Looks like you got hit with the BugBear worm.
Go here to get a fix: http://
[EMAIL PROTECTED]
tool.html
After you fix it..re-install your AV software.
FVS
-Original Message-
From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 05, 2002 5:14 PM
To: [EMAIL
Responses inline...
On Monday 07 October 2002 11:02 am, Trevor Cushen wrote:
Hello all,
Quick opinion based question. I have an switched internal network that
currently uses a lot of rcp with rsh authentication to moves files
about. Platforms are unix and nt (ftp on the nt side)
In that
Sniffing the traffic is trivial, even on a switched network. ARP flood the
switch (any vendors switch) and it will 'fail-open'...that means that it
will act like a hub and broadcast to all ports. Use ssh - and make sure its
the most recent version of ssh. Dont think for a second that a switched
It certainly is when someone gets on your switch and configures a SPAN
port.
Last audit I performed they gave the same arguments to their use of
telnet and ftp and ended with over 90% of their systems compromised to
some degree.
Granted this case was pretty extreme but you should certainly
Hi - my machine is sending out irregularly some peculiar ICMP echo
requests out to another local machine, which I would like to understand.
Do you see a chance to identify the source/program/service of this ICMP
request?
This is on MS Windows XP.
Thanks!
Axel
[EMAIL PROTECTED]
Newbie to the World of TCPDUMP.
I am running Snort IDS.
I have recently been interested in also logging ALL traffic that comes in/out
my network via TCPDUMP (ip headers atleast).
This is really for the purpose of Forensics etc etc and would be cool to zip up
and store away.
In the future I
Many thanks to those that answered and all excellent answers that I will
use in my argument to the customer.
A few interesting points came up also. Ettercap and dsniff were
mentioned and duly noted as I have used them before and should have left
out the part about sniffing a switched network in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The questions is this;
On an internal network that is switched (making sniffing harder) is it
worth going to SSH and SCP??
You already seem to know the basic fact a lot of people get confused with...
sniffing switched networks is possible.
I am using OpenBSD as our firewalled Internet connection. We have
several different facilitates and we use Windows NT as the
authentication server for users to log onto the system. I use port
redirection to send information to where it has to go. This allows me
to log and watch all activity,
On Sun, 6 Oct 2002, Bassam ALHUSSEIN wrote:
Hello ..
Well, I have some basic concepts about viruses and security. I am using NAV
2001 with the virus definitions of 16/09/2002 and it generally scans the
incoming emails. but after reading that email I noticed that NAV is not
running
On Mon, Oct 07, 2002 at 04:02:35PM +0100, Trevor Cushen wrote:
Hello all,
Quick opinion based question. I have an switched internal network that
currently uses a lot of rcp with rsh authentication to moves files
about. Platforms are unix and nt (ftp on the nt side)
More secure is ssh
In general, I would say, yes, it's worth it. However, here are
the questions I would be asking:
1) You mention that not many people have access to the machines. How many
is not many? What is the turnover among the people who have access? Is
key control important to you?
2) Do you foresee a
Hello,
I don't know if that is the correct list to ask this... but I'm looking
for a documentation to implement a Certification Authority. I mean, root
authority, subordinates, backup policies, certificate manager, redundancy,
etc.
Thanks a lot,
sorry for my poor english!
Felix
On 07/10/02 16:02 +0100, Trevor Cushen wrote:
Quick opinion based question. I have an switched internal network that
currently uses a lot of rcp with rsh authentication to moves files
about. Platforms are unix and nt (ftp on the nt side)
ssh is available for NT too.
More secure is ssh and
I believe you have been hit with the BugBear virus based on the symptoms and actions
you spoke of. I would suggest you clean your system promptly as you are most likely
now a host and may be propagating the virus to any shares on you LAN.
Norton may not have detected it because the virus
LogSurfer: http://www.cert.dfn.de/eng/logsurf/
Swatch: http://oit.ucsb.edu/~eta/swatch/
Regards
Muhammad Faisal Rauf Danka
Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20
What happens if you get back door'ed and a sniffer installed ? If they can
backdoor you, that can then arp spoof (among other things)
the switch to sniff that segment or make the switch mirror traffic. Switches
are not secure. Take a look:
http://www.arp-sk.org/
I believe you have been hit with the BugBear virus based on the
symptoms
and actions you spoke of. I would suggest you clean your system
promptly
as you are most likely now a host and may be propagating the virus to
any
shares on you LAN.
Norton may not have detected it because the virus
I have received an e-mail today that is not supposed to be sent to me (they
were calling somebody else that I don't know ..). When I read the mail with
Outlook Express I noticed that the popup window of dowmloading the
attachement is invoked rapidly (Slow computer) without asking for
19 matches
Mail list logo
