RE: irc port open on 6668/tcp and 6667/tcp

APC PowerChute uses these ports. It is an UPS-monitoring program that is typically installed on servers. On a similar note, TrendMicro's Office scan listens on port 12345. So does the NetBus trojan. Hope this helps, Glenn -Original Message- From: Nelson, Ernie [mailto:[EMAIL PROTECTED

RE: Inputs appreciated

I have heard from more than a couple sources that there are some burglars that use out-of-office replies to target homes, by matching email addresses to street addresses in online directories. Glenn -Original Message- From: Rodel Calvario [mailto:[EMAIL PROTECTED]] Sent: Thursday, Janua

RE: IP to MAC mapping

Try Getmac.exe from Microsoft for your Windows-based computers. http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/getmac-o .asp For non-Windows devices, the somewhat shady Cain and Abel will work. http://www.oxid.it/ Glenn -Original Message- From: Johan Denoyer [mai

RE: TCP DNS requests

Note that you can sometimes have tcp/53 connections for queries. For instance, on Windows nslookup, if you do "ls domain.name" you can see the tcp/53 connection in netstat. Glenn >From the comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ): --

Nth disk rewrite

Good point. This leads me to a thought... A better scheme than rewriting N times with equally-dispersed random data (1010, then 0101, then 0110, etc.) would be to overwrite with "junk" but pattern-filled data (i.e., data representative of a text file, mp3 file, etc.). Otherwise what you get is "

RE: Slow scan on high-ports?

Yum! PCAnywhere65301/tcp Glenn -Original Message- From: Rolf Jürrens [mailto:security@;rolf-juerrens.de] Sent: Tuesday, October 29, 2002 12:39 AM To: [EMAIL PROTECTED] Subject: Slow scan on high-ports? Hi everyone, in our firewall-logs I see a slow scan over our whole netwo

RE: Email harvesters increase virus spread?

I've gotten two (blocked) viruses this morning already: One from Singapore: type "application/x-msdownload", filename "89012 Amex CQ DL360 117934-N 310702.xls.pif") One from New Zealand: type "audio/x-midi", filename "index.html.exe" Also, another weird spam email with some javascript(?) in it

RE: Network Address Translation insecurities

Check out the articles on SANS regarding egress filtering. Basically, you want to make sure you are one step ahead of attackers using spoofed IP addresses. Google search for: site:sans.org "egress filtering" This one has a couple walkthrough scenarios for ipchains, Firewall-1, and Cisco r

RE: how to tell when a file was last read

,234,567,890 bytes free c:\> -Original Message- From: Mario Camara [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 10:35 AM To: 'Wolf, Glenn'; [EMAIL PROTECTED] Subject: RE: how to tell when a file was last read Importance: High Under Windows 98 you should use:

RE: email foRwarding

Sounds like a policy issue. If users are doing this so they can get their email "on the road" or from home, it would probably be worthwhile to set up a web-mail interface instead. Email IS inherently unsecure (think post-office personnel reading your postcards). What needs to be weighed is whet

RE: How to find open shares on the n/w

Legion 2.1 will do #1 for you: http://www.nmrc.org/files/snt/legion.zip Glenn -Original Message- From: Harish Gondavale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 6:39 PM To: [EMAIL PROTECTED] Subject: How to find open shares on the n/w Hi, I am very satisfied with th

RE: Password generators

Hi, my first post to this group... Don't use "1337" replacement. L0phtcrack and other password crackers already check for this. I would recommend something similar to the following Java applet which generates 10 pronounceable (but non-dictionary-word) passwords: http://www.multicians.org/thvv/