Have them reset your modem hardware. We experience this problem and I had
the tech support team tell Comcast to hard reset the modem through the
central office or neighborhood concentrator.
In the past, PPOE also interfered with IPsec.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
Former B
We are using IPsec over Comcast. If you are having a recent problem, you
may need to have them reset your modem from the Central Office or through
the Neighborhood concentrator.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
415-551-5462
415-317-2119
-
Sometimes 57 but most cases UDP 500 and IP (protocol) 50/51.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: Scott Davis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 10:34 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Nortel Contivit
Ernie is correct
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: Nelson, Ernie [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 12:51 PM
To: [EMAIL PROTECTED]
Subject: RE: Distinctions in Certification
It is my understanding that the main differen
It looks like part of the boot sequence.
However, have you done pen-testing on your PC to see if your firewall is
working and do you have any inspiring cracker kiddies at home?
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: Chance Orr [mailto:[EMAIL PROTECT
Yes, OpenBSD can do bridging because that is what I am doing now at home.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: David Gillett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 8:55 AM
To: 'Gregg'; [EMAIL PROTECTED]
Subject: RE: Security/Firewa
I second this. However if your users are not use to this restriction, you
need to get both upper management backing for the policy and you need to
ease your users into this new comfort zone to prevent a reduction in human
production and to make sure you will not break anything that is being used
f
Jane,
You have to see what your corporate or department policy is on
inbound/outbound traffic. Some companies are extremely strict and others
are very free.
If this is a problem, you may want to develop a policy and ease your users
into it.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
Your rxload is still high, did you apply ip route-cache to serial 0/0?
The sniffer will be spanned off your switch.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: Jane Han [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 7:08 AM
To: Ben Hicks; [EMAI
DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: DeGennaro, Gregory
Sent: Thursday, July 24, 2003 8:30 AM
To: 'Jane Han'; Ben Hicks; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: where should I start? help!
Your rxload is still high, did you apply ip rout
Matt,
Like everyone stated, the cracker used netcat unless it is some other
program renamed. However, I am very confident that nc is netcat. Netcat
has binaries for both UNIX and NT. Netcat is very flexible and very easy to
use. Most of the time is used to gain initial access to the machine un
Good distro since it uses a BSD-like package manager. However, you need to
be quite the expert to use this since it does not come with a pretty GUI.
Installation documentation is available on the website.
--Greg
-Original Message-
From: Meidinger Chris [mailto:[EMAIL PROTECTED]
Sent: T
Yes, this is good too.
I do not believe it is the PIX, however still worth an investigation. I
would start with the 2600 first. I am basing this off the information you
gave us from the router.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: Paul Benedek [
Yes, Mitchell is correct.
Also, look into what your CPU load is.
Sh proc cpu
Sh proc cpu hist
Your RXload is definitely high.
Like Mitchell stated, the PIX does not seem to be a problem.
30 second input rate 151 bits/sec, 235
> packets/sec << this is an issue, especially on a T-1.
Is fas
Here is the another command to look at on the config-if
Ip route-cache
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: DeGennaro, Gregory
Sent: Tuesday, July 08, 2003 2:37 PM
To: 'Mitchell Rowton'; Jane Han; [EMAIL PROTECTED]
Subject: RE: wher
I have not used this erasing program but it looks to be good. Most of the
code that comes from Source Forge is good and usually at a good price.
Here is the FAQ on the reason why it takes a while;
Q: "Why does it take so long to erase a file? I know products that are much
faster!"
A: Overwriting
My top three dedicated firewall devices;
1) Sidewinder - not officially or publicly cracked.
2) Nokia Checkpoint FW-1 Firewall - Rock on active/active (ip clustering)
state and fail over.
3) Cisco PIX - cost of ownership and they make a PIX blade for the 6500.
Not too bad of a firewall as well.
This can not tell you because this tells you what ports are open. Are these
supposed to be open for the services you are running? The cracker will have
to go through these ports or modem (if you have one?) to get to you.
