If you have the rights to the machine all you need to do is use the first
version of pwdump on the machine that you are looking for and dump the sam
into a txt file and then just import the dumped sam into LC4
Joshua R. Hopkins
Information Security Analyst
ARUP Laboratories
Salt Lake City, UT
Hi,
We have different Cisco Catalyst switches configured for VLANS. With the
current configuration
1. All trunks have a native VLAN, which is not used by any User.
2. Management VLAN is other than VLAN 1.
We have different VLANs in place, however these are only used for
different Servers ,And
Klez has several variants. This is probably just one of them.
1) The my_name email address is an old excite account which
hasn't been used in over 2 years and has been disabled.
But someone, somewhere, might still have it in their address books.
The myfriend address was not
in my address
Anyone heard of this or have any idea how to get rid of it? AdAware
didn't
find the malware.
Another one you can try is Spybot: Search and Destroy at
http://security.kolla.de/
Its a spyware detector for advanced users meaning it leans towards the
paranoid and will appear to give you lots
If you create an emergency repair disk, then windows will copy the sam file
to c:\winnt\repair directory at which point you can then do what you like
with the sam file while the system is running.
-Original Message-
From: James Kelly
To: 'Pez Mohr'; [EMAIL PROTECTED]; 'Security-Basics'
Is anyone on this e-mail continually getting spam e-mails about Norton
System Works 2003? I would think that this would be a scam to try and
get credit card numbers etc... If it was legitimate, I think I will
switch to linux sooner than planned.
Educate your manger on the importance of Security.Tell him ,Security should
always have Top - down approach (Meaning,security should start from
Management to Technical).I come across lot of security related incidents
,when I go for auditing.
cheers
At 08:23 PM 1/29/2003 +0100, [EMAIL
hello all,
i just used nmap to detect the os on the network. out of curiosity,i want to
know if there is a way of making the OS undetectable. it will be of great help if
anyone could point out how do it?. i am using both windows and linux.
thanks in advance.
regards,
Prathap
snip
I, personally, have a tendency to SSH home during class
to read up on email and such whenever it gets a little
boring. There's also times when I 'su' while logged in
remotely from school. I know I don't want anyone getting my
root passwords.
You could use sudo for most things that
Hello. I'm using nmap to scan a Linux machine I have.
It's a slackware 8.1 box. When I do a normal scan I
see port 111/tcp listed as being open which nmap sees
as possibly being the sunrpc service. I have looked in
inetd.conf and don't see anything related to that. How
can I find out what service
Hi guys,
For the last two months or so I have been receiving emails with the
I-Worm/Sobig virus attached about twice a day. My anti-virus sw protects
me well so I am not infected in any way (nor has anybody else here).
Initially, I used to ignore the messages and delete them; after a couple
of
That's almost as bad as the amount of SPAM I receive advertising the
Chubb Institute and DeVry University. Let's see... you claim to teach IT
yet you offend every IT person on the planet by spamming them???
Ingenious approach!
mike heitz ** sr it manager ** UPSHOT
312-943-0900 x5190
Execute command:
iptables -A INPUT -s 0/0 --dport 111 -j DROP
-Mensagem original-
De: Rod Green [mailto:[EMAIL PROTECTED]]
Enviada em: sexta-feira, 7 de fevereiro de 2003 11:40
Para: [EMAIL PROTECTED]
Assunto: Port 111 TCP - SUNRPC
Hello. I'm using nmap to scan a Linux machine I have.
netstat -lp will show what processes are listening on your machine. you
have to be root to use the -p option however.
-Ethan
-Original Message-
From: Rod Green [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 07, 2003 5:40 AM
To: [EMAIL PROTECTED]
Subject: Port 111 TCP - SUNRPC
When all users are on the same VLAN, they are on the same network and
therefore can see each other. If you want to keep groups separate, for
example Engineering from Finance, it makes prefect sense to create a VLAN
for each and assign ports (or users) to that VLAN. From a security point of
view,
On Fri, Feb 07, 2003 at 08:13:43PM +0530, Prathap R wrote:
i just used nmap to detect the os on the network. out of
curiosity,i want to know if there is a way of making the OS
undetectable. it will be of great help if anyone could point out how
do it?. i am using both windows and linux.
Since you have a seperate management vlan, and it sounds like there is
nothing else in the vlan besides user ports, I haven't heard of any security
advantages to not using the default Vlan. However for organizational and
easier administration it would make sense to use a different vlan for user
Rod,
I would check /etc/services for tcp/111 (ie. # cat /etc/services | grep 111)
I Believe with Slackware though SunRPC is being run from within the rc.d
startup scripts located in /etc/rc.d/. you will have to comment out the RPC
startup entry within the rc scripts.
-Original Message-
install lsof and then
lsof -i | grep sunrpc
or
lsof -i | grep 111
check out:
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-server-ports.html
for more info.
dave
On Fri, 2003-02-07 at 08:40, Rod Green wrote:
Hello. I'm using nmap to scan a Linux machine I
See those all the time getting caught by our spam software.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
Is anyone on this e-mail continually getting spam e-mails about Norton
System Works 2003? I would think that this
There was just a thread about this on the honeypot mailling list
([EMAIL PROTECTED]). Not only can you make the OS undetectable,
you can also fake other OS's in the nmap scan. Links from honeypot threads:
http://ippersonality.sourceforge.net/
http://www.raisdorf.net/projects/pfprintd/
you also
Ah yes.. bigboss..
