
In-Reply-To: <004a01c15dce$a5a64cf0$[EMAIL PROTECTED]>
Or block the http gets at the router level similiar to...
class-map match-any http-hacks
match protocol http url "*default.ida*"
match protocol http url "*x.ida*"
match protocol http url "*.ida*"
match p
Whom: sanja madan <[EMAIL PROTECTED]>
What: RE: http_head from w2k/win98
When: 25 October 2001 [2:47 hours]
>hi robert
>thanks for ur reply ... i have removed the auto-update
>from the browser as had been suggested in one of the
>responses. But how do i remove the 'auto-update'
>feature for wi
Mailer: SecurityFocus
In-Reply-To: <[EMAIL PROTECTED]>
I have similiar setup using PacHell PPoE and I can
VPN in using SecuRemote no problem. On the home
LAN I am behind a Linksys DSL router. My work
firewall is FW-1 4.1 sp3 running on a Solaris box and
using IP NAT Pool.
In addition t
Hi,
We are looking into the possibility of hosting our oracle in a Oracle
hosting company.
What are the Security issues I should look into ?
Thanks,
Idan
Hi guys,
First of all I wanted to thank you for your help.
Never the less I couldn't get Nero working. Nearly a day of testing: try to
give permission on directories, files, registry-keys and updating to the
latest version. I always get a message saying that I'll need Burning-Rights
form the admi
How can i sniff packets trought a router or a switch?
- Original Message -
From: "Zeek Martin" <[EMAIL PROTECTED]>
To: "Jacques Chicourel Nunes Vaz - BA" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, October 26, 2001 6:43 PM
Subject: RE: Packet Sniffing in a Switched LAN
> Try
It was just brought to my attention that the link off of security focus to
the DoS Trends pdf is now dead. Here is an accurate link.
Thanks for the note N30
http://www.cert.org/archive/pdf/DoS_trends.pdf
--The Crocodile
--www.ghettohackers.net
- Original Message -
From: "The Crocodile
www.security-protocols.com is the site you're looking for.
Original Message-
>From: "Golden_Eternity" <[EMAIL PROTECTED]>
>To: "leon" <[EMAIL PROTECTED]>;"[EMAIL PROTECTED]"
<[EMAIL PROTECTED]>
>Cc:
>Bcc:
>Subj: RE: security news?
>Type:
thanks u all who replied. Yes i found a scheduled task
for mobsync.exe (win/system). This has all the sync
settings for offline viewing and windows update. Have
disabled the settings there ..
thanks again
sanjay
__
Do You Yahoo!?
Make a great c
We have this W2k (Professional) and want to by-pass the login window. It
has all the guest/ default accounts disabled and has only 7 accounts for 7
users. What are the various ways we can penetrate this pc with or without
gaining Administrative access? Can any user (other than admin) get the
p
If you are just doing server side-authentication then all you need to do
is store the cert on the server and distribute the CA public key to all
the clients so they trust the cert that the server presents. The CA public
key can be stored in the users-directory and the worst thing that will
happen
You'll need to get all the traffic sent to the switch mirrored on another
port. Look at your switch's documentation, if it is a managed one it may
support this. If you can't see the traffic won't do much good sniffing it.
If it isn't or doesn't provide port mirroring then you could take the
con
there's lots of info out there on this...check out SANS...also, if your
running cisco gear, CCO has info on the PIX and IOS platforms...the SAFE
architecture to be specific.
a good option is a google search.
-tuanis
On Tue, 23 Oct 2001, May, Jason S wrote:
> Would anyone know where I could fin
Hello,
My favorite one is:
http://www.net-security.org
also:
http://www.theregister.co.uk
http://www.securityprotocols.com
-Gonçalo.
On Wed, 24 Oct 2001, leon wrote:
> Hi everyone,
>
> Does anyone have any favorite sites regarding security news? I use to
> love securitynewsportal.com but
UGH.. OK.. Last time we should go over sniffing a switched lan on this
list. People.. read the archive!
ethereal is just a sniffer. Any sniffer will sniff the wire. Not all
sniffers will do the appropriate measures to allow you to see ALL packets
going through your switch.
