Dear List members,
I like to know that in datacenter environment if Windows, Linux, Solaris
systems are hosted, then how to keep track of vulnerability in all
machines.
If any new vulnerability arised or disclosed then how to execute patch up
hundreds of production system with out affecting
A friend of mine recently went from Windows ME to Win2K, but now he has a
trojan on his computer. He is running Norton Anti-virus, and it will not
clean it off, it will only quarentine it. The affliction is:
Backdoor.Trojan, and it has placed a hidden folder on his hard drive called:
Hi Friends,
As we are also using thousands of servers, we are using one methode to
genrate password of the server. That methode is given to all authorised
persons. Methode is based on IP address of that server. But drawback of this
system is every-body in that group who know the methode to genrate
I think after studing how this system works now we need to concentrate on
how to protect inocent users from this. According to me everybody who is
using this type of Internet connections should use personal firewall
freeware applications to protect themselves. Either user should upgrade
themself
Dear friends,
I am working with ISP for our own group of companies with fullfledge ISP
setup of thousands of Cisco devices. We were using MRTG but later on we
found that MRTG has some limitations and somtimes it shows falls traffic.
We started using Solarwinds evaluation version and now
J. Bilder wrote:
What if you're running 128 Bit WEP and filter on MAC address? You can't
even get a signal unless you're MAC address is allowed..
Thanks!
- Jeff
IIRC, you can still intercept the transmissions but not be able to join
the network..
JeffD
boxes and killing a case of beer
while enumerating my mom's PC 6000 miles away (Only as practical examples
mom, never in malice)
D. Weiss
CCNA/MCSE
Original Message-
From: Jim [mailto:[EMAIL PROTECTED]
Sent: Monday, July 07, 2003 5:27 PM
To: [EMAIL PROTECTED]
Subject: Questions about 192.168
some
published list of ports. Its whatever port(s) the author wanted them to be.
D. Weiss
*** REPLY SEPARATOR ***
On 7/7/2003 at 5:07 PM Salvatore Poliandro wrote:
Hi All.
Does anyone know what port 1 is used for. All my research says
VPN
type
applications. We are running 10
the email header has the IP address of the machine that sent the message. you would
still need a court order to get the contact info from the ISP though
Received: from [x.x.x.x] by web41205.mail.yahoo.com via HTTP; Fri, 30 May 2003
09:49:19 PDT
-Original Message-
From: [EMAIL
1)Neither telnet nor PC Anywhere fall under the definition of a VPN ---
virtual private network
2)Telnet should not be used to grant access from the UNTRUSTED to the
TRUSTED network (internet to lan for example). Telnet sends all information
in clear text. PC Anywhere is more secure, as it allows
I was wondering if the Sendmail vulnerability also affects QMail.
Thanks
Andrew
Security Advisory - RHSA-2003:073-06
--
Summary:
Updated sendmail packages fix critical security issues
Updated Sendmail packages
my users?
--
Roger D. Vargas
ICQ: 117641572
Linux user: 180787
* Tanto si piensas que puedes, como si piensas que no puedes, tienes razón *
Henry Ford
Has anyone successfully installed and configured the IAS RADIUS service
that comes with the NT 4 Option pack. Is there a newer version that still
works well on NT 4? The company has never committed to a complete 2K
update so I have to work within those parameters.
Thanks in advance
http://www.heidi.ie/eraser/faq.asp
-Original Message-
From: Champion, Steve [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 10, 2003 2:34 PM
To: '[EMAIL PROTECTED]'
Subject: Suggestions on free XP hard drive wiping utilities?
Would someone please throw out a URL and suggestions for
this is a fairly strange question,
telnet shouldn't be used, its insecure in principle,
shh is a better alternative.
telnet over vpn is generally secure,
the type of vpn would depend on your environment - Win32, GNU/Linux/Unix,
IOS, Netscreen -- this list is endless. You probably need to learn a
These sites contain a lot of tools that can help you out. Good luck.
http://www.atstake.com/research/redirect.html?research/lc3/download.html
http://arbon.elxsi.de/download.html
http://members.home.net/jefftranter/audit.html
http://opop.nols.com/proggie.html
ftp://ftp.pangeia.com.br/pub/seg/pac/
any good router/swich can shape bandwidth per ip/mac adress. for a small to
medium size operation you can either make your own, or use a netscreen 5
series.
ids
- Original Message -
From: Terry Peterson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 12:31 PM
Simon,
I haven't had any problems with my laptop with the Win2KproGold security
template installed. Most of the security settings in the template won't
affect the operation of software that is built for Win2K.
