What of the case of "defragging the disk". Does this not reset the drive
space pointers?
Mr. Leonard J. Vickers
ERDC-ITL Alexandria . VA
Chief, ITCC
CEERD-IM-A
V: (703)428-6616, F:(703)428-6747
-Original Message-
From: Joe Barrett [mailto:barrettj@;wam.umd.edu]
Sent: Tuesday, October 29,
Any chance of making it less maths independant, for those of us who prefer
that? :)
-Original Message-
From: Dora Furlong [mailto:sparrowh@;deathstar.org]
Sent: Wednesday, October 30, 2002 4:48 AM
To: [EMAIL PROTECTED]
Subject: RE: Interesting One
Hmm this is an interesting topic.cons
Melting - an interesting concept. Once the magnetic material passes its
curie point, what would remain? Personally, I still like the way the
plastic substrate vaporizes when it burns...
Jim
[EMAIL PROTECTED] wrote:
>
> John, actually, we beat this topic to death about a year ago. Your good
> k
In answer to your question..."It Depends".
It will depend on how experienced your engineers are with Linux.
OpenBSD can be a pain to install and configure. RedHat on the other
hand is comparatively easy to setup. OpenBSD from what I understand is
the most secure version out of the box but again s
You are using software to try and recover information. If you can recover
files after filling the platter with zeros 4 or 5 times and recover it
without a direct attack on the platters (ie,using a SEM), then why is it so
hard to believe that specialized HARDWARE can recover it after 30 times?
A
Of course it wouldn't need to be done at all after the fact if a simple
keyboard logger had already been placed on the monitored computer while its
user or owner was away from the office
on 10/30/02 8:42 AM, Tim Donahue at [EMAIL PROTECTED] wrote:
>> Yes, it can be done.. it would cost abou
Folks,
Here is how to erase a hard drive securely.
1) Boot to a floppy and wipe it securely using a program that randomly
encrypts the sectors on the hard drive as it runs 10-20 times.
2) Take the Hard Drive out of the computer/server and set it on a bench
AWAY from other magnetically sensitive m
DoD drives that contain classified data must be destroyed (typically
through incineration). Drives that didn't contain classified data may go
through the 7 wipe process you mention. BCwipe is a program for windows
that does a good job.
At least some data can be restored from a drive with anyt
Setting aside any religious preference, I wouldn't suggest using a x.0 or
x.1 redhat release for your server. Before they blew their numbering scheme
with 7.3, I would have said to stick with a .2 release.
So, if you're gonna do redhat, do 7.3. Its a tested version and its a
release they're going
Man this is the best thread I have seen yet. Some great info and links for
further research. My personal goal is demystifying that 'NSA Standard'
It seems there are about as many standards as a normal government
beauracracy! 7, 9, 30, 100 how many times IS IT exactly? (I guess
that's w
This is true; I can see how specialized hardware can recover some data
that has been "formatted" say 30 times. At what point though does the
recovered data still have any usability? When I do recoveries, I only
charge for USABLE Megs of information as well as a standard fee. Nothing
outrageous, mor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Question to ask, do you have a windows 2000 domain controller on your
network? If so, it could be the culprit. Windows 2000 domain
controllers require DNS to function and if you set it up to read DNS
from your DNS server, it is probably hammering you
Maybe this will help.
http://www.techtv.com/screensavers/answerstips/story/0,24330,9165,00.htm
l
It is magnectic polarity at work not as fancy as atoms. You may be
looking for this
http://www.qubit.org/
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-O
hi there,
about the recovery take a look at this:
www.runtime.org GetDataBack
it's a great tool!
Best regards,
Kiril Tsvetkov, BG
Interesting tho. How would the recovering software know if the data
you're retrieving comes from the 30th re-write, or the 29th?
You also have to consider that the data you're trying to recover isn't
the first data written to the disk.
So even if the atoms are not all aligned the right way, you wou
Thanks James Taylor I was wondering where I got the seven from. I have
looked at the DOD standard that disk wiping products talk about and it
has no number in it (Orange book). Other US government documents talk
about three levels of disk destruction, wiping, degaussing, and
destruction. This ma
2c..
