Yep its pretty normal for multicast setups. 224.0.0.2 is an address
range set aside for mulitcast traffic (multicast: think one sender,
one message, multiple recipents like a radio). It's a way to
distribute traffic to the people that want it without establishing
so many redundant
Can someone help me with that?
Though not perfectly possible you might want to check out this article:
www.linuxjournal.com/article.php?sid=5201
I too would love to know what other means of detecting sniffers exist. The
main problem is most sniffers are passive and detecting them is hence
If you are on the same sub-net the only way would be to find out who has there NIC in
promiscous mode. If its out on the web AFAIK its not possible.
Sniffing is a passive attack and is very hard to detect. If you are worred about
someone sniffing you passwords the i would recomend implementing
The only thing I have ever found is called Mac Analysis
http://www.macanalysis.com
Check it out see what you think... I found the Demo to be pretty good.
--
Kieran
--
From: M W
Sent: Wednesday, January 9, 2002 19:21 PM
To: [EMAIL PROTECTED]
Subject:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How can i undelete files on an ext2 partition running slack 7.1
A normal user deleted some of his own files and now is trying to
comit suicide ;).
Thanks for youy prompt awnser.
Best Regards
Sousa Ferreira
PGP KeyID : 0xB7723B21
I believe that once the source code is open source, its security flaws are
open to more probing eyes. It's more likely to have its flaws found and made
more secure. MS is closed source and it's my belief that we'll be seeing
buffer overflows from them for years to come as they are found by trial
Hello All,
We are looking at installing and IDS and have narrowed the choice down to
either RealSecure or Cisco 4210. Both seem to be very good. Any thoughts
from the experts?
Thanks so much and Happy New Year to All!!
- John
Hi,
I must admit i did wonder about a watchguard or sonicwall. Are these products seen as
being adequate though?
Thanks
Ben
On Thu, 10 January 2002, Kleber S Oliveira wrote:
Subject: RE: Security for new small company
To: [EMAIL PROTECTED] (Ben), [EMAIL PROTECTED]
Delivered-To: [EMAIL
hi,
there is a tools called as antisniff from the below link..
www.securitysoftwaretech.com/antisniff/download.html
regards
sai
-Original Message -
From: Mario Camara [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 09, 2002 7:43 AM
Subject: How can I detect someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If they goto fat32 (probably the same for 16) it turns out they lose
their encryption because fat32 does not support these types of
attributes (same with NTFS permissions and compression.) I am not
sure who pointed this out to me on the list but I
My personal recomendation is doing it your self or with scripts. I have seen where a
autoupdater like up2date has introduced new secuiry holes insted of fixing them. That
was mostly from the default install was insecure but none the less you still had a sec
hole (ie a problem).
just my 0.02
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mac Pork and the more famous MacAnalysis. Sorry I cant provide links
But I bet google can ;)
Have a nice weekend,
Leon
- -Original Message-
From: M W [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 2:22 PM
To: [EMAIL
l0pht antisnif www.l0pht.com
Andrew Shumate
-Original Message-
From: Mario Camara [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 9:13 PM
To: [EMAIL PROTECTED]
Subject: How can I detect someone sniffing my network?
Importance: High
Can someone help me with that?
Mário
Hi,
Would there be a problem if you ran two two firewall proggies at the
same time?
I did a websearch first any only found
http://www.fosters.com/special_sections/online/articles2001/1023d.htm
Which only says two firewalls might conflict with each other without any
specific info.
Besides
You've got it right. Moving/copying to a FAT32 partition decrypts the file.
But the only person who can do this is the owner of the file. Anyone else
attempting it will receive an error. NTFS 5 partitions will retain the
encryption.
J Forman
-Original Message-
From: leon [mailto:[EMAIL
Leon (and others),
I tried to verify this in some of my MS books, but couldn't find the answer.
What I believe that I remember is this: Encrypted files keep their
encryption when they are copied or moved, regardless of the destination
(NTFS or FAT).
