Another oldie-but-a-goodie is The Electronic Privacy Papers.
Okay, here's the deal:
My boss set up a win NT box with IIS running on it to do work for a customer. Now my
boss is an excellent programmer and knows his way around linux, but Windows eludes
him. Within 24 hours of the NT box's installation, Nimda.E is everywhere on the
network. We didn't
My first question is, is this possible, I have only one public IP address,
and
I am using nat to hide my internal network, and I want to connect to a
machine with vnc on that with private ip
And then run my web server and ftp server inside that
network.
So my question is how can I connect to vnc
Before introducing our new policy to enforce password complexity requirments, my
management team has asked me to gather valid examples of existing users whose
passwords are too simple. We have a combined environment of Novell and
ActiveDirectory/W2K. Is there a tool that I can run as an admin
Intel Lan Desk can control this and others, like software distribution,
remore control, etc
Javier Otero
Grupo Smartekh
Antivirus Expertos
Business Continuity
Inftegrity
Investigación y Desarrollo
5243-4782/83/84
México, D.F.
-Mensaje original-
De: Tom Freeman [mailto:[EMAIL
Naqi
One of the easiest ways to do it, and how I manage to do things similarly,
is to use IP forwarding. ipmasqadm can facilitate the interface to the
modules that supply the funcionality.
In essence, any connection coming into the public address would immediately
be forwarded to the private
Hello Everyone,
I was looking for some stuff on Deploying Public Key Infrastructure,
when I came across a book that covers most of the concepts decently.
If interested, you too can check it out. It is available online (in HTML
and PDF format) from IBM Redbooks site.
Download the PDF version
Although, I briefly stated why earlier, I'll try to give a better understanding as to
/why/ this /can/ happen.
If you are on dialup, you dial in and get an IP number assigned to your computer.
lets say you dial up on Monday and you get IP 123.123.123.123 and Joe Blow down the
street dials
Yes, many of them continue to run in the background. Check in your system
tray for icons that belong to them.
Tim Donahue
-Original Message-
From: Thomas Madhavan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 17, 2002 3:27 PM
To: [EMAIL PROTECTED]
Subject: Re: Zonealarm log - what
Executive Software has a product called Sitekeeper. It has a very good
interface and helps you maintain compliance.
- Original Message -
From: Tom Freeman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 18, 2002 10:47 AM
Subject: Software Licensing Compliance
Hi all,
I
Unfortunately most vendors want some kind of remote control tool on the server upon
which their product resides.This usually means that they not only want the ability
access the desktop but they want admin rights.
Some of these vendors will only work with PC anywhere and only over a modem.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am currently evaluation Sitekeeper from Executive Software. It
seems to work very well. You can check it out and download an eval
from the following URL.
http://www.execsoft.com/sitekeeper/sitekeeper.asp
Daniel Bielawa
Liberty University
Start here...
http://www.bsa.org/usa/freetools/
-Original Message-
From: Tom Freeman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 18, 2002 10:47 AM
To: '[EMAIL PROTECTED]'
Subject: Software Licensing Compliance
Hi all,
I am looking for something to monitor and or audit software
I meant really in the background... I know that something's running if it's
in the system tray... ;)
Can they run beyond the reach of ctrl-alt-del and the taskbar? If so, is
there some way of detecting this (and any other programs) that may be
lurking?
Thomas
- Original Message -
From:
On Wed, 17 Apr 2002, TheFinn wrote:
Anyone know of an easy/fast way to stop apache from spilling its' guts
when it gets scanned?
Here's some scanner output: Apache/1.3.12 (Unix) (Red Hat/Linux)
mod_ssl/2.6.6 OpenSSL/0.9.6 PHP/3.0.15 mod_perl/1.21
It would be good to be able to stop all
It depends on what device is providing NAT. On many NAT devices, you can
do Port Forwarding, or Port Address Translation. What kind of device do
you have doing the NAT?
Eric
snaqi [EMAIL PROTECTED]
04/18/2002 04:23 AM
To: [EMAIL PROTECTED]
cc:
Subject:
Try Belarc. It will give you the licensing on each machine as well.
http://www.belarc.com/
:-{)
Merci
Mart!