My advice is to install the template on a test machine and then test any
suspect
5xp also supports vpn --- only 10 users by default, but that is the easiest
and the most secure way to have netmeeting with out a server.
cheers,
igor'
- Original Message -
From: Sarbjit Singh Gill [EMAIL PROTECTED]
To: Rick Darsey [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Thursday,
Leon,
Standard Disclaimer about doing anything with the Registry:
Modifying the registry can cause serious problems that may require you to
reinstall
your operating system. We cannot guarantee that problems resulting from
modifications
to the registry can be solved. Use the information
Foundstone tool called SuperScan works quite well.
-Original Message-
From: YashPal Singh [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 4:23 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: how to search all machines on a network.
Hi All,
How we can search all
address(es)
are divulged is entierly a question of network design.
-
If I were to walk on water, the press would say I'm only doing it
because I can't swim.
-- Bob Stanfield
-
Bradley D. Moore, CNE, CCNE, CCNA
Hello All --
I have been researching the PATRIOT Act as it relates to data protection.
Essentially, the Act requires financial institutions to gather information
regarding terrorists and suspected terrorists, and monitor accounts which
they maintain for any links to the suspects.
I am
Sounds like it may be a sid and/or a caching problem. I'd be interested in
comparing the sids. Also, you might try logging in using the user1
password 10+ times (I believe that is the default for passwd cache).
- Brian
-Original Message-
From: Jones, Bob [mailto:JonesB;students.svcc.edu]
behind
NAT'd firewalls. I have found instructions that suggest using an ftp server
that allows the passive port configured to 2121, which of course you cannot
do with Win2K ftp. Any suggestions would be appreciated.
Thank you in advance.
D. Farris
Think instructions at following URL might be what you are looking for?
http://www.ntbugtraq.com/redisWU.asp
Paul
**
*Paul Jordan, IT Security Operations (ROI/UK)
*E-mail: [EMAIL PROTECTED]
*Post: Block A1, AIB, Bankcentre,
XP/2000
I see the problem now - sorry Chris didn't realise you were on 98 -
instructions I had pointed to relate to W2K and XP only :-(
The helpful message Chris got is at
http://v4.windowsupdate.microsoft.com/en/thanks.asp
http://v4.windowsupdate.microsoft.com will work only if you are on
Amit,
The best place I found when I started looking up common attacks was the
Hacking Exposed series. This gave me a great insight into not just the
attacks themselves, but the methods that people use. These series of books
come highly recommended by myself and my collegues, and should be
snort) after upgrading the firmware.
Thanks in advance for the help guys,
John D
Best Price Cruises
This would tell you what hardware and software is installed on a computer,
but you would not know if it has an active telephone line attached to the
modem. telecommunications scan on your network to find out if you have any
telephone lines, along with a modem that will answer.
-Original
I use to utilize SurfControl at a different job, and it is quite the useful
tool, but like Matthew stated it is expensive. Another pricing tool to
utilize is cacheflow. This will monitor your whole network and create a
text file concerning all areas that were visited by your companies
PersonalTelcos Wireless Sniffer Page
http://www.personaltelco.net/index.cgi/WirelessSniffers
AntiSniff technical information
http://www.securitysoftwaretech.com/antisniff/
Saludos,
Jose D. Crespo de Leon
MCSE, MCSA, CISSP
E-mail: [EMAIL PROTECTED]
-Original Message-
From: David Laganière [mailto
I've the PDF version and works fine, I haven't used the Word version.
www.elcomsoft.com
Saludos,
Jose D. Crespo de Leon
MCSE, MCSA, CISSP
E-mail: [EMAIL PROTECTED]
Mobile: 787-607-8574
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25
My bosses have decided that they want to audit email use by the employees
with out using any software on the users computer. I found MailCensor 3
which lets me capture emails being sent across the lan, but because we
upgraded our old collection of hubs to a couple of HP Procurve 2524
switches, I
and me, if a simple 5 minutes of extra effort along with all
the usual measures like patching, checking logs and a firewall, helps to
convince half of those scriptkiddy crackers to go and play elsewhere... Why,
I am happy to make the extra effort.
