I've done some looking around, to no avail. Anyone have URLs or other info
on [Subject] ?
Thanks
- Lee
On Mon, Dec 17, 2001 at 03:41:19PM +0200, you (George Barnett) wrote:
> While remembering passwords is one thing and for some people very simple, it
> is important to keep a "backup" in the form of passwords written down in a
> little black book in a safe somewhere that is accesible in case you ge
http://linux.oreillynet.com/pub/a/linux/2001/12/14/rootkit.html
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Jeroen Beerstra wrote:
> Could somebody please explain to my how to
> test/secure your site from CSS vulnerabilities?
The first best thing you can do is NOT allow user input
characters ("<", ">" , '"', "'") to be echoed to the
browser/screen/output. Remove these characters from
any HTTP requ
Well, mod_proxy works, but is only a HTTP 1.0 proxy (with Apache 1.3).
It especially does no keepalive with the content server, which makes it
inefficient (1 new connection proxy <-> server for each GET, even if
your client uses keepalive).
Apache2 is supposed to do some keepalive, but this is no
Greets all,
i`ve noticed the following log entries in messages --
-- Snip
Dec 17 01:15:01 BoxName proftpd[11136]: our.host.name
(localhost[127.0.0.1]) - FTP session opened.
Dec 17 01:15:01 BoxName proftpd[11136]: our.host.name
(localhost[127.0.0.1]) - FTP session closed.
Dec 17 00:15:01 BoxName
Console in to the router, and then when the router is booting, you need to
hit the *break* keystroke (it depends on the OS you are using to connect
with), this will interupt the post, and allow you to reset the config
register.
-Original Message-
From: Michael Desrosiers [mailto:[EMAIL P
If you let users choose their own passwords you will get things like:
Fluffly
Password
*UsersName*
We usually assign passwords like jmf94817, and we actually don't have to many problems
with users posting their passwords. We try to train them into understanding the
implications of someone gett
This is a very big thing in modeling. Check Operations Research sites.
Liu Wen wrote:
>
> Generating random numbers has always been a big problem. Now I have to
> look into this topic in short time, I am reading Art of Computer
> Programming , but I am afraid the content is not up-to-date. Is t
boot the router and interrupt its boot process with a Ctrl + Break key
combination
-Original Message-
From: Michael Desrosiers [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 15, 2001 10:51 PM
To: [EMAIL PROTECTED]
Subject: cisco 2513 router
Hello all,
I just received a cisco 2513
> More important passwords for me is a list of logins and
> passwords figuring only in my head.
> I use them in various configurations, and I don't care
> what confiration is right. When I need to log-in somewhere
While remembering passwords is one thing and for some people very simple, it
is imp
Post-it's seem to be the most popular...
Bottoms of keyboards; front, sides, bottom, back of monitors; taped to desk
undersides; in a desk drawer, on the bottom of desk speakers, telephones,
lamps, etc.; I've even seen them taped to the bottoms of mice. If I have to
write something down, it g
I think, the sinonim would be MASQERADING (from linux world)
- Original Message -
From: "Ray" <[EMAIL PROTECTED]>
To: "SecurityBasics" <[EMAIL PROTECTED]>
Sent: Saturday, December 15, 2001 5:23 AM
Subject: RE: NAT/PAT (Hide NAT) Vulnerabilities?
> Howdy,
>
> I have never seen PAT describ
Hello.
You may want to try www.fwtk.org for HTTP, FTP, telnet (yes it has a telnet proxy).
It is a free and very easy to manage proxy.
[EMAIL PROTECTED] wrote:
> Dear users,
> I am planning to upgrade my Proxy Server. It runs on IBM AIX(Unix Like)
> operating sy
- Original Message -
From: "Jeroen Beerstra" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 15, 2001 12:50 AM
Subject: Cross Site Scripting questions
| Could somebody please explain to my how to
| test/secure your site from CSS vulnerabilities?
Hi,
The best way i
On Thu, Dec 13, 2001 at 12:23:21PM -0500, Evan D. Hoffman wrote:
> I was recently pointed to the app ettercap
> (http://ettercap.sourceforge.net/), which claims (among other things):
>
> "HTTPS support : you can sniff http SSL secured data... and even if the
> connection is made through a PROXY"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You can log it to a syslog server and IMHO if you know about IDS (how
they work and what to expect) and what signatures are on the machine
it is fairly easy to interpret. If the original poster is still
having problems please feel free to contact me
> I've done incident response on IIS web servers and
> when I've asked some admins for the web server
> logs, I've received a zipped archive containing
> three .evt files.
>
> So perhaps it's not so much the product as it is
> those responsible for managing it. After all, if
> someone misuses a g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi the answers are in order they are asked
1) www.dslreports.com has a bandwidth monitor. As does www.cnet.com
2) For someone to use your bandwidth (or any other computing
resource) they would have to have compromised your security. I thi
hi folks
i am currently developing a network analysis tool
and i am going to implement os fingerprinting as well
if anybody of you guys has some experience considering
this please let me know! some source code would also
be a great help!
thx
sniper
[EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
>First thing to do is get a copy of fport from
foundstone(.com look
>under tools). That will tell you what the
program is that has the
>port open.
Good advice.
> Then mess with that program
How so? fport.exe doesn't open the ports, nor
does
Hello all,
I just received a cisco 2513 router w/16 Meg of Flash that I purchased on
ebay. The problem seems to be I cannot reset the enable password to redo
the configuration. I have found some documentation on cisco's site in
reference to resetting the config register to 0x142, but I cannot g
Hiall,
I'm looking for some advice.
I have three computers networked - two 95s, one XP (yup).
I am hooking them up with a LinkSys DSL switch and want
to be able to lock down the switch as tight as possible and
walk away (yup) with a minimum amount of phone calls.
Users need email, HTT
Hi,
Can anyone help to prevent W32/Gokar using
Checkpoint Firewall.
Thanks.
In-Reply-To: <002601c1833e$8dd19c20$0a01000a@darkwing>
Commview is a good utility.
www.download.com search for "commview".
Regards,
Nilesh Shastri
>Received: (qmail 25887 invoked from network); 13
Dec 2001 18:38:03 -
>Received: from outgoing3.securityfocus.com
(HELO outgoing.sec
All of the ports are assocatiated with a program or
service running on your machine. For example, port 110
suggests that you have some sort of email program /
service running. The trick here is to find out which
programs are using which port, evaluate if they are
nescecerry, and close that service
Generating random numbers has always been a big problem. Now I have to
look into this topic in short time, I am reading Art of Computer
Programming , but I am afraid the content is not up-to-date. Is there
any specific web sites or groups working on this? any links or hints
would be appreciated.
welp, I bought the book because of the good reviews it has.
I haven't learn too much from it because I've already been handling
firewalls. I learnt a lot simply from the reading manuals and HOWTOs.
"Network Intrusion Detection" was a nice one, too.
But hey, it really depends on your aims. if yo
Hi Rajesh,
On linux i use squid ( it may be available for AIX .. and other unix os).
for http/https/ftp.
And different kernel modules in linux for streaming, irc, port
forwarding, etc(transparent proxy using ipchains).
Regards,
Santosh Pasi
---Original Message--
Ma
29 matches
Mail list logo