Rob
-Original Message-
From:
Run the thing after hours (I did). Anybody that answers deserves what
they get. (Actually, you should know who is there and 'block out' those
phones from ringing, if possible)
Chris Hylen wrote:
Hello all,
I have been searching for a War Dialer that I can use on my network
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi everyone,
I don't really have much programming skill, (ok, you got me, I have
none at all) and
I was wondering if some of the people on the list who understand how
to test for Cross
Site Scripting could help me. I understand what it is but not
Hi all,
These are entries from my Snort IDS logs and my firewall logs for the IP
address reported by Snort. It looks like an attempt to get into our Outlook
Web Access server. If it was a hack how could I tell if it was successful or
not? I did a google on it and did not come up with much
Hi, In regards to your statement about a netgear router. A device that does
nat and port forwarding is not a firewall. Easily hackable. There is no
rulebase in one of those things. You could easily get the cisco pix or as I
prefer a checkpoint FW1 for small business. I am very big on checkpoint
If all the machines on the local network are protected
by an Masquerading firewall, is there any need to be
worried about attacks coming from external networks?
-SG
=
megamanX Oh, thursday word got around that everyone in anime club had a bomb in
their backpack.
megamanX Me and the rest of
check out this site. this guy has lots of info on sniffers, and detection.
http://www.robertgraham.com/pubs/sniffing-faq.html
to detect commercial sniffers you can send traffic to a known non existent
ip address, and most commercial sniffers (snoffer pro, ether peek, etc) will
attempt to
Answer :
U can encrypt files only on NTFS5 volume. If U move/copy the files to
FAT32/16, NTFS4, shared folder then U loose the encryption. U can encrypt
files if U havn`t compressed folder - U must decide encrypted files or
compress files.
Paul
If you have a file on an NTFS volume that is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
EFS functions like any other attribute of NTFS. Therefore, moving
and/or copying a file has a different result.
MS FAT does not support the NT file encryption standard.
hth,
dc
- -Original Message-
From: leon [mailto:[EMAIL
Hello,
I just want to set up a central file server offering both public
shares and private stuff (home directories and stuff like this) on an
OpenBSD box.
Everything well, until I realized that both samba and NFS will pass
everything unencrypted through the network.
Now my question:
Are there
I thought the reason for the drop vs. reject rule is to make you less
visible to random scans. While a scan for services you run will find you, a
scan targeting ports you don't use will see your IP as unoccupied.
-Wayne
-Original Message-
From: ___cliff rayman___ [mailto:[EMAIL
Hey Folks,
Just wanted to take a moment and apologize for the volume of traffic that
will be coming over the list today. I was unable to moderate over the
weekend, and the list accumulated a considerable number of messages.
Thanks for your patience, and apologies for the inconvenience.
Stephen
Anyone know where I can find information on hardening/securing a SQL box
on NT 4.0. I'm already familiar on how to harden NT, but as you know MS
wants 20 million things running before you can do anything. I want to
know what services can be turned off and what regedit's I can make and
still
Hi,
Apache has been around longer and resides on systems that
are geek friendly. considering the number of installations,
the time it has been around, and that Apache is on systems
that geeks love; does it not disturb you that there are
still bugs? Especially considering how the open source
centipede [EMAIL PROTECTED] wrote:
Hello,
The problem is that this way certainly can't deal with dynamic IPs on
ppp connections, for example.
Can't you try to check the routing tables somehow?
Perhaps not very portable, though.
0,02 =)
CU,
Philippe
Try Dragon IDS.
I recently upgraded SSH on a server from sshd 1.2.7 to OpenSSH 3.0.2p1. I
have a RedHat box running OpenSSH 2.9p2. When I connect to the 3.0.2
machine, if I look at the SSH version string, it's:
Server version: SSH-1.99-OpenSSH_3.0.2p1
On the 2.9 box it's:
Server version:
absolutely have a Right to Audit in there. in fact, depending on the
industry sector you are in, you may be required by LAW to do so in order to
ensure the confidentiality of customer data (Medical, HIPAA; financial,
Gramm-Leach-Bliley). let's put it this way. if it's not in there, you
usually
Absolutely, incredibly, on both accounts!
