On Mon, Aug 04, 2003 at 11:44:43PM +0530, D N Vaidya wrote:
> Dear List members,
> >
> > I like to know that in datacenter environment if Windows, Linux, Solaris
> > systems are hosted, then how to keep track of vulnerability in all
> > machines. If any new vulnerability arised or disclosed then ho
Can someone point me to a good word file that I can use with L0pt or other
password crackers? The list that comes with at stakes product is very
limited.
Also besides L0pth what other password auditing tools do people recommend.
SKP
-
I have tried searches for UNIX password cracking tools and I have come up
with little value. Can someone direct me to passwd auditing tools
besides "John The Ripper" that are free or cost?
Regards,
James
---
I'm fairly sure that 1 applies to domain logons and 2 applies to any other connection
that requires authentication. eg. accessing a shared folder.
-Original Message-
From: Michael Ungar [mailto:[EMAIL PROTECTED]
Sent: Sunday, 3 August 2003 3:42 PM
To: [EMAIL PROTECTED]
Subject: Windows 20
From: "Bob Walker" <[EMAIL PROTECTED]>
While I am a huge fan of the msconfig utility in windows machines, it
doesn't work in win2k. Doesn't even exist. My advice would be to go
the safe mode route, as you suggested. Another possible avenue (for
advanced users only though), would be to go to admi
On Mon, 4 Aug 2003, Spamme Herefool wrote:
> I'm looking at writing my own script for auditing a few different boxes with
> a number of services. I'm having trouble with something as simple as
> greping for IP addresses. In short, I'm looking to ensure that particular
> Apache servers are being
The following new articles were published on SecurityFocus today:
1. Demonstrating ROI for Penetration Testing (Part Two)
by Marcia J. Wilson
The second article in this series will introduce Risk Management
concepts as they relate to Information Asset valuation.
http://www.securityfo
Dear List members,
>
> I like to know that in datacenter environment if Windows, Linux, Solaris
> systems are hosted, then how to keep track of vulnerability in all
machines.
> If any new vulnerability arised or disclosed then how to execute patch up
> hundreds of production system with out affect
Hi all,
My windows 98 machine still has ports 137, 138, 139 open even after i turned
"File and Printer Sharing" options off. I succesfully used this to get into
my system, so as you can imagine it's a big security risk. How do you shut
these ports down? I have read many FAQs and papers concerni
I´ve heard there are flaws in Iris and Facial recognition. Does anybody
know where i can find information about these flaws ?
Thank You,
Ulisses
At 11:53 AM 8/2/2003 -0400, [EMAIL PROTECTED] wrote:
I agree that a biometric/token solution would be best. Personally i feel
retina is the best (but
In reply to question 2.
I do not want to install a firewall locally, as all the computers are
behind a firewall. So if syslog-ng has this feature, Ill look into it.
Btw, in secure mode: is the traffic than encrypted in some sort ?
I will belive that ordernary syslogd sends
ESP is protocol 50 and AH is 51. Neither opening 52 nor
leaving 50 closed is likely to help.
David Gillett
> -Original Message-
> From: Douglas Gullett [mailto:[EMAIL PROTECTED]
> Sent: August 2, 2003 08:49
> To: Adam Overlin; [EMAIL PROTECTED]
> Subject: RE: Cisco Workaround
>
>
> A
Actually the "cheat" sheet was just instructions for installing the new IOS.
We do have an access list set up, but we didn't make any changes to it. And
after we upgraded, we checked the list and it stayed the same. But our VPN
was still knocked out.
Thanks,
Adam
-Original Message-
From
> classB. Given that:
>
> Assume the ClassB is "abc.def.X.X"
> Assume the ClassC is "123.456.789.Y",
>
> What would be the easiest way to grep out all allowed classB and classC
> addresses (from our remote sites) from the logs before parsing further?
>
> Seems this can be done on one, maybe two st
Dear All
There is contention between security and access in the
event of a fire.
i.e if there _really_ is a fire then you want all the
doors to be unlocked so that people are able to leave
the premises safely (this is easy to achieve). You
also want _all_ the rooms to be accessible from the
outsi
Your Perl script should work fine *IF* you've given both
NICs the same MAC address -- in which case, having both
interfaces up at once is a very bad idea.