Regards,
D
for trouble.
And if Jay and you disagree on that, why not mail the addresses of your
hosts and their root passwords on this list ?
Btw, BIG question. What are you running if not ssh ?
Not telnet I hope ?
Regards,
D
On its own, yes it is. Coupled up with regular patching of security
holes,
monitoring of logs, a good IDS that is setup to mail/page you, correct
configurations, and a good background on security, it is actually
useful.
You are right. It would seem that we are arguing about different
Just a thought. Automatic respones do have a DoS ring to them. IP Spoofing
could make you an unwitting attacker. There are many dangers to automated
respones such as the one you are thinking of. What safegaurds are you
considering?
From: JM [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Does anyone have an idea as to how to do the following in a resonably secure
automated manner?
The problem is that we have a large group of unix machines 100+ (various
OS's, Tru64, Solaris, Aix) I would like to grab a bunch of files of each
machines for security analysis ie password and shadow
or have a Exchange server? (does the best answer get a
free cruise? :-) )
-Sanjay
-Original Message-
From: John D from Best Price Cruises [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 15, 2002 3:03 PM
To: Security-Basics Mailing List
Subject: Strange situation with outlook
I have
I have a unique situation (or at least I think it is) with one of my users.
He gets alot of email, and it comes in constantly. To prevent tieing up his
machine in the morning, he leaves it logged in all the time so outlook can
be constantly getting his mail. I really would like to be able
It is my understanding that Sendmail under OpenBSD is configured
to only listen on the loopback interface... Hence, it cannot be
attacked over the network.
Sincerely,
Daniel D. Melameth, MCSE
Systems Engineer
Morrison, Brown, Argiz and Company
Office: [EMAIL PROTECTED]
Home: [EMAIL
I run WEP 128 bit for starters on all wireless devices. I then have a
Netscreen 5XP firewall running the latest 3.1 release software which has the
ability to terminate VPN tunnels on all interfaces including the Trusted
side interface. I then run an AES128 bit encrypted IPSEC tunnel from my
Windows 2000 Terminal Server supports 128-bit encrypted sessions
out-of-the-box...
Sincerely,
Daniel D. Melameth, MCSE
Systems Engineer
Morrison, Brown, Argiz and Company
Office: [EMAIL PROTECTED]
Home: [EMAIL PROTECTED]
-Original Message-
From: Joe McCray [mailto:[EMAIL
After extensive testing of such products I was most impressed by IPSentry.
It is fully configurable and allows you to monitor services as well.
www.ipsentry.com
Dave Stout
#**
This message is intended solely for the use of
Another program is Radmin. This program can be configured to use either the
Windows user accounts to login or just a password to login. Various access
rights are available, since you don't want the student to have complete
control you can assign the account or login view only. The default port
hmm,
http://www.google.com/search?hl=enq=chkrootkitspell=1 =
http://www.chkrootkit.org/
hope this helps
igor'
- Original Message -
From: Thiago Mello [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 19, 2002 9:52 AM
Subject: Anti-rootkit / Check rootkit
Hi,
I wonder
hosts.allow for more info about the syntax :)
.. If the server is from SSH Communications, this is configured in the sshd_config
file. (Last time I used that implementation).
- G.
--
===
| Guðmundur D. Haraldsson
I'm not really sure what you want from them. I don't believe that a person
has to have a certain OS back to be considered the better of a hacker, nor
use the Key words to sell you that they are the shit hot person you are
looking for. Find out what there skill sets are, what experience they
, and kill this thread ASAP.]
Bill D Wills
BOFH MIB TSE
Starving Students LLC
My Frame Pointer...I...I can't feel my frame pointer...
_
Join the worlds largest e-mail service with MSN Hotmail.
http://www.hotmail.com
A good way of restricting access to cmd.exe can be your access control
lists.In other way you can move your system critical apps to a new dir and
restrict the access of this dir to only specific users.And also this new
directory should'nt be in your PATH variable.
Bye
DRajesh
A best solution will be to avail of the monitoring ports in the switches
and go ahead with snort.I've had no problems with it.