I get him about 2 - 3 times a day. Dunno what or why it is.
Its not just you though.
Rob
On Fri, 7 Feb 2003, Chris Carter wrote:
Hi guys,
For the last two months or so I have been receiving emails with the
I-Worm/Sobig virus attached about twice a day. My anti-virus sw
Our IT department has things set up to scan for viruses and block all
virusy email inbound, so I haven't seen this particular problem. At home,
where I am the IT department, I've set up my email program to not download
mail from certain addresses that I find either offensive or virusy. It
sits on
execute of ntsysv e disabled RPC
or
vi /etc/inetd.conf e disabled SUNRPC
-Mensagem original-
De: Rod Green [mailto:[EMAIL PROTECTED]]
Enviada em: sexta-feira, 7 de fevereiro de 2003 16:50
Para: [EMAIL PROTECTED]
Assunto: Re: RES: Port 111 TCP - SUNRPC
I found that the service was
This presentation has a lot of L2 security considerations, including
VLAN1.
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf
Hope it helps.
~marco
-Original Message-
From: Naman Latif [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 06 February, 2003 08:00 PM
To:
Don't forget to specify which protocol (ie. -p tcp or -p udp) otherwise it
won't work.
---
Jose Luis Onis
Primary Brokers
-Mensaje original-
De: William Rocha Lima [mailto:[EMAIL PROTECTED]]
Enviado el: viernes, 07 de febrero de 2003 15:49
Para: Rod Green; [EMAIL
OK, I need some input from you guys on this.
Our webmaster seems to think that giving the guest internet user read access
to the C drive is OK as long as you don't set IIS to list content and other
stuff that I don't understand, since I don't know anything about running a
website.
I told him that
--On Friday, February 07, 2003 10:54 AM +0100 Chris Carter
[EMAIL PROTECTED] wrote:
For the last two months or so I have been receiving emails with the
I-Worm/Sobig virus attached about twice a day. My anti-virus sw
protects me well so I am not infected in any way (nor has anybody
else here).
On Fri, Feb 07, 2003 at 10:54:13AM +0100, Chris Carter wrote:
Hi guys,
For the last two months or so I have been receiving emails with the
I-Worm/Sobig virus attached about twice a day. My anti-virus sw protects
me well so I am not infected in any way (nor has anybody else here).
Initially,
There have been numerous kernel patches that prevent stealth, fin and rst
scans for Linux and BSD. I'm not sure as to updates, but you can the old
sources for linux kernel 2.4.16 and BSD 4.4 in the downloads section of
www.badc0ded.com.
Applying this code to the latest kernel builds should not
Cisco recently held a Sec Boot camp seminar in my area, and they covered
Layer 2 sec issues. One of their topics was VLAN hopping... They
were nice enough to put all their slides on the Web in PDF. The first 4
presentations listed are good reads, the 5th if I remember correctly was
pretty well
As much as it pains me to admit to having worked for
them for FOUR YEARS, yes, their marketing people spam
the daylights out of the consumers. NAV is the Holy
Grail to Big Yella. How else are they going to send
all those account managers and executives to Tahiti?
--- Brad Arlt [EMAIL PROTECTED]
The most ironic I find these days are the ones that start out Get rid of SPAM now.
As for the Systemworks emails, there was a write-up a few weeks ago, forget by who
(could of been CNET), in which this was addressed.
Apparently, a large number of surplus copies of Systemworks were purchased
Greetings,
I don't know of any advantages (if someone does please share) of moving
all users to a non-default VLAN, but there may be an advantage to putting
different user groups onto different VLANs.
Example, putting Development and HR onto different VLANs essentially puts
them on seperate
Hey Chris and all,
We have seen some of this on our network as well. It (I-Worm/Sobig)
appears to be just another worm that spreads via email on Windows
boxes. Like so many of the others, once it infects a users machine, it
collects their email addresses (from WAB, HTML, DBX, EML, and so
There are stories in the media of identity theft, mass credit card fraud
and various forms of industrial espionage on least a monthly basis.
The bigger issue is that security MUST come from top down. I'm not sure
of the of laws in your corner of the globe, but you may be able to
convince him
It's called the Portmapper service - run setup from the Linux command prompt, which
should give you the option to configure services, there you can disable Portmapper and
save settings.
Regards,
T.Lambo
In an email dated Fri, 7 Feb 2003 1:40:07 pm GMT, Rod Green
[EMAIL PROTECTED] writes:
Spam is so frustrating. gr. I always report it--It doesn't
stop it from coming, but if I can be an annoyance to them (like they are
to me) then I'll keep doing it. :)
My ISP just sent me this to report complaints regarding other domains.
It may help (or may not).
It is not from Symantec. If you visit their site you'll see they are as upset about
it as you are.
http://www.symantec.com/spamwatch/
Bob
On 07 Feb 2003 18:38 EST you wrote:
Is anyone on this e-mail continually getting spam e-mails about Norton
System Works 2003? I would think that this
Chris,
That's another one that will come to you from just about anywhere. If
someone is infected and has your email address anywhere on their system,
you'll get targeted. Here's the write up from Symantec... of interest is
the section describing where the worm harvest email addresses from. The
On 7 Feb 2003 at 10:54, Chris Carter wrote:
Hi guys, For the last two months or so I have been receiving emails
with the I-Worm/Sobig virus attached about twice a day. My anti-virus
sw protects me well so I am not infected in any way (nor has anybody
else here). Initially, I used to ignore
41 matches
Mail list logo