--Greg
-Original Message-
From: Rod Green [mailto:[EMAIL PROTECTE
Check out SNORT which runs on UNIX.
And reviewing firewall or router syslogs can help too.
--Greg
-Original Message-
From: Thom Larner [mailto:[EMAIL PROTECTED]
Sent: Monday, June 30, 2003 4:38 PM
To: '[EMAIL PROTECTED]'
Subject: Port scanning question
Hi all,
As a relative newcomer
Anish,
Securing servers, workstations, and network devices should be done on a
diversity of products to slow or stop "day 0" cracks and/or challenge the
experience level of the cracker. The cracker may know UNIX cracking really
well but not know Cisco PIX, Sidewinder, Nokia Check point, or Netscr
Ports and protocols as well.
Filtering specifics instead of broad filtering.
-Original Message-
From: David Gillett [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2003 11:40 AM
To: 'SB CH'; [EMAIL PROTECTED]
Subject: RE: about access-list location?
> I have a question about the "acce
about interpretation or what a proxy was
originally designed to do.
-Original Message-
From: Jason Dixon [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2003 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: URL and Content Filtering Proxy
On Mon, 2003-06-23 at 12:06, DeGennaro, Gregory wrote
Anyone have a great suggestion for a free URL Content Filtering Proxy port
or proxy for FreeBSD or OpenBSD?
I am trying to use Privoxy from Sourceforge but it was not really design to
be a port or package for OpenBSD or FreeBSD. Until I find a better
substitution or solution, I am going to try to
rom: "DeGennaro, Gregory" <[EMAIL PROTECTED]>
>(or both if you're really paranoid.) << Talking about slow?! ... LOL ...
>
>Double 3DES Tunnels (SSH and VPN) ... Let's see, that is up to 68%
>reduction
>in bandwidth, plus the overhead that VNC has. Th
LOL ... look at sshd for windows ...
40 bit is crackable and 128 will be difficult. What is the information that
this server will be guarding. The more sensitive, the better the encryption
should be. If the information has a real short ttl, then 40 bits should
suffice.
Usually crackers get ar
Now, that I can accept.
One of the many things I have learn in infosec, never and always is not in
the infosec dictionary. However, "when" is in that same dictionary!
The Titanic was unsinkable and the Bismark was indestructable. Where are
they now and how long did they last?! Ok something mor
(or both if you're really paranoid.) << Talking about slow?! ... LOL ...
Double 3DES Tunnels (SSH and VPN) ... Let's see, that is up to 68% reduction
in bandwidth, plus the overhead that VNC has. That would be quite
interesting?
Definitely more secure than usual!
Maybe all SMP machines and an
I do not know why you want to do this?
A) 86%+ of malicious activity comes from internally.
B) Dedicated machines for single processes is recommended unless you have a
4th generation SUN computer in which you have hardware domains.
Have you tried configuring the IIS server for (2) OWA processes
Agreed, the passwords in NTLMv2 are encrypted but not the telnet session.
-Original Message-
From: Bryan S. Sampsel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 2:33 PM
To: [EMAIL PROTECTED]
Subject: Re: sshd for windows
Telnet is telnet. The protocol itself is unencrypted
A) Establish policy and standards.
1) Implement WEP, which is broken but better than nothing.
2) Do not broadcast the SSID.
3) Do MAC or layer 2 filtering.
4) Enforce authentication
5) And if you are really paranoid, use a VPN.
And oh yes, monitor your network!
Greg
-Original Message
To: DeGennaro, Gregory
Cc: Depp, Dennis M.; Derek Perry; [EMAIL PROTECTED]
Subject: Re: sshd for windows
On Tue, Jun 17, 2003 at 01:36:09PM -0700, DeGennaro, Gregory wrote:
> BTW - 3DES is 168 bit
3DES is only 112 bit.