**
Pensée de la semaine : Le pardon n'est pas toujours facile, mais la
haine est si épuisante!
Martin M Samson
Chef de projets,
Tom,
We use ts census where I work. It seems to work pretty good. It will track
hardware, software, etc. It just runs as a service and will constantly
update the database.
http://www.tallysystems.com/
Michael Gilmer
MCDBA,MCSE
-Original Message-
From: Tom Freeman [mailto:[EMAIL
If it's *nix, then you can run crack5 for quiet some time on passwd and *if shadow
files, and you'll find crackable passwords.
As far as win* is concerned, you can try L0pht' cracker.
No clue about Novell passwords though, but If you find any then also notify me off the
list if possible =)
Just thought I'd chip in an extra $0.02 on this but I am in the process of
reading this book and it is very good. New Riders always puts out quality
reads but when I saw the Sans GIAC stamp on it I was sold without turning
the book over to read the back. So far, I'm not disappointed in the
Tom Freeman wrote:
Hi all,
I am looking for something to monitor and or audit software to ensure that
licensing compliance is maintained. For example if we have a license for
100 WinNT Workstations and we have 150 workstations running, we are in
violation. Does anybody have any
As the admin of my two-host (desktop/laptop) network, I will shortly be upgrading to
wireless LAN, and, as a silent list reader for a few months now, I think it's time I
asked
a question or two on this topic.
Can anyone recommend a good wireless LAN PCMCIA card access point combination for
May I suggest instead of going after port 443 have a look at the sites
they are shopping on. You can prolly get most of them. Then just block all
access to those sites. While this will not solve the problem completely
it might be a preferable soln to turning off access to a port that could
portforwarding is your solution
search portforwarding or port redirection on google =)
Regards,
-
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET
Great is the Art of beginning, but Greater is the Art of
You can use portforwarding...
If you use a linux box to do the nat service and the kernel is 2.2.x use
the follow rule ...
first you must load de portfw module..
modprobe portfw
if you ip address is like 200.203.195.1 and you local machine is
10.0.0.2 use this to forward ftp connections
Our organization works with many third party vendors.
If a deparment buys a new application from a vendor, it usually comes with
support. This
means they should be able to access the server remotely.
Some require PCAnywhere to be installed on the server and can be accessed
via dial-up
I think its important to remember that you are the client. Most vendors will
work with you if you tell them that your company security policy does not
allow certain access. They either have to comply with your policy or loss
the sale.
This directive does have to come from top down.
Sanjay K.
The desktops are cleared and protected now, but the file server space keeps getting
chewed up by copies of the worm. Also, having an uncontained worm on the file
servers is no good for my sleeping habits. How the heck can I get Nimda off my
fileserver?
Try something like ServerProtect from
Reverse NAT and portmap at the device that does you NAT for you.
Here is how you currently look:
Internal Network - NAT Device -- Internet
The NAT device is capable of reverse NATing in some way, otherwise return
TCP/IP traffic
would never get to your systems.
You want to be able to
I googled and found this:
http://www.niresoft.com/tm.asp
-Original Message-
From: Thomas Madhavan
Sent: Friday, April 19, 2002 10:48
To: [EMAIL PROTECTED]
Subject: Re: Zonealarm log - what is this?
I meant really in the background... I know that something's running if it's
in the
Where I previously worked we allowed the vendor to VPN in with a client that we
provided and ran PCAnywhere in the mode where they could connect but not control the
machine and then a local admin would work with the vendor to work thru whatever
problem was trying to be fixed. Somewhat
CRACK
I used crack to expose dictionary attackable passwords on our win 2K domain.
-Original Message-
From: Robert Baulch [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 19, 2002 7:14 AM
To: [EMAIL PROTECTED]
Subject: Password Checking Tool
Before introducing our new policy to enforce
You'll have to map a port from your machine with public IP to the private
one. I believe VNC uses 5800 and 5900 by default. You then connect your
vncviewer to the public IP. How you go about doing that depends on your OS
and personal preferences.
