No experience with Top Layer's stuff - although I, too, am interested in
hearing from others.
For IPS there is at least:
1) Hogwash: Layer 2 packet mangler based on Snort originally. Now moving
away from Snort...it drops, logs, or alters packets according to IDS
rules
Hi
Has anyone experience with Top Layer's Attack Mitigator IPS
does someone have 'daily'/ 'real live' experience with this product?( eg how
did they handle the slammer issue& recent other MS flaws, or unix flaws) so
far just found only commercial tests
Client wo
ere which can do a temporary block on the IP of someone
> who has tried to login to FTP too many times and failed? I am currently
> running an iptables firewall, but I do not want IPs to be permanently
> blocked, just say blocked for 24 hours and then allowed again.
>
> Jan 1
rying your SMTPd, IMAPd or any other service you are
running Port Sentry will drop their route to your box.
-Original Message-
From: Ng, Edward B [mailto:[EMAIL PROTECTED]]
Sent: January 23, 2003 7:52 PM
To: 'Rob Stevens'
Cc: '[EMAIL PROTECTED]'
Subject: RE: blocki
From: "Ng, Edward B" <[EMAIL PROTECTED]>
I was wondering is there an application out there which can do a
temporary block on the IP of someone who has tried to login to FTP too
many times and failed? I am currently running an iptables firewall,
but I do not want IPs to be permanent
Hi Edward,
Your 'visitors' may just be using Download Managers, such as GetRight. These
applications often try to open multiple anonymous connections to FTP servers to speed
up their downloads. I know this doesn't answer your question directly - but it might
help.
Cheers,
Michael Conroy.
Thi
eople who have been hammering me literally
try all the IPs that the server is visible on and can sometimes end up
holding too many open connections. I have recently restricted the server to
a max of 3 open connections per host (which has helped!), but I feel that it
would be nice if I can find a w
iled? I am currently
running an iptables firewall, but I do not want IPs to be permanently
blocked, just say blocked for 24 hours and then allowed again.
Jan 12 14:36:21 warp proftpd[5073]: warp.linux-server.com
(dclient217-162-35-70.hispeed.ch[217.162.35.70]) - FTP session opened.
Jan 12 14:
ner <[EMAIL PROTECTED]>,[EMAIL PROTECTED]
Subject: Re: Preventing DHCP from allocating IPs
Date: Wed, 11 Dec 2002 19:03:48 -0200
No, u can sniff switched networks using poisoning the arp table. Its pretty
easy to do it
usually. Check out ethercap, it uses this techniq.
--
none
jon kintner w
riginal Message -
From: "Tony Meman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 07, 2002 3:29 PM
Subject: Re: Preventing DHCP from allocating IPs
Someone could just sniff the traffic, collect some valid MAC addresses
and use one of
them w
: Saturday, December 07, 2002 3:29 PM
Subject: Re: Preventing DHCP from allocating IPs
Someone could just sniff the traffic, collect some valid MAC addresses
and use one of
them when some box is down. MAC spoofing is trivial.
Regards,
--
none
Hasnain Atique wrote:
My solution was somewhat more
I don't know if it's impossibe, but isn't sniffing traffic on a switched
network more difficult?
-jon
- Original Message -
From: "Tony Meman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 07, 2002 3:29 PM
Subject: Re: Preventing
Someone could just sniff the traffic, collect some valid MAC addresses
and use one of
them when some box is down. MAC spoofing is trivial.
Regards,
--
none
Hasnain Atique wrote:
My solution was somewhat more elaborate.
I'd separated the network into sections, each connecting to a "backbone" o
ot;Sarbjit Singh Gill" <[EMAIL PROTECTED]>
To: "Hasnain Atique" <[EMAIL PROTECTED]>; "Rick Darsey"
<[EMAIL PROTECTED]>; "jon kintner" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Friday, December 06, 2002 4:24 PM
Subject: RE: Prev
Sent: Friday, December 06, 2002 1:24 AM
To: Hasnain Atique; Rick Darsey; jon kintner;
[EMAIL PROTECTED]
Subject: RE: Preventing DHCP from allocating IPs
In my scenarios, the problem is some people who walk into this company are
visitors who come in with different lap tops each time they wa
; jon kintner;
[EMAIL PROTECTED]
Subject: RE: Preventing DHCP from allocating IPs
In my scenarios, the problem is some people who walk into this company are
visitors who come in with different lap tops each time they walk in.
Sometimes they are genuine visitors who has the right to use the LAN and
some
y, December 05, 2002 6:09 PM
> To: "[EMAIL PROTECTED]"@securityfocus.com;
> "[EMAIL PROTECTED]"@securityfocus.com
> Subject: Re: Preventing DHCP from allocating IPs
>
>
> Is there any way to spoof MAC addr even if your NIC doesnt allow it?
