I would not assert "anything" for a single - or even thirty -
overwrites.
Jim
"Nero, Nick" wrote:
>
> Well, the NSA standard I believe is that zero-filling a drive (writing
> all 0's to the platter) will make the data impossible to recover, but I
> am sure there are some instances when this isn'
On Tue, 2002-10-29 at 18:15, John Orr wrote:
> Personally, I think he is full of... hot air.
>
> Bits are either "on" or "off", "1" or "0". If you change that pattern (i.e. write
>over the same data area with a different sequence of bits), then the previous state
>of that field would not
EXACTLY!! But here is my hope: according to the standards, all browsers
developed by HTTP1.1 standard are forced to abide by the requirements in the
HTTP headers, even though not necessarily forced to go by Pragmas and/or
Metatags (which are HTML "enforcers", instead) ... this is the difference
I have heard a rumor that they and the FBI use an electron microscope for
this, seems like this would take a huge amount of time though.
Tom
-Original Message-
From: Dozal, Tim [mailto:tdozal@;cisco.com]
Sent: Tuesday, October 29, 2002 1:44 PM
To: Dave Adams
Cc: [EMAIL PROTECTED]
Subject:
Checking my snort logs this morning, I found several nmap TCP scans to port
29990 from about 6 different IP addresses. I also noticed that last week we
were scanned from these same addresses on port 51417. Has anyone else seen
this type of activity? I tried to find out some info on these ports b
Yeah Norton disk edit (disk doctor) allowed you to do this
back in Dos 4.0 :)
-Original Message-
From: Michael Cunningham [mailto:crayola@;optonline.net]
Sent: Tuesday, October 29, 2002 2:43 PM
To: Dave Adams; [EMAIL PROTECTED]
Subject: RE: Interesting One
> Anyway, to get to the point
John,
Think atomically. There can be millions of atoms in a apace the size of a
pin tip. A write head need not turn every atom in a layer of magnetic
material one way or the other. It only needs to turn just enough 'clearly'
one way in order for the read head to pick it up again. If we talk ab
We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses. My manager would like to block the TCP
packets. What or why would their be random TCP packets? We monitored
several clients and it appears it only needs UDP.
Thanks
Carl
> Yes, it can be done.. it would cost about 100k per drive and
> the ability to access an electron scanning microscope. At 30
> times I highly doubt they could recover anything of any value
> anyway. Using most commercially available products like
> "Encase", you can recover files that have bee
Maybe it could be a solution to set up an direct Remote
Access? Just a modem at both sides.
Robert
--
http://protecus.de - Firewalls, Security and more ...
I was wrong on my original post. I forgot to mention that you should
zero fill the drive THREE times to meet the NSA standard. A buddy of
mine who has done some highly classified work says they had to write a
"random pattern of bits three times" to the media. Other media (hard
drives, tapes . ..
Not possible to recover overwritten disks via software perhaps but
physically is a different story. As a side note, for software based
deletions you also need to ensure that the overwriting actually
overwrites all the relevant parts of the physical disk - not all tools
do that (thankfully from a fo
1. Is this possible? I would have thought any packet
with such a spoofed IP address would be deemed
non-routable by any of the routers between the source
host and mine, and hence would never make it to my host?
The destination (your external address) is routable. Source is ignored
unless prohibit
I believe that DoD recommendations is to completely overwrite the drive
7 times. As stated in other posts this does not mean "deleting the
files" this means actually overwriting all the sectors during a "low
level" format. There are tools available from hard drive manufacturer's
web site for free
I believe the DOD level is 7 overwrites before the data is deemed
unrecoverable. Bear in mind however that the DOD practise is to burn
the hard drive as part of the disposal procedure.
I used @Stake autopsy and found it very quick and easy to use for
recovery of deleted files.
BackByte is ano
If it is more than one person that needs remote access, you might look into
setting up a Citrix server. Citrix is capable of using SSL encryption.
If it is only one person you could use VNC over a SSH connection, or even a
SSH tunnel to a Win XP box's remote desktop.
Tim Donahue
> -Origin
I disagree with you both - the NSA standard for a drive that will be
recycled is a nine-pass wipe ... involving pseudo-random data, 0s and 1s ...
preferably in a non-predictable order ...
Reading after thirty overwrites is just scare mongering. Depending on the
media it might just be possible on
I recently found some time to code a little and I was interesting in
doing a little packet sniffer just for for fun. :)
I am working with gcc and libpcap and i already read the tutorial in
www.tcpdump.org. I also tried looking around dsniff source code, but
that's a little ahead of me right now,
> the guy that came to see me said that their
> forensics guys could read data off a hard drive that had been written
> over up to thirty times. I find this very hard to believe and told him I
> thought he was mistaken but the guy was adamant that it could be done. My
> question is, does anyone ha
I am not sure if this is the right list for this question. If it is not,
please let me know where to post it.