You might want to consider using a port other
Go to www.antivirus.com and use the free scan.
Javier Otero
Grupo Smartekh
Antivirus Expertos
Business Continuity
Inftegrity
Investigación y Desarrollo
5243-4782/83/84
México, D.F.
-Mensaje original-
De: joe vano [mailto:[EMAIL PROTECTED]]
Enviado el: jueves, 18 de abril de 2002 12:30
Hello Jaime,
If I understand your question then yes, the vendor will still need some
type of connection to the system if they are a remote site. There are
many apps that can do that from within the core network or VPN. I had to
evaluate a product for one of our LOBs. We are now looking at it for
Hello Tom,
Have you looked at http://www.sassafras.com/ and their product called
KeyServer? I used it a while back and it was great. I don't know what
they've done with it in the past 6 years though.
Best regards,
Jeffrey L. Nelson
Projects Strategies
Information Protection
National City
At least one problem may be that FTP actually uses two connections, one
on port 21 (for commands) and one on port 20 (for the file data for
PUT and GET). Try ssh -L 20:ipaddr:20 -L 21:ipaddr:21 ...
You may also need to try passive mode instead of active (changes
which end of the connection is
Fu
First of all It wont be of much use, but anyway
You need to compile apache from source code.
untar the apache distro and cd distrodirectory/src/os/unix
edit os.h there as you wish..
then cd ../../include
and edit httpd.h again as you wish
and then just compile it, run it.
Hehe sorry: 'legal implications', rather.
So how can these scans be done without any sort of repercussions? Do they
priginate from anyone who has a P2P program installed, without their
knowledge? Or are they from specific servers? If so... couldn't that be
stopped?
Thomas
- Original Message
L0phtcrack it the best for your money!
From: Robert Baulch [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Password Checking Tool
Date: Fri, 19 Apr 2002 06:13:32 -0700
MIME-Version: 1.0
Received: from hotmail.com ([65.54.236.18]) by hotmail.com with Microsoft
I meant really in the background... I know that something's running if it's
in the system tray... ;)
Can they run beyond the reach of ctrl-alt-del and the taskbar? If so, is
there some way of detecting this (and any other programs) that may be
lurking?
Yes, its very well possible, but you
I get your whole point, but what exactly do you mean by fileservers running under
linux and windows mountable ? err ext is not really mountable by windows!!!
And i dont think nimda really replicates itself in linux system.
What's exactly your point ?
Regards,
-
Muhammad Faisal Rauf
Shavlik Technologies has a tool called Password Inspector. You can download
a trial version from their website. It will rate your passwords on a level
of security, how old it is and lots of other useful information. This will
only work for windows but you will be able to get your point across. My
I would suggest l0phtcrack by @stake. It can pull password hashes from the
registry, from SAM files or even sniff the network in promiscuous mode to
grab password hashes. Then it uses both dictionary attacks and brute force.
- Original Message -
From: Robert Baulch [EMAIL PROTECTED]
Use port filtering on the firewallany incoming port 80 will go to computer X. Any
incoming 21 to computer Y etc.
-Original Message-
From: snaqi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 18, 2002 4:23 AM
To: [EMAIL PROTECTED]
Subject: IP AND NAT
My first question is, is this
Hi,
I wonder if anyone have a realy good and free tool, of
anti-Rootkit and a tool that I cant check for rootkit,
in the case of checking for root kit, could be papers too.
Tnx!
Thiago Mello
*This e-mail is under protection (Virus Checked)
-BEGIN PGP SIGNED MESSAGE-
On Sat, 20 Apr 2002 03:07, you wrote:
TheFinn wrote:
On Thu, 18 Apr 2002 07:11, you wrote:
I disagree, have a look at one of the latest TESO exploits:
[...]
So, if you can obscure your version numbers this baby don't work. Merely
one example.
I
Try using Trend's fix tool, its run by command line so it could be scripted.
Also, remember that nimda will screw with file permission and open shares if
it can. It best to isolate the infected servers offline from the main
windows environment while cleaning.
48 matches
Mail list logo