>From my experience working in the IT dept of a defence\aerospace
company, the standard for wiping hard disks that had contained
classified or higher data was to smash it with a hammer and chisel and
have it disposed of.
Mark Ribbans
Okay, I had read 3 times (which I forgot to put in the first email), but
have since seen 7 referenced several times. A buddy of mine who did
work for the NSA said they did 3 as well, so maybe it got increased
recently (maybe the same time they showed DES to the door for AES). In
any case, if the
I looked further at this DOD standard which was showing different
numbers from various people (including myself) Here is an interesting
article that discusses the DOD standard in the context of disk wiping
software. Worth being aware of.
http://www.darkstonedata.com/business/security8.html
Tr
I was sent this which seemed quite a coinicence as I am eagerly
following the thread on disk forensics etc.
I though the rest of you would see the humour.
http://w1.270.telia.com/%7Eu27007970/ghetto.htm
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
**
Actually, the DoD standard is :
Secret - three times overwriting using approved software, but must be reused
in a secret or higher level machine
Top Secret - must be degaussed and broken up (with specific size of pieces
limits)
Top Secret Compartmentalized - melt in furnace or media surface remove
U.S. DoD - seven pass extended character rotation wiping [DoD 5200.28-STD].
And for the sake of argument the program i use has a limit of 100 passes.
- Original Message -
From: "maillist" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 30, 2002 7:45 AM
Subject: RE: Inte
I have heard similar claims from "agencies" about the ability to recover
data after multiple re-writes. I also happen to know that several of
these "agencies" when doing drive disposal, literally drill holes in
their drives then incinerate them. That is after they wipe the drive
clean several times
You are correct, and I was a bit hasty in my initial response. I suppose my general
distrust for salesmen is showing!
I am no stranger to the world of physics, and Scanning Microscopy is certainly no
exception. However, I *assumed* (my mistake) from the original post that the
salesperson was
Ahhh yes my mistake, mixing up the source and destination addresses.
Of course, this begs the question why internet routers do not filter on
source address, but I'm sure the ISPs have their own self-justifying
reasons...
1. Is this possible? I would have thought any packet
with such a spoofed
Hi Rick,
The physical firewall will provide much more than blocking incoming request.
1. You may want to block outgoing connection to certain IP address / location
2. you want to implement Anti-spoofing
3. You want to have control of what incoming connection allowed and what's not, rather
than d
From: "Rick Darsey" <[EMAIL PROTECTED]>
I am doing some research for one of my clients. They have requested a
physical firewall installed on their network. They are already >running a
NAT'ed network behind a LinkSYS router.
In this situation, what benifits, if any, will the physical firewall
pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear all.
I'm looking for a way to scan existing Windows XP installations for
trojans, viruses etc. The closest match to my needs seems to be Nessus,
but I have the following reservation:
Since the client has to be installed on the running Windows
My search turned up that port 29990 is a very common game server port,
RTCW, and Threewave.
Port 51417 I found nothing useful on.
Hope this helps.
-Original Message-
From: Dallas Jordan [mailto:DJordan@;sawgrassink.com]
Sent: Wednesday, October 30, 2002 11:22 AM
To: Security-Basics (E-m
Hi,
What are the best security practices for a DMZ? Or put a different
way...what are things you should never allow to be done on a DMZ? To give
you an example of what I am talking about we have had our DMZ set up for
about 5 years. However we keep getting stranger requests for activities
Hello all,
Looking for resources on configuring a NetScreen client to connect to a
PIX VPN device. Any leads?