You may wish to look into NIS+ and the Andrew File System. Or anything
not with Yellow Pages in its development path...
Grunberg, Jeffrey wrote:
[snip]
NFS has historically been a scary thing, but if setup correctly, is super
useful.
[snip]
--
From
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/efsguide.asp
Copying an Encrypted Folder or File
The following explains the procedures and limitations for copying encrypted
folders or files on the same volume and from one volume to another.
To copy a file or
Toneloc is a classic. It doesn't hang up unless your modem has voice
recognition capabilities. If I recall, this was a feature on some
high-end modems of the early nineties. Wardialing is inherently annoying.
The best way to avoid people picking up the phone (in mostly business
exchanges
Hi,
I just came across a site called Internet Security Alliance which is a
company that sells security software including a firewall. They have a
downloadable utility called PCAudit which is an .exe file capable of sending
personal info like username and the contents of My Documents to my
In Hacking Exposed they discuss ton-loc, thc-scan from
http://www.subterrain.net/tools/thc-scan/ , and phonesweep from
http://www.sandstorm.net/products/phonesweep/. Expect to pay upwards of
$1000 for phonesweep, which will do anything you want, has a nice gui, etc.
-Original Message
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
People commonly compare security to an onion as both are layered.
Firewalling is one layer, hardening is another layer, ids is yet
another layer, then you have physical security, strong
authentication, yadda yadda
However once you start having
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Why cant you just forbid users from installing there own applications
(especially ones that just recently were installing spyware without
the users knowledge) in an everyone e-mail and then refer users who
still proceed to do this anyway to the
There's a fabulous article on the legalities of the US situation by J Nowak
(1999) Employer liability for employee online employee acts in Federal
Communications Law Journal March 51(2) pp.467-491. Is availableonline but I
forget where
It's very thorough and sets up a framework for policies and
In-Reply-To: [EMAIL PROTECTED]
If you're a domain admin on a purely NT/2K
network, detecting sniffers isn't all that hard.
Fo to http://patriot.net/~carvdawg/perl.html and
check out 'sniffer.pl'.
What this script does is enumerate device drivers
from the Service Control Manager. It
Hi!
There are a lot of CSS vuln discovered everyday. As i have understood
Cross site scripting is all about stealing a cookie, right? Cookies do not
contain logins and passwords in them. So what is so important about them? I
know that you can steal someone's session id and enter his mailbox but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can confirm that both of these work just fine.
Leon
- -Original Message-
From: Mark L. Jackson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 3:34 AM
To: Philip Wagenaar; [EMAIL PROTECTED]
Subject: RE: Portscanning from
Warning:
At my work we ran into a problem transferring EFS-encrypted files. A
coworker had a 500MB encrypted file he was trying to copy to our main file
server. The file server is a slightly older Compaq Proliant 6000, but it's
very stable. Every single time we tried copying the file to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think with the exception of Black Ice (which might be called an
ids) it really boils down to a matter of choice. I have to see any
real hard statistical evidence that one is better then the other.
Why not try installing them all (one at a time of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Whisker and Nessus.
www.google.com
- -Original Message-
From: Alok Ahuja [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 1:39 AM
To: [EMAIL PROTECTED]
Subject: Hardening/Firewall/Network Audit
hi folks ,
i am new to the
Many thanks to all the responses..
From both, URL's, individual and list posts this is what I learnt:
(1) FW1 : - According to many posts and the Checkpoint QuickStart FW guide
Chap 1 p3-4, traffic will pass during this (no rules defined) phase if (1) IP
Forwarding (2) Connectivity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
www.cccure.org has some material for the SSCP I believe.
HTH,
Leon
- -Original Message-
From: Joshua Carlson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 10, 2002 12:54 PM
To: [EMAIL PROTECTED]
Subject: Study material for the Common
49 matches
Mail list logo