(In fact, this is more or less how real fail-over
systems like HSRP work. Two gateway routers talk to each
other privately, and when one
>From what I have read about this issue so far, it could be as simple as a
fried NIC or driver - do you have another PC card or USB NIC that you could
swap in? (assuming your traffic does not look like an attack after all
- Original Message -
From: "Dave" <[EMAIL PROTECTED]>
To: <[EMAIL PR
I have found Mike Lin's "Startup Control Panel" applet to be
indispensable for controlling 95% of startup applications. It runs on
any Windows OS, showing startup folders and registry entries. It does
not show services on any NT-based system (NT, 2K, XP), but does show
services on 9x.
Get it h
Could backdoor trojan be a generic name? Symantec is known to detect trojan
appz, possibly altered or generated by another app. It is quarantined
because it is still active. Best bet is to
1. Boot into safe mode or emergency console (you have to allow group policy
to access other drives/folders ot
As it was written on Aug 1, thus Trond Kringstad spake unto security-basics...:
Trond: Date: Fri, 1 Aug 2003 11:58:46 +0200
Trond: From: Trond Kringstad <[EMAIL PROTECTED]>
Trond: To: [EMAIL PROTECTED]
Trond: Subject: Security resources
Trond:
Trond: Hi list,
Trond: this maybe a off topic, b
Hi,
Yes 10^12 packets is a bit high. In one day (quickly checking
calculator) there are only 86400 seconds. Do a quick sum and find that your
system is supposedly sending out over 11,000,000 packets a second average.
Now there is some hardware that could deal with that - but I do not think
Hamish
While I am a huge fan of the msconfig utility in windows machines, it
doesn't work in win2k. Doesn't even exist. My advice would be to go
the safe mode route, as you suggested. Another possible avenue (for
advanced users only though), would be to go to administrative tools,
computer mana
I'm looking at writing my own script for auditing a few different boxes with
a number of services. I'm having trouble with something as simple as
greping for IP addresses. In short, I'm looking to ensure that particular
Apache servers are being accessed only from inside our classB. Given that:
One way I saw mooted was the use of vein patterns on the back of the hand.
It can be read as the user enters pin etc without informing user or even
user being aware (other than removing gloves). Doesn't work on a dead hand.
The contents of this email and any attachments are sent for the persona
Actually Glenn, He might want more options.
To answer question 1.
If you want to use mysql templates and record system logs to a mysql
database or do something funky like that then you should use
syslog-ng. Syslog-ng is a very powerful replacement for syslogd, however
it has had quite a few s
Daniel,
Another thing that you could do is simply to first validate the
MD5's on the binaries that "might" be affected. If your checksums are off
them you know you've got an issue. If you do not trust your md5sum binary,
then download a new one from the web. Sure you can write your own
The following links were distributed at Defcon 11, and I'm familiar with
most of them. I think these should be included in the FAQ. The links
were distributed in association with InfoSec News of attrition.org,
which which I have no affiliation.
http://www.c4i.org/
http://www.nmrc.org/
http://www
I could be completely off the mark on this; I'm trying to recall what I
read when I skimmed an article god-knows-where a few weeks ago on EFS.
Supposedly one of the big issues with EFS in 2K was that the Default
Recovery Agent--who can recover encrypted files--was the administrator.
Well, any e
Windows 2000 has 2 Audit Policy Settings;
1 - Audit account logon events &
2 - Audit logon events
I'm not totally clear on the difference. I know the
first one is used as a central repository for auditing
logons (e.g., domain account logons to multiple
servers can get recorded to the central doma
I agree that a biometric/token solution would be best. Personally i feel
retina is the best (but who wants a laser shot in their eye). second to
that would be iris. If you used an iris scanner and then a password this
would be very hard to beat. A second emergency password could be used so
>
The thing that you are mentioning is talking about DRA (recovery agent).
Usually administrators group have that permission which allows them to do
that. While logging in as administrator (or other DRA agent) one should be
able to decipher the data. AFAICR taking over the file(s) ownership does
Adam,
If the "cheat" sheet you are referring to is the Cisco Security Alert, I am
guessing that you put in their access-list. For IPSEC you need to have
Protocol Port 51 (ESP) and Protocol Port 52 (AH) open, as well as UDP Port
500 (isakmp).
Doug
-Original Message-
From: Adam Overlin [m
Chris,
> Well, the best plan would be to wipe your hard drive and start over, but
> barring that, my next step would be to use SpybotSD, it's pretty good at
> cleaning out garbage like that. If it works you might consider sending a
> donation, the developer does all that work for free.
>
Agre
33 matches
Mail list logo