I'm getting kind of tired of sending reports of
port scans and attempted break-ins to people who
don't really seem interested in doing something
about the problem. I always ask them to keep me
informed about how they deal with those
responsible, but very few have the courtesy to
actually
On Tue, Dec 21, 1999 at 01:47:22AM -0600, Eric wrote:
I'm getting kind of tired of sending reports of port scans and attempted
break-ins to people who don't really seem interested in doing something
about the problem. I always ask them to keep me informed about how they
deal with those
Hello list,
In the office network we have a UNIX firewall server. At the moment it is
impossible the use ICQ and RealAudio etc on our NT network. I don't know of
we have a SOCKS firewall or a differt one, nor do I know ports of the
firewall.
Can anyone show me how I could find this out? My
Sounds like a really good idea Eric. However, I doubt that it's legal.
--
From: Eric[SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 12:47 AM
To: [EMAIL PROTECTED]
Subject: Dealing with port scanners / attackers
I'm getting kind of tired of
A few problems with that:
1) Sometimes portscans aren't malicious, that is I (at least) have
used quick scans to determine services that a remote host provides, ie
anon ftp and whatnot.
2) (big one) any ISP worth its salt will set its border routers to
reject packets with obviously forged
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your response.
The attack itself could well have been made using a spoofed address, and you
will in effect be further victimizing someone
Jim Littlefield wrote:
When filing complaints, I make it very clear that we will not accept a
lack of response from them and we will blackhole their network at our
router, should they choose to ignore our complaint. If they are not a
top-level provider, I also Cc their provider.
You're
Eric Johnson [EMAIL PROTECTED] said ...
I'm getting kind of tired of sending reports of
port scans and attempted break-ins ...
So something else is needed.
Suppose we ... spoof the source address and
perform a port scan against the port scanner's ISP?
... the ISP would see a port
Hi all. I'd like to look into the security implications of proxying SSL
from the Internet thru a firewall to a server on an internal network.
I understand that other protocols have been tunnelled thru SSL besides
just http, but what are the other issues involved?
Are there any documents on
Hello,
Does anyone has information (or URLs) about market penetration of
firewalls by vendors by
countries, in percentage of course ?
Thank you in advance.
Laurent Butti.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Suppose we set up a firewall that, when it detects
a port scan, would spoof the source address and
perform a port scan against the port scanner's ISP?
That way, the ISP would see a port scan coming
from one of his own customers and would be more
likely to take an active interest in
HI all,
I'm in some trouble.
I have a sun os but I change the shell of the root user to a
none existent shell.
now, I could not su to root.
root:x:0:1:Super-User:/:/sbin/csh
patyi:x:106:20:Patrick Yi:/export/home/patyi:/bin/csh
Is there a way I can regain root access.
bach% su -
Password:
Jim Littlefield [EMAIL PROTECTED] 12/21 5:22 AM
When filing complaints, I make it very clear that we will not accept a
lack of response from them and we will blackhole their network at our
router, should they choose to ignore our complaint. If they are not a
top-level provider, I also Cc their
But on the other hand, if THEY are a business (which most internet enabled networks
are), they lose a lot of business if everyone starts blackholing them...
Marc..
Gary Flynn [EMAIL PROTECTED] 12/21 7:10 AM
Jim Littlefield wrote:
When filing complaints, I make it very clear that we will
Actually I think this is a very significant concern.
I am surprised that Doubleclick or someone similar has not already been
subpoenaed in a civil case for some cause or other. If I were a plaintiff's
attorney in, say, a sexual harassment/hostile environment case, I would seek
a record of any
"Paul D. Robertson" wrote:
In that case, they'd probably be more interested in putting a stop to
you, and you'd perhaps run afoul of the law if you hit one of their
customer's machines. I'd recommend against it. Also, if they source
spoofed, you'd be scanning a bunch of other networks that
On Tue, 21 Dec 1999, Eric wrote:
I'm getting kind of tired of sending reports of
port scans and attempted break-ins to people who
don't really seem interested in doing something
about the problem. I always ask them to keep me
informed about how they deal with those
responsible, but
Eric Johnson [EMAIL PROTECTED] said ...
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your
response.
The attack itself could well have been made using a spoofed address, and
you
hi Chris,
it has been a long while. anyways hmm.. it would be interesting to
see the reaction if Doubleclick was put under the scope as intel was with
the pentium III for privacy and invasion thereof.. i bet the privacy.orgs
would have a hay day with this info.. it would depend thou
Hi,
I have, what I hope is a simple question. (But why would I ask the
wizards if it was *grin*) Can it be done -- use Apache as a rev-proxy
in front of an MS IIS server that uses CERTS and is it's own CA.
This is for a SSL site with Apache in front, but I am trying to figure out
who needs to
try su - -c /correct/shell
-g
On Tue, Dec 21, 1999 at 10:52:20PM +0800, simon