> It would be sort of odd for someone to go in a back room and pull out a
computer, whip it up on the switch and proceed to fire up ethereal.
Actually it's much more common than you think. I have known people that
found old laptops laying on top of their switch racks that had been
dsniffing traffi
Just out of curiousity, what makes this software particularly interesting
for you?
Do you want to lock the servers with the event log or task manager showing,
and let people who are not allowed to 'touch' the servers monitor the logs
and load, or what?
badenIT GmbH
System Support
Chris Meiding
Sophos has complete remote management from an admin console. We even set up
sophos to scan logins and auto install itself on domain members.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Bin
service advertisments are normally IPX, which can be used anywhere that it
is implemented ... primarily novell
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Original Message-
From: dos cerveza [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 10:38
Hi Alastair,
there are different methodologies to do this, but the basic one would be to
concentrate all of your logs (for example on a log server with ntsyslogd)
and then configure your syslog server to alert on specific events.
At work what we did is wrote an application that dumps the event l
Hi Sayo,
if people flame you for asking newbie questions, it's usually because they
have no idea themselves what they are talking about, just ignore them.
Anyway, you can use fport from foundstone.com to see which application is
bound to which port. Then you just use google to research the applic
He means DoS in the sense that the person doesn't know their password, and
can't access the passworded resource, silly.
Thus, an allowed person is Denied the Service of a resource. Nobody (ok,
almost nobody) is actually worried about an overloaded Password Machine.
As far as standing behind people
It's a good idea to use one product on clients and another on the gateways
so that you benefit from two signature bases / two heuristic approaches from
two different companies.
just a thought, not criticism.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
If port 80 is open, but does not go over a proxy, just have your FTP Server
listen there and set it for passive mode.
If port 80 does use a proxy, check to see if you can proxy your FTP over
that too. Most organizations allow proxied FTP, just not direct.
badenIT GmbH
System Support
Chris Meidin
The vetrinarian's mouth:
cat /usr/share/nmap/nmap-services | grep
I do not mean this facetiously. Unfortunately IANA doesn't assign official
ports to backdoors.
-chris
-Ursprüngliche Nachricht-
Von: David Gillett [mailto:[EMAIL PROTECTED]
Gesendet: Thursday, July 31, 2003 6:17 PM
An:
I know you don't want to hear this, but remember that MS Windows NT or 2000
running in hybrid mode uses an NTLM hash to represent the password. This
hash represents only 7 characters, meaning that if you have a 21 character
password, it is really 3 consecutive 7 character passwords. Thus your 21
ch
I agree, authenticating on the firewall is the best way to go.
checkpoint fw-1 and rsa secureid work great together too for this.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehe
If that doesn't work, then download winlibpcap and ethereal, install, but on
hub with computer or switch span port
start ethereal
say 'start filtering' and use the filter string 'src host MY_IP or dst host
MY_IP' without apostrophe and replacing MY_IP with the IP address of the
machine
should have
I am very fond of Sophos AV from www.sophos.com.
I have had it in production with signiture replication over 6 sites with
about 3000 users and it worked like a charm.
Licensing should also be fitting, they are pretty flexible.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Fre
try the acct (sometimes called pacct) software set
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehen, und welche die es nicht tun.
-Ursprüngliche Nachricht-
Von: Shane
i am not a huge proffesional in GUI stuff, but you can have GTK 1 and GTK 2
both installed for programs that use them.
did you try looking for a binary package (RPM) of nessus? I could have sworn
they existed.
(This may be completly unwanted advice, but i recommend against starting
with redhat as
18 packets / sec when each port is being opened (meaning not in an ongoing
TCP Connection, but for example in a port scan) is a good average
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Bin
Great answer Ivan,
i was going to write the same mail but you did it for me.
One more word of advice: DON'T just run it without checking what it is. It
may well be something evil with a benign name.
Also, take a search on google for "incident handling" and look into what you
should do after gett
Hi John,
how often do these people need to learn new passwords?
Most companies that i have been involved with have one super-person (usually
something close to a board member - or in German often the Prokurist, no
idea what that title is called in English) who keeps the list and gives
passwords o
If they are internal addresses, have you:
1. checked to see if the machine is alive (ping or a 'polite' port scan) -
if it is, ask the operator if he knows anything, or ask to be allowed to
check yourself what is running on it. It's possible that it is not a spoofed
address but rather an infected
if you are in a windows environment, nbtstat -c -a NetBIOS_Name will provide
you with the remote NetBIOS table and MAC Address.
Not sure if someone mentioned this before, i was only skimming the thread. I
just ran across this doing an nbtstat and remembered that people had been
talking about mac a
Hey, even Trinity exploited SSH in The Matrix. How hard can it be?
It's like anything else: there is the occaisonal 'sploit, but
misconfiguration is the real danger.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: Chris Berry [m
Woah slow down there pardner.
If you buy any proxy server because it can do "etc." then you made a bad
decision.
Tell us more exactly what you want and we can recommend, but there are a lot
of proxy servers that support etc.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
791
I use gentoo linux from www.gentoo.org on all my boxes, both my private and
work machines.
Runs great on an IBM T23, and i've had it on T21, A31p and other Lappys.
It's worth a look for sure.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachric
se 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: Chris Alliey [mailto:[EMAIL PROTECTED]
Gesendet: Saturday, July 05, 2003 1:05 AM
An: 'Meidinger Chris'; 'Stephen Gay'
Cc: '[EMAIL PROTECTED] Com (E-Mail)'
Betreff: RE: Central Win2000 auditing logs
Are you
We did it with a .hta application and an access databank.
We have about a meg of log per server per day. That puts us between 75 and
80 megs per day.
So our database filters out the 'known uninteresting' events, and that
leaves about 1 meg per day.
We do it once daily, but if you wanted to you c
Snort is an Open Source IDS - Intrusion Detection System - that will detect
Port Scans.
I recommend reading "Network Intrusion Detection - An Analyst's Handbook" by
Stephen Northcutt and Judy Nowak from New Rider's Press to get a good start
in the topic. Then start setting up an IDS System, and j
Hello Hong,
this DOES happen on Windows NT. This is a 'feature' of NTLM Authentication.
You can, in fact, set your local administrator password to the same thing as
the domain administrator and have domain admin priveliges everywhere.
Anyway, it's not a bug, but a feature. If you move your domain
28 matches
Mail list logo
