Probably have run the ptrace exploit, got root and installed rootkit. You
*must* have given shell access to your users and one of them did it :-)
Don't rely on just removing the files but get a fresh install of the OS as
this would be the best resort for you. Would it be possible for you to zip
faddr is a foreign address or outside machine. gaddr is a global
address which is basically a NAT address. laddr is a local address
which is being protected behind the global/NAT address. The message
format generally puts the source first, then the destination. Cisco's
web site has PDF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zone transfers happen on 53/TCP, rather than the 53/UDP that
is used for typical lookups.
As such, if your DNS server is behind a firewall you have
the option of layered security.
You can configure your DNS server as below -- to only allow
zone
In-Reply-To: [EMAIL PROTECTED]
I'm not a Cisco PIX internals expert, but in TCP built (302001) I got an
inbound|outbound so I can identify who start the connection.
If (302005) shows only the connections FROM foreign address TO local one
(as Cisco says) , how someone could identify the
Scott,
Yup, another dept in my organization maintain a linux server specifically
for logging. I'll look more into the NTsyslog tool you spoke of; do you have
postive feedback to go with it?
Thanks,
Stephen
- Original Message -
From: Birl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
In a pinch you can use something like Knoppix, which will boot Linux from a
CD, assuming your bios is configured to allow for CD boot. This way you
don't have to strip the HD from the rest of the hardware and can still get
all the information from the machine and copy/clone it to a network disk,
ProtectDrive ( I think also use to be known as PC Vault), does full disk encryption
however I think
the access control is performed prior to logon.
http://www.eracom-tech.com/products/pd/pdrive.htm
If your running 2000/XP have you looked into EFS?
Regards,
Dean
-Original Message-
On 2003-06-18 Gene LeDuc wrote:
It funny that this discussion started in the last few days.. As
Murphy would have it, last night while installing a new nic card.
Something happened to the boot.ini file and corrupted it. I don't
know how or why except the possibility of it writing to the
Stephen,
The article at http://www.sans.org/rr/win/event_logs3.php may be of
assistance.
Regards,
Damon
Hello,
Does anyone have any experience with centrally locating Windows2000 log
files, for disaster recovery sake?
What I have in mind is a dedicated server with a large storage array,
cause its microsoft, and is bound to have holes? heheh
Just a funny to pass the time.
- Original Message -
From: Roger A. Grimes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 2:17 PM
Subject: RE: Hard Drive Encrypting
Any reason why you
Dennis,
Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1 client
shows the login: and password: transmitted in clear text to a Windows XP
telnet server.
Can you specify any documentation stating NTLM is used?
Thanks in advance,
Damon
The telnet built into Windows 2000
From: Depp, Dennis M. [EMAIL PROTECTED]
I really like VNC, but it has little security and no encryption.
Which is why you pipe it through SSH or a VPN. (or both if you're really
paranoid.)
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
Within every man beats a heart of
I used a tool named Safeguard Easy. Consist in encrypt all the
partitions in the Hard disk
and you need to give a password in the boot of the machine like when
you have to enter the password of the Bios. It´s very good but it make
the PC more slowly.
_
Alejandro Salgado
Bill,
If you check the Default Web Site, under IIS, you'll see that it is
protected by SecurID. Since this is protected by the SecurID Watchdog ISAPI
filter (verify this by looking in the ISAPI filter tab), any attempt to
connect to your server (URL or URL/Exchange/), users will be directed to
Well if your looking to backup event logs to a central database you can give
the program Event Archiver Enterprise a try, I don't have the url, but I'm
sure you can find it on www.download.com
-Original Message-
From: Stephen Gay [mailto:[EMAIL PROTECTED]
Sent: 19 June 2003 01:25
To:
Use Microsoft's built in EFS.
Will serve the purpose.
-Naveed
-Original Message-
From: Martin Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 00:31
To: [EMAIL PROTECTED]
Subject: Hard Drive Encrypting
Good Day,
I have a need to encrypt the hard drive
A) Establish policy and standards.
1) Implement WEP, which is broken but better than nothing.
2) Do not broadcast the SSID.
3) Do MAC or layer 2 filtering.
4) Enforce authentication
5) And if you are really paranoid, use a VPN.
And oh yes, monitor your network!
Greg
-Original
which eggdrop are you gonna run??? you gonna run the actual program
eggdrop??? sorry, if that's a stupid question to you. i know there were a
bunch of security issues floating around with the actual program called
eggdrop (http://www.eggheads.org/downloads/)
adam
If you overwrote your drive with a new install of the O/S you just overwrote
your data so you're pretty much scr3w3d unless you do data recovery with
Ontrack who MIGHT be able to recover it but it would cost you some $$$. A
tool such as Encase or FTK MIGHT would probaly be able to recover SOME of
Greetings,
There have been many posts to the list recently with bulky disclaimers,
often in excess of 10 lines long. These are annoying and of questionable
legality, especially when you post a message to a mailing list with 12,000
people and you have no control over who receives your email.
