Hi Matt,
sounds like netcat, whos binary is "nc". Not sure if its too obvious?
run strings against the binary and see the output. If the output ends
with-
options:
-g gateway
-G num
-h
and so on, then its netcat.
cheers
Ivan Coric
IT Technical Security Officer
Information Technology
fault, such as lsof,
nmap, tcpdump, tcpwrappers, sudo, ssh, xinet.d etc.. all must haves for
any box.
cheers
Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> exon <[EMAIL PROTECTED]&
Hi Tim,
check out www.insecure.org/tools.html and all life's questions will
answered.
cheers
Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> "Potter, Tim" <[EMAIL P
Great idea, I do it all the time. As iptables is stateful, you can
configure the script to disallow all outgoing connections and only allow
http, https is you use it and ssh for management. Don't forget to get
the web server to remotely log its syslog, for a rock solid audit
trail.
cheers
Ivan
>>
r and yes, I use both products and yes again, both
are
good.
--
Daniel Bourque
BlackBerry
-Original Message-
From: Ivan Coric <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED]
cols detect. There is no dynamic
ACL creation possible.
The PIX is not a true application level firewall. I can send NETCAT
traffic over HTTP and the PIX will never know. Whereas the Checkpoints
and Raptors can detect anomalies in traffic, and act on them.
--Chris
-Original Message-
a packet filter, use iptables its stateful. You
really need to know what yr doing with this, its no easy task, but its
free!
If you want any further info contact me off list
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Hi Marty,
I could try to write out an explanation but I don't have the time and
will refer you on to some good web sites.
http://www.stopspam.org/email/headers/headers.html
http://www.uic.edu/depts/accc/newsletter/adn29/related.html
cheers
Ivan Coric
IT Security Officer
Inform
Hi Naman,
I'll send you a pdf off list, it has diagrams as well. If anyone else
is interested, I'd be happy to send it to them.
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>&g
'll have a great
IDS/sniffer that will teach you about your internal network, help with
troubleshooting and give you an idea of what goes on there. Can be a
very inexpensive box, P200, 128mb RAM, 20G HD would do just nicely.
cheers
Ivan Coric
IT Security Officer
Information Technology
Wor
Hi Mike,
http://www.snort.org/dl/binaries/1.9.0/Snort-1.9.0-win32.exe
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> "Mike Heitz" <[EMAIL PROTECTED]> 01/29/03 12:18a
Hi Jenn
take a look at snort, but also consider ACID
http://www.cert.org/kb/acid/
Have multiple snort sensors logging to a mysql DB and use ACID to view
it via a web browser. Its great!
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07
Hi,
It is actually "fport" by foundstone.
http://www.foundstone.com/knowledge/proddesc/fport.html
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> "Richard H. Cotterell&qu
ail scanner
>|/\
>|<-|-snort ids sensor
>V
> Core Switch (Cisco)---Frame Relay Connection
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> theog &
/messages
cheers
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> "netsec novice" <[EMAIL PROTECTED]> 12/14/02 06:34am >>>
I'm hoping I don't generate flames b
10.0.0.0 10.0.0.110.0.0.2 172.22.1.1
172.22.1.20 internal intFW
interface
NAT address of proxy
(no real address used to protect the innocent)
cheers
Ivan Coric
IT Securit
age help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path
For updates visit: www.foundstone.com
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [
Some more info on Rproxy's
http://www.ists.dartmouth.edu/IRIA/projects/jeanne.htm
http://developer.netscape.com/docs/manuals/proxy/adminux/revpxy.htm
http://home.ie.cuhk.edu.hk/~msng0/twhttpd/
http://www.monkeys.com/security/proxies/
cheers
Ivan
>>> "David Cullen" <[EMAIL PROTECTED]> 05/23/
il server |
|
|
\/
mail server
DMZ
Kind Regards
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> Imraan Kadir <[EMAIL PR
04/26/1019441306209.html
Regards
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: [EMAIL PROTECTED]
>>> "DeBerry, Casey" <[EMAIL PROTECTED]> 04/30/02 01:52am >>>
Anyone heard anything technically rel
20 matches
Mail list logo