Regards
DRajesh
Be very careful of running any type of security scan without permission from
those who manage the systems you are scanning. There have been highly
publicized cases where this, as well intentioned as it may have been, has
led to loss of employment and legal action against someone who has done
well, can't SNORT be configured to run an external program depending on the
rulesets? You are free to write a script that sends notice to the offender,
but most everyone seems to think that will only make the attacker more
persistent,
igor'
- Original Message -
From: Michael Lindsay
Try AMaViS (www.amavis.org) with McAfee Viruscan for Unix/Linux (free trial
here: http://www.nai.com/naicommon/buy-try/try/products-evals.asp). There
are other AV products that AMaViS will work with, but I've no experience
with them. I have used AMaViS and Postfix with the McAfee product and
i have been using samspade for over a year, and it seems that it works
great, no problems. btw, geektools has a link to samspade as one for its
antispam tools ; -)
ids
- Original Message -
From: Andrew Blevins [EMAIL PROTECTED]
To: 'Jason Dixon' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc:
I recently moved from sendmail to qmail, and so far I'm amazed at A The
ease of use of qmail the easy way 1.51 B The annoyance of Maildir. My
travels across the internet and to various qmails sites tell of vast
security promises and the like, and the changelogs for qmail show there
isn't
Best thing is say bye to outlook express..Better use Netscape or Eudora.
Microsoft its products are patchy
On Tue, 22 Jan 2002, Daniel Pope wrote:
Dear All,
An e-mail virus hurt my computer (don't be scared I'm
using yahoo.com for this message).
Some of my friends compainted to me
directly from the page, fire up google to get to the
tools in question. They all exist still. ;) This is where I began, d/ling
everything in sight. Just thought I would throw that out.
Bill D Wills
BOFH MIB TSE
Starving Students LLC
My Frame Pointer...I...I can't feel my frame pointer
For hardware VPN solutions, and price-performance I highly recommend the Netscreen
line of appliances. For lower end use, the NS5XP is excellent. I use this box
personally to connect all my VPN tunnels and remote offices.
For higher end, the NS50, 200 series, 100, 500, and 1000 are ideal!
I recently upgraded SSH on a server from sshd 1.2.7 to OpenSSH 3.0.2p1. I
have a RedHat box running OpenSSH 2.9p2. When I connect to the 3.0.2
machine, if I look at the SSH version string, it's:
Server version: SSH-1.99-OpenSSH_3.0.2p1
On the 2.9 box it's:
Server version:
I find that I can hardly call a single point of failure an advantage.
-Original Message-
From: Devdas Bhagat [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 4:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Hardening VS firewalling ?
Another advantage of a firewall is that is
On most firewalls, you can block particular icmp types to specific
addresses. So, you could allow your email server to be pinged, but not
the outside interface on the firewall. Or you could allow ping and
traceroute out of your network, but not in.
-Original Message-
From: Mark L.
Welp, there was a discussion bordering on a religious war here not too
long ago about this very subject. I will, again, state my views.
Hopefully this time, without arousing the ire of the other list
participants :)
I would say that hardening the OS/Apps (including logins, protocols,
etc.) is by
What ever you do, DO NOT HACK your own system, without
proper authorization. You can be and will be legally
responsible for this action. It's just like any other
HACKER attacking your network. You can be fired, fined and
sent to jail. Bad move.
I would suggest that you talk to your CEO
no log unless auditing on,
error log on evntvwr.exe
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 13, 2001 8:41 AM
Subject: Telnet
On my W2000 Prof workstattion, I found that
someone had tried to use telnet ( i found it listed
I was recently pointed to the app ettercap
(http://ettercap.sourceforge.net/), which claims (among other things):
HTTPS support : you can sniff http SSL secured data... and even if the
connection is made through a PROXY
Google yielded this info:
Go to view, then options.
-Original Message-
From: lauraisko [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 04, 2001 8:45 PM
To: Security-Basics List
Subject: Outlook2000 headers
hey,
can anyone tell me how to view all the information in an Outlook 2000
header. I right click on
yes, it can be loaded as a service, but you need to wrap it
wth SRVANY, part of nt resource kit,
or
Service Agent
http://playstation2.idv.tw/serviceagent/
this will do it, but also can do by hand, which i am not quite clear on how,
but does require recomplining of application to allow for
that depends how sensitive is the envirenoment your are working in, the
person who compromised a host (has root) can of course look at the outgoing
mail spool and intercept mail, it will take someone some time to break into
yahoo, and you can encrypt it, if you feel like it - that depends on the
I don't really have anything to add to the discussion, but I thought I
should point out that TCP/IP is not based on the OSI 7-layer model. There
was a good diagram of the correspondence between the layers of TCP/IP and
the layers of OSI in my college Networking textbook, but this is the best I
Do you need a web-based proxy filter, or can you use a piece of software.