I
Agreed, the passwords in NTLMv2 are encrypted but not the telnet session.
-Original Message-
From: Bryan S. Sampsel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 2:33 PM
To: [EMAIL PROTECTED]
Subject: Re: sshd for windows
Telnet is telnet. The protocol itself is
Well as far as I know, once you visit windows update, it will only have you
install patches that you don't have installed. So I assume once installing
SP3 and doing Windows Update, you should have everything.
-Original Message-
From: phil groner [mailto:[EMAIL PROTECTED]
Sent: 19 June
I do not know why you want to do this?
A) 86%+ of malicious activity comes from internally.
B) Dedicated machines for single processes is recommended unless you have a
4th generation SUN computer in which you have hardware domains.
Have you tried configuring the IIS server for (2) OWA
On 2003-06-18 Richard Parry wrote:
theres a builtin telnet server included with win2k (server and
workstation).
Oh yeah, thats the perfect way of breaking into a machine ! Telnet is
plain text, so is very easy to sniff anything that goes on ! I hope
you are being sarcastic !
You do know,
You can also just make an NTFS boot disk, and then try and copy a new
boot.ini over. If your looking for a program to make an NTFS boot disk just
search on google for NTFS Boot Disk :p
-Original Message-
From: Dana Epp [mailto:[EMAIL PROTECTED]
Sent: 19 June 2003 02:33
To: Gene LeDuc;
I use the following perl script, its a bit dirty but it works. When you've
collected the logs you can process them using CyberSafe Log Analyst from the
2K resource kit.
Ben.
#---
#
# Backup and Clear Security EventLogs.
If you haven't overwritten, the master -slave that Chris Berry suggested
would work for copying your files. A new drive prefer W2K or XP should read
any other Win O/S. Linux would also work to read your drive.
Sonja Robinson, CISA
Network Security Analyst
HIP Health Plans
Office: 212-806-4125
Do you mean something more than what comes built in? The EFS?
Jeff
-Original Message-
From: Martin Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 3:01 PM
To: [EMAIL PROTECTED]
Subject: Hard Drive Encrypting
Good Day,
I have a need to encrypt the
- Original Message -
From: Jairo Tcatchenco [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 8:08 PM
Subject: ptrace24 - How It apeared in my box?
Hello all!
Using chkrootkit tool, I found a root kit inside my box. A door was
opened and I haven't
In-Reply-To: [EMAIL PROTECTED]
Hi Naman, nice to see you here too...
unfortunally, I've to use PIX 6.0 because it seems it's the PIX version
used by the FWSM module.
In v6.2+ there is no more message 302005 and also no more 302001, but I
have to deal also with that ones.
So in the old
Yes it is possible if you allow any host(ip address) to do zone
transfers. Most name server daemons allow you to specify what hosts you
want to allow to request transfers, and block all others. You can also
block TCP port 53, and only allowing UDP port 53 with an ACL or Firewall
ruleset. I do
In-Reply-To: [EMAIL PROTECTED]
if you really want it secure I recommend using 128 bit WEP, mac filtering
and blocking all external icmp packets to the wireless router (if that's
what you're using). Both the encryption can be broken and mac filtering
bypassed. There will be a new encryption
Hi Tim,
I have been the product manager for Avaya and Lucent wireless for 3
years.
There are noumerous security standards on the way.. Some good some bad.
It also depends on what level of security you want.
I would suggest that you have all your AP's on the Outside or at least
in the DMZ of your
Dear All,
My company is going to deploy MPLS Cloud instead of the Frame Relay
Cloud network. I would like to enable Payload encryption (MPLS can
deploy IPSec in the Transport Mode not Tunnel Mode because the provider
has to know the Destination Source IP's) between routers (Cisco
Routers). A VPN
I have found EFS to be effective only as long as the encrypted file is on a Windows
2000/XP machine. As soon as you copy it to a computer with a different operating
system, the file is decrypted.
Allan Foster, CISA, CISSP
Principal IS Auditor
Legislative Post Audit
800 S.W. Jackson St, Suite
Do to the lack of knowledge and impatience I formatted the drive. I now have looked
at a couple recovery tools out there but they run around $75.. ouch. I will bite the
bullet and get one I guess. Here is the question, once that the information is
recover will the application be able to read
(or both if you're really paranoid.) Talking about slow?! ... LOL ...
Double 3DES Tunnels (SSH and VPN) ... Let's see, that is up to 68% reduction
in bandwidth, plus the overhead that VNC has. That would be quite
interesting?
Definitely more secure than usual!
Maybe all SMP machines and an
37 matches
Mail list logo