> If so, how?
&g
smart people to worry about.
Cheers
Gill
-Original Message-
From: Hasnain Atique [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 10:26 AM
To: [EMAIL PROTECTED]; Rick Darsey; jon kintner;
[EMAIL PROTECTED]
Subject: Re: Preventing DHCP from allocating IPs
What about
rin[EMAIL PROTECTED],
g.com [EMAIL PROTECTED]
Subject: RE: Preventin
MACs.
-- Hasnain
- Original Message -
From: "Sarbjit Singh Gill" <[EMAIL PROTECTED]>
To: "Rick Darsey" <[EMAIL PROTECTED]>; "jon kintner" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, December 05, 2002 7:14 AM
Subject: RE:
Is there any way to spoof MAC addr even if your NIC doesnt allow it?
If so, how?
--
none
On Mon, 2 Dec 2002, jon kintner wrote:
I know mac addresses can be spoofed pretty easily, but could you setup an
access list or filter that would disallow all mac addresses except for the
ones specified on
EMAIL PROTECTED]]
> Sent: Monday, December 02, 2002 1:04 PM
> To: [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: Preventing DHCP from allocating
> IPs
>
>
> I know mac addresses can be spoofed pretty
> easily, but could you setup an
> access list or filter tha
]
Subject: RE: Preventing DHCP from allocating IPs
I know this sounds like a really bad way of doing this, but it is the only
way I can come up with off the top of my head:
Turn of DHCP!! Statically assign all addresses in your LAN. If a visitor
wants access to your network, they will have to come to
e" who is the bad MAC and who is the GOOD MAC.
Cheers
Gill
-Original Message-
From: Jimmy Sansi [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 3:06 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Preventing DHCP from allocating IPs
Not being able to distinguish
IL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, December 03, 2002 12:04 PM
Subject: RE: Preventing DHCP from allocating IPs
>
> I know this sounds like a really bad way of doing this, but it is the only
> way I can come up with off the top of my head:
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Preventing DHCP from allocating IPs
I know mac addresses can be spoofed pretty easily, but could you setup an
access list or filter that would disallow all mac addresses except for the
ones specified on your network(s)?
The initial setup would probab
2002 7:22 AM
Subject: Preventing DHCP from allocating IPs
> Greetings all,
>
> How do i prevent a client from getting an IP from my DHCP in an
Ethernet
> network. I know i could reserve IPs for all other clients and nobody
gets
an
> IP unless reserved earlier, but i have hundreds of client
kintner [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 1:04 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Preventing DHCP from allocating IPs
I know mac addresses can be spoofed pretty easily, but could you setup an
access list or filter that would disallow all mac
logins off the network at the college I attend.
>
> -jon kintner
>
> - Original Message -
> From: "Sarbjit Singh Gill" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, December 02, 2002 7:22 AM
> Subject: Preventing DHCP from al
f the network at the college I attend.
-jon kintner
- Original Message -
From: "Sarbjit Singh Gill" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 02, 2002 7:22 AM
Subject: Preventing DHCP from allocating IPs
> Greetings all,
>
> How do i
: Sarbjit Singh Gill [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Preventing DHCP from allocating IPs
Greetings all,
How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other
Greetings all,
How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other clients and nobody gets an
IP unless reserved earlier, but i have hundreds of clients. I frequently
have visitors who need to plug in their laptops into the
<[EMAIL PROTECTED]>
Subject: RE: Antwort: RFC 1911 IPs
in my firewall logs
Only W2k and WinXP use 169.254.x.y if there is no DHCP server, Win9x
uses 192.168.*.
Mark
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 22 January 2002 10:08 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Antwort: RFC 1911 IPs in my
r you will not be able to
send packets to these hosts, unless it is your own ISP (even then you/they
should be filtering such packets).
- Original Message -
From: Joe Brown <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 17, 2002 00:50
Subject: RFC 1911 I
If I remember right, setting a NIC in Windows to DHCP and there is no
Server, the IP is set to something in 192.168.*. Maybe there is Winbox near
You spamming the line?
Hello all,
Reviewing my home office firewall logs, I noticed an
entry in which someone tried to connect to my
external inter
Hello all,
Reviewing my home office firewall logs, I noticed an
entry in which someone tried to connect to my
external interface with an IP of 192.168.50.xx. I
assume it's a spoofed address, but I just don't know
how they got it to traverse the Internet? How can that
be routed?
Does anyone ever heard about IPS(Intrusion Prevention System)?
Where can I learn this conceptual security product(commercial & non-commercial)?
Thank
I think you can see the system if you go to near mirror and will look at one ;)
the only one system i know it is a good security specialist.
arnold baek wrote:
> Does anyone ever heard about IPS(Intrusion Prevention System)?
> Where can I learn this conceptual security product(commercial
39 matches
Mail list logo