Cheers,
Kevin
Carl
I believe that DNS lookups use UDP because the request and response can
each fit into one packet. If a DNS request is for some reason larger
than 512 bytes which is the maximum size for a UDP packet (RFC1035 [6])
then the client will use TCP instead. Closing this port to internal
clients co
One program I know of that uses TCP requests for DNS requests is Microsoft's
SMTP server that's bundled with IIS. There's a KB artilcle on MS's website
that states that the RFC for DNS servers should be able to accept UDP and
TCP requests. MS took this to extreme and set their SMTP server to ONLY u
On Wed, Oct 30, 2002 at 12:25:41PM +, Nuno Branco wrote:
hello,
>
> I am working with gcc and libpcap and i already read the tutorial in
> www.tcpdump.org. I also tried looking around dsniff source code, but
> that's a little ahead of me right now, I want to do more simple stuff
> just for lea
Zone Transfers use TCP instead of UDP on port 53. That is most likely
what you are seeing.
--Daniel
> We are reporting TCP based DNS requests to one of our DNS servers
coming
> from internal, client IP addresses. My manager would like to block
the TCP
> packets. What or why would their be rand
TCP/DNS(53) is used for zone transfer. To be simple, TCP/DNS(53) is used
between the name servers to exchange/update there name databases where as
UDP/DNS(53) is used for querying.
I see two possibilities for having generated TCP based DNS requests in your
network.
1. You must have another DNS se
I'm fairly new to this, so please bare with me. If this question has been
asked in the past, I apologize. I'm new to the listserv as well.
We are discussing starting our own web server. There is debate on whether
RedHat 8 or OpenBSD is more secure. What are your thoughts? We will be
doing
Hi Guys!!!
I am trying to block KaZaa using access lists, I read many
tips like blocking port 1214, block the Morpheus network, but
with the latest version of KaZaa it seems that not work, why?
Let me explain...
I have Kazaa Media Desktop 2.0 (Built: Friday, September 20,
2002 16:14:03), a
I am sure that this is a silly question, but who are these guys that keep
trying my firewall on port 53 (DNS) and port 8. I am sure they must be the
good guys, but why do they keep knocking, I only have one DNS server that is
setup for lookup mode ???
66.28.34.130
204.71.35.136
212.62.17
I believe DNS uses TCP in certain circumstances. If I recall correctly, if
the request to the DNS server generates a reply that's too big for UDP, it
will use TCP instead. If you block TCP, you'll see strange behavior from
your DNS server - it'll work sometimes but not others. Your internal
clie
At 08:46 AM 10/30/2002, Carl R Diliberto wrote:
We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses. My manager would like to block the TCP
packets. What or why would their be random TCP packets? We monitored
several clients and it appears
udp is used for normal domain queries. tcp is used for zone transfers and
large queries. Stopping it at the firewall (tcp/53) can be safe and will
definitely stop any zone transfers, but the occasional DNS query might not
work. It is better to use named.conf to control zone transfers.
M.W.
When they say it can be retrieved if a drive has been formatted up to 30
times, they are probably a little ambitious. Most formats are done using
"format c:" and nothing else. Again, this just removes the pointers.
When I redo a drive, I run a zero fill 3 times over it. Then to test
whether or not
It is not as simple as it was presented here - in theory it could be done
through source routing (and this assuming that all devices on the way
"cooperate" in letting you do that) - you first do a traceroute from the
station you want to reach it from, to the external interface of the NAT-in
dev
From: "Pablo Gietz" <[EMAIL PROTECTED]>
You should encrypt the output from apache server, redirecting ports, and
develop a personal browser that decrypt the pages "only for your eyes",
making no chache of anything.
Thats a pretty good idea, you could use some perl modules to slap together a
spec
John, actually, we beat this topic to death about a year ago. Your good
knowledge of physics is misleading you. An extraordinary understanding of
physics provides us with tools such as Magnetic Force Scanning Tunneling
Microscopy which can recover data, with no theoretical limit of how many
times t
Bits being either on or off is not quite true. In a
perfect universe this may be true, but the one we are
in is far from perfect. Media writers are not capable
of perfect over writing. There is always a small level
of write error that occurs and the magnetic traces of
previous writes are left behin
The only thing that I would add is that total physical destruction works
real, real well and is preferred if you don't plan on using it again. A
furnace works really well and has other uses. (Plastic burns good)
Jim
Dan Darden wrote:
>
> I have never seen the process done, however have heard s
48 matches
Mail list logo