I've found Stealther to be especially useful.
http://www.photono-software.de/Stealther/main.php3
-Original Message-
From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 1:51 PM
To:
Recently there has been mention in the news about Google et al indexing
sensitive data. I was wondering what everyone thinks is the best way of
protecting such information. Currently I administer a site that uses the
Apache .htaccess file for authentication. All of the tools are HTTP based.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Correction: GRE is protocol 47, not port 47. GRE does not run over any
particular port.
- -Original Message-
From: Brad Bemis [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 2:09 PM
To: Meritt James; Johnson David
Cc: 'Jason
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok I'm going to have to put on my enterprise management
specialist hat here for a minute and make some comments. Most of the
bad rap SNMP has comes from engineers that don't understand it, what
is, how to configure it, what network and systems
/9qw6t1ancGV5NeVe88/QAn0EH
B2uZ6WEyBdUcSQ8LVpjPWC5Z
=D+sp
-END PGP SIGNATURE-
PGPexch.htm.asc
Description: PGPexch.htm.asc
Many thanks to all who gave me some good information on where to start.
I have now accomplished my main aim ,which was to save myself time,
without having to just rip-off someone else' policy.
I should now have this finished and authorized within the week.
Cheers...
David Stout
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://csrc.nist.gov/isptg/html/ISPTG-1.html
Pretty good link and includes some sample policies you may be able to
use.
Rob
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 4:17 AM
hope more vendors start supporting
SNMP V3 soon, and that they actually implement it in a way that works
and is at least fairly uniform.
Rob
- -Original Message-
From: Christopher Vittek [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 1:09 PM
To: Robert D. Hughes; JC; [EMAIL
Miles,
I have had the pleasure / misfortune to have used the Pix 515 Firewalls
and there are several pro's and con's. There was some discussion on the
Security Focus mailing lists a few months ago about Cisco Pix firewalls
which I followed with a keen eye. After much debaiting the general
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This was just posted to the list Monday, but I'll go ahead and repeat it
and see if the moderator passes it.
As far as SNMP, use a long string of mixed alpha-numeric characters for
your community string and set explicit rules to only allow it to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think I can sum up PPtP's biggest weakness by telling you that the
control connection, including the key exchange, is done in the clear.
Only the data channel is encrypted. Therefore, anyone who can sniff the
connection can grab the keys and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Make sure you look at Cyberguard. They support GigE adapters, as well as
the RedCreek VPN card. www.cyberguard.com
Rob
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 12, 2001 3:42 PM
To:
was able to
traverse your local folders, they WOULD NOT be able to hop across partitions
to get to your critical operating system files. In other words, if the above
mentioned exploit depends on cmd.exe being in ../../winnt/system32 ,
obviously having webroot on d or e, protects you from
12:33 PM
To: '[EMAIL PROTECTED]'
Subject: Packet Sniffing in a Switched LAN
Hi folks,
I have a Lan with 200 desktops and I´d like to sniff it. What tool can I
use
to see all the packets ( going and coming ) ?
Any suggestions ?
Regards,
Jacques
-BEGIN PGP SIGNATURE-
Version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
I would suggest that you start at www.microsoft.com/security and
http://nsa1.www.conxion.com/win2k/index.html.
Rob
- -Original Message-
From: Michael Bartosh [mailto:[EMAIL PROTECTED]]
Sent: Sunday, October 21, 2001 2:37 AM
To:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you want to change 00200 allow tcp from any to any 20 to allow
tcp from any 20 to any 1024-65535. The control connect comes from port
20, not to.
Rob
- -Original Message-
From: sysadmin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday,
You don't say what NOS you're running, but you can remove administrative
access to the files using file system permissions. I would recommend
that you allow whatever user the backups are run as to continue to have
access. To do this, on UNIX you would run either chown -R user:nogroup
homedir or,
88 matches
Mail list logo