Safest method:
Ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, I believe that 127/8 is the loopback network (I know that
127.0.0.1 is the usual loopback address, and have seen a lot of
"dummy" IPs under 127/8). I've never heard about 198/8 being either
system, link or site local, though.
Michael Kjörling
leon wrote:
>
> Hi everyone,
>
> Does anyone have any favorite sites regarding security news? I use to
> love securitynewsportal.com but it was defaced last night (10/24) and
> the people who run the site now say it will be shut down. HNN is dead
> and @stake doesn't seem to care as they updat
Hello,
Phrack 49 (not sure if it's 49 issue) contains an article named
"Port Scanning without the SYN flag"
http://www.phrack.org
-Gonçalo.
On Wed, 24 Oct 2001, roland kwitt wrote:
>
>
> Hi folks,
>
>
> i'd like to know whether anybody of you guys has ever
> written a port scanner using the
Not so simple if you're on a switched network. If machines A, B, and C are on
a switch, C will not see unicast packets going from A to B. Some switches
allow you to replicate all traffic onto a single port which you can plug the
sniffer box into. Or, you can spoof the MAC address of the machine
www.cotse.com
Even Athiests need to go to Church!
Everything you could ever need
- Original Message -
From: "leon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: October 24, 2001 8:35 AM
Subject: security news?
| Hi everyone,
|
| Does anyone have any favorite sites regarding sec
tcpdumps of the packets might help you in the analysis...also, running an
IDS like snort could give you insight into the *attacks*. the packets are
being denied by ipfw/ipchains, right?
-tuanis
On Thu, 25 Oct 2001, Steven M Bloomfield wrote:
> Hi,
> I'm webmaster of a large-ish website and
I agree with Matt on ettercap, for sniffing switched network
ettercap is what you want.the tool was design to intercept switched
traffic...Dsniff from Dug Song is a great "tool collection"
to start with when it comes to sniffing.
Original Message -
From: "Matt Hemingway" <[EMAIL PROTE
Hi all,
I wonder if somebody can point me to a resource describing the minimum ports
I can open on MS Proxy in order to keep it functional and secure.
Any feedback will be deeply appreciated.
Thank you,
Vladimir Shtern
System Administrator
Avica Technology
(310)450-9090 ext.164
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In a switched LAN, you can use any tool you'd like. A good one is
tcpdump, which is available for pretty much any platform. GUI front ends
are also available, and may make things a bit easier in the beginning,
as 200 nodes, especially if they're wind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Those are spoofed addresses. They could be coming from anyplace. The
idea that the numbers are 'not-routable' is common, but not quite
accurate. The RFC 1918 packets are as routable as any other packet,
otherwise how would a subnetted LAN operate? T
Please have another look at your documentation. The so-called
"unregistered" IP-addresses are 10.0.0.0/8, 172.0.0.0/16 (i think, i
don't use these ones) and 192.168.0.0/16.
In fact, to me it doesn't seem that one of the denied connects listed
below could have done any harm to your system. In
On Thursday 25 October 2001 12:51 pm, Shane Ryan wrote:
> I was wondering if anyone could give me some tips about using a linux
> workstation to VPN into work using pptp. I found some articles at
> http://www.linuxsecurity.com/resources/cryptography-1.html but most seem
> to discuss SSH as the s
You wouldn't need to add the account to the Administrators group, you
would probably only need to add it to the Backup Users group or
something similar. Or you could simply create a NERO group, add the user
and set permissions from there. Most accounts have the potential for
exploitation, but you
Has anyone else seen this?
If I read this correctly, we can write off any purchases of security
products now.
107TH CONGRESS, 1ST SESSION, H. R. 2970
To amend the Internal Revenue Code of 1986 to allow businesses to
expense qualified security devices.
IN THE HOUSE OF REPRESENTATIVES
SEPTEMBER
That these reserved addresses can't be routed I don't think is entirely true
(but I'm not a network spec. either! :-) . I have seen many ISP's use 10.
addresses for their own routers, and for all intent's and purposes "The
Internet" includes some ISP networks (cable, DSL). It is very possible that
51 matches
Mail list logo