ENC(DEC(ENC(data, key1), key2), key3) gives you no more security than a
PM
To: DeGennaro, Gregory; Derek Perry; [EMAIL PROTECTED]
Subject: RE: sshd for windows
As is Windows Terminal Services and Remote Desktop. I would expect
there are more installations of Window Terminal Services on Windows 2000
servers that there are installations of OpenSSH or WinSSH on Windows
2000.
BTW - 3DES is 168 bit
-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 1:19 PM
To: DeGennaro, Gregory; Derek Perry; [EMAIL PROTECTED]
Subject: RE: sshd for windows
Greg,
But the traffic is encrypted using a 128-bit encryption key, the
OpenSSH provides stronger encryption.
Of course, it all depends on what you are encrypting and if you need
stronger encryption?
-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 1:19 PM
To: DeGennaro, Gregory; Derek Perry; [EMAIL PROTECTED
Traffic is not encrypted in 3DES or AES.
OpenSSH and Winssh are proven products.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
415-551-5462
415-317-2119
-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 9:16 AM
To: Derek Perry; [EMAIL
Derek,
Here you go. This is free.
http://lexa.mckenna.edu/sshwindows/
If you want a license version, I believe www.ssh.com offers a server version
for NT-base machines for 500+?
Greg
-Original Message-
From: Derek Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 6:30 PM
Areas with a high concentration of technology usually have great Information
Technology Detectives.
-Original Message-
From: David M. Fetter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 5:24 PM
To: [EMAIL PROTECTED]
Subject: Re: Public IP information
dave wrote:
> Brian,
>
I agree, a single tri-homed firewall sounds too risky by itself.
I like this config
[router]---[Outer firewall/IDS]---[DMZ]---[Inner firewall/IDS(optional but
recommended or HIDS on the LAN)]---[LAN]
-Original Message-
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, Ju
Craig,
It all starts with training the users and writing policies and standards for
your users and for the network.
Also, look into Fiberlink.
Fiberlink is a custom client software and aggregating service that can be
used for dial-up and broad band. The plus is that you can use the client to
e
I agree that the security of the network mostly depends on the firewall
operator/administrator but the crate (quality of the device) helps.
Checkpoint NG is a good product but there are others to consider that may be
better. Other suggestions include Cyberguard
(http://www.cyberguard.com/home/inde
SANS also has incident response training ... track 4 is an outstanding
class!
I took the class (track) and it was awesome!
www.sans.org for an area near you or for more information.
Greg
-Original Message-
From: Ayers, Diane [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 28, 2002
Dave,
I may be wrong on this because I have not heard nor research it at Cisco.
>From what I know, it is not possible to totally lock a router down without
password recovery (ctrl-break)unless you implement physical security.
However, remember that no can password recover over the Internet but nee
Bad idea ... if you do ... make sure to monitor your egress traffic.
Regards,
Greg DeGennaro Jr., CCNP
Network/Security Analyst, IT Operations
-Original Message-
From: Naveed Ahmed [mailto:naveed.ahmed@;vinciti.com]
Sent: Monday, November 11, 2002 1:41 PM
To: Garbrecht, Frederick; 'ton
Yep ... HIPPA ...
However, if you sign a waiver ... sorry ...
Greg
-Original Message-
From: Konrad Rzeszutek [mailto:darnok@;68k.org]
Sent: Thursday, November 07, 2002 1:25 PM
To: [EMAIL PROTECTED]
Cc: Felix Cuello; [EMAIL PROTECTED]
Subject: Re: Biometric question
And less invasive.
The most secure are eye and palm scan and also the most expensive. Finger
print and voice pattern are the least.
However you usually do not rely on one particular security method, you
combine them with other security methods.
Greg
-Original Message-
From: Richard Caley [mailto:rjc@;inter
Al,
I would go with VPN single tunnel, no split tunneling, because it is harder
to break in than any kind of web solution.
Plus, you have HIPPA to worry about so you do not want to do anything
negligent.
Greg
-Original Message-
From: Alan Cooper [mailto:imalcooper@;yahoo.com]
Sent: Thur
46 matches
Mail list logo