I am doing some research for one of my clients. They have requested a
physical firewall installed on their network. They are already running a
NAT'ed network behind a LinkSYS router.
I fully agree with Mr. John Orr here and I find it particularly interesting
that he works in a bank because I've heard ( my c++ teacher ) that some
banks have to overwrite with zeros 3 or 4 times all of their HDs just to be
sure there was nothing left on the drive. Maybe he was wring but t
The CISSP Study Guide (ISBN 0-471-41356-9) states that:
"Information on magnetic media is typically 'destroyed' by
degaussing or overwriting. Formatting a disk once dones not
completly destroy all data, the entire media must be
overwritten or formatted seven times to conform to
standards for objec
Last I heard from some DoD/NIPC people (and this was well over a year
ago) is that they were able to successfully retrieve at least partial
information off a disk that had been overwritten 153 times. Assume that
(at least government) forensic techniques have improved since.
Hope this helps!
Regar
Adam,
A while ago I read about a company in Denmark that recovers data from
damaged hard drives. They agreed to do a test for the NSA in wich the NSA
sent them a drive that was full of documents, but they formatted it, filled
the drive with zero's, formatted it again, filled the drive with one's,
On 29 Oct 2002 at 12:15, John Orr wrote:
Date sent: Tue, 29 Oct 2002 12:15:22 -0600
From: "John Orr" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,
Subject:Re: Interesting One
> Personally, I think he is full of... hot air.
>
Hmm this is an interesting topic.considering overwrites are dependant
upon one frequency signal overwriting the previously written pattern.
If the write current is too high it produces fringing fields at edge of
the head pole track widths... typically overwrite values kept below
-30dB
IE A
The only issue I can think of is that is an attacker gains access to
your server, then both your DNS and mail belongs to them, rather that
having only one compromised. Of course, if they were on separate
machines, then it is likely that if one was compromised, then the
attacker could go from one t
Hey there,
This list is well maintained and regularly updated:
http://www.multiproxy.org/anon_list.htm
I use it myself so I know for a fact it's reliable :)
Hope that help syou out.
Hamish Stanaway
-= KoRe WoRkS =- Internet Security
Owner/Operator
http://www.koreworks.com/
New Zealand
Is you
I have never seen the process done, however have heard similar statements.
I am told the tool that is used is known as a magnetic microscope. The
theory behind this is that a bit on a disk takes up much more space than a
single atom of magnetic material does. The fact that the magnetic material
c
> ...the guy that came to see me said that their
> forensics guys could read data off a hard drive that had been written
over
> up to thirty times. I find this very hard to believe and told him I
thought
> he was mistaken but the guy was adamant that it could be done. My
question
> is, does anyone
The NSA zero-filling standard which you reference, as well as Disk erasing
software is only compliant to DOD non-classified. Any further level of disk
erasure requires the use of a high-temperature furnace.
PJC
-Original Message-
From: Nero, Nick [mailto:Nick.Nero@;disney.com]
Sent: T
Actually, the DoD standard is to write over the data 7 times, alternating
between 0x00 and 0xFF.
I can only assume that the NSA follows a similar (or perhaps more stringent)
standard
Joe Barrett
- Original Message -
From: "Nero, Nick" <[EMAIL PROTECTED]>
To: "Dave Adams" <[EMAIL PROTECTED]
Be sure your VPN software supports Netmeeting. Cisco's VPN client does not.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml#Q56
-Original Message-
From: Mike Carney [mailto:mcar@;haestad.com]
Sent: Tue 1
I know of a few programs that you can set to delete files up to 30 times in
a row. I was allways wondering why they were able to go so high, and allways
assumed the only information that can't be retrieved is from a hard drive
with bullet holes (just in case* (the FBI and other police forces send h
On Monday 28 October 2002 23:06, Dave Adams wrote:
> I had an interesting conversation today with someone from FAST
> (Federation
> Against Software Theft) They pretend not to be a snitch wing of the
> BSA. Anyway, to get to the point, the guy that came to see me said
> that their forensics guys c
Stunnel and client-certificates? SSH Port Forwarding with
client-certificates? Probably your best bet IMHO.
- Original Message -
From: "Steve" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 29, 2002 3:00 AM
Subject: Encrypting decrypting files unto file server
> Hi fo
This could possibly be done using a technique called Magnetic force
microscopy.
http://www.cypherus.com/resources/docs/shred.htm
describes this technique and also how to really erase data (which basically
means just overwriting a large number of times :-)
At 22:06 28/10/2002 -, you wrote:
>
Hmm. I am wondering where the attacker is going to put this route that
you mention so that it routes right past your NAT.
> It can not be stressed enough that NAT alone is _no protection at
> all_, there must be some filtering or you are running wide open
> looking for trouble.
>
> By adding a r
38 matches
Mail list logo
