Well first of all you need to know that tripwire, AFAIK, is only a binary
verification tool not a IDS. Some thing like snort is a Network Intrusion
Dection system... and i think that snort does have a release for NT/2k
HTH
Craig
On Mon, Feb 04, 2002 at 12:05:06PM -0500, jason wrote:
> Does anyo
he communication was rejected. Thus
> no worries. The blocking of the IP could have limited effectiveness, who
> knows if the IP was the spammer or a compromised host. Oh well, just my 2
> cents!
>
> -MG
>
> Some Security Guy
>
> -Original Message-
>
:11AM +, [EMAIL PROTECTED] wrote:
> Hi Craig
>
> It looks like some has telnet'ed to port 25 on your mail-server. what
> firewall do you use ?
>
>
> Kind regards
>
> Jude Naidoo
> Internet Analyst
> GSK Internet/Intranet Operations
> x784 6740
> +44
I was wondering if any one knows if people (spammers) watch the security focus mailing
lists to get peoples email addys? over the last couple of months i have been getting
sporaticaly spam emails..
and i also noticed some funy things from my mail logs..
Feb 3 23:16:53 postfix/smtpd[33997]: l
Well one way to find out if you computer has a torjan is to get a known good clean
copy of netstat and useit to show ALL internet connections and listening prots, one
way you can protect your self is to make sure you dont open up any attacments from any
where with out at the very least knowing
eers,
>
> Leon
>
> -Original Message-
> From: shawn merdinger [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 18, 2002 8:45 PM
> Cc: Craig Van Tassle; secuirty-basics
> Subject: Re: loopback device
>
> Also, try the following:
>
> netstat -anp
&g
+ROSE +ASH
> +SIT +FDDI +HIPPI +HDLC/LAPB
>
> Windows netstat -p is for the protocol.
>
> heh heh...I'm sure we'll get through this one way or another. :)
>
> -scm
>
>
> On Mon, 21 Jan 2002, Craig Van Tassle wrote:
>
> >
> > Scm I have looked u
Im getting some alerts from a ip that we all know and love.
Security Focus. Has any one gotten the same results or has any ides on why
this would be happening?
Thnaks
Craig
P.S. here is the output from my snort logs
[**] ATTACK RESPONSES id check returned root [**]
01/18-04:21:58.569692 66.38
't know if you can bind running
> process to the loopback addy. Even if you possibly could, an
> attacker never would because you would be unable to route traffic to
> it.
>
> HTH,
>
> Leon
>
> - -Original Message-
> From: Craig Van Tassle [mailto:[EMAI
give you some insight as to what is binding
> to that port on your system, if indeed anything is.
>
> On 15-Jan-2002 Craig Van Tassle wrote:
> > My loop back is supposed to be 127.0.0.1.. at least that is what my ifconfig
> > shows me.. and i have no idea what program is run
n't bypass the firewall using the loopback interface. Whats
> interesting though is the IP address they're using... usually loopback is
> 127.0.0.1 and the port number, 5460 isn't assigned to anyone so what program
> is running?
>
> -----Original Message-
> F
Is it possible for someone over a network to use my loopback to by pass my firewall?
If so what can i do to mitigate the problem and how damageing can it be?
The reason im asking is my Snort sytem is showing badd loopback traffic..
thanks
here is a snipit from my snort logs.
[**] [1:528:2] BA
n Mon, Jan 14, 2002 at 11:12:20AM -0500, [EMAIL PROTECTED] wrote:
> How would you go about detecting what NIC's are in promiscuous mode? Is
> there some sort of mass ping to find such a thing out?
>
> -Original Message-----
> From: Craig Van Tassle [mailto:[EMAIL PROTECTED]
My personal recomendation is doing it your self or with scripts. I have seen where a
autoupdater like up2date has introduced new secuiry holes insted of fixing them. That
was mostly from the default install was insecure but none the less you still had a sec
hole (ie a problem).
just my 0.02
Cr
If you are on the same sub-net the only way would be to find out who has there NIC in
promiscous mode. If its out on the web AFAIK its not possible.
Sniffing is a passive "attack" and is very hard to detect. If you are worred about
someone sniffing you passwords the i would recomend implementin
Ok i thought that could be a possibality. I have seen a few portscans after the snort
warning but iv verified where they were comeing from and alerted the proper isp (ps
there were a few connection attempts to ports like 31337 and 6000-60036. Ok thanks
for the info. You just confirmed what i
ries I have used
> (JSSE and RSA BSAFE SSL-C/J). As a "code guru" (well, not quite
> a guru yet), I don't think about that stuff. If I have to,
> then the API is broken from my perspective.
>
> vertigo
>
>
> On Tue, 11 Dec 2001, Craig Van Tassle wrote:
>
WS: 1 NOP NOP TS: 36535395 0
On Wed, Dec 12, 2001 at 08:38:20AM +0900, Min Lee wrote:
> I do not understand your meaing.
>
> could you show us more detailed information of security issue occur?
>
> - Original Message -----
> From: "Craig Van Tassle" <[EMA
Ok here is the basics of the OSI model for networking.
layer 1 -physical (the actual wire)
layer 2 - data link ( transmits the frames and recives the frames
and it and verifies the delivery)
layer 3 - network (communications between the machines ie the sub-net
:
> On Monday 10 December 2001 12:49 pm, Craig Van Tassle wrote:
> > Hello Everyone. I'v been noticeing in my snort logs a lot of Squid Proxy
> > attemts. My box is setup as a firewall/gateway for one of my friends but i
> > dont think that hes causing them (unless hes ca
On Wed, Nov 28, 2001 at 06:08:37PM -0800, tony toni wrote:
> Folks,
>
> I recently was assigned the project of developing security standards for our
> Unix environment. We have about 400 unix box's (HP-UX, Sun Solaris, AIX,
> etc)and the admins do their *own thing* with these boxes.
Well that i
On Tue, Nov 27, 2001 at 06:16:39PM -0500, Eugene Chai wrote:
>
>
>
>
> > Hello.
> >
> > Here's my deal.
> >
> > I got about thirty employees outside the office that access our
> > exchange server through IMAP to get their email. Relaying was left
> > open so that it is possible for them to
I think you can set up efs to use the certificate that you want it to use.. (i only
used one on my old win2k box) If you are looking to encrypt just a couple of files i
recomend gpg or pgp.
Hope this helps
On Tue, Nov 27, 2001 at 03:26:48PM -0500, Randall Laura wrote:
>
> Does anyone have
Well i know what a port scan is and how it works.. i was asking about the Xmas and
NULL type scans. What flags do they set?
I was just asking bout these specific types of scans not port scanning in general.
Ill look up the Phrak mag artical to see if it has the info i'm looking for
thanks
Cra
Hello everyone.
I'm running FreeBSD 4.4 and i was doing a port scan of my self (from a remote
box that i have legal access to) and i was getting a log of open ports from
nmap -sN and nmap -sX. I was wondering why i was getting all of these "open
ports"
and does any one know how to stop these s
IMHO if your firewall is set up properly you will be able to block all the scanning
packets. I know for a fact that freebsd's IPF is cabable of blocking the packets.
and how to do it...well RTFMP. look under decoy
Hope this helps
On Tue, Nov 20, 2001 at 02:35:08PM +0800, [EMAIL PROTECTED] w
26 matches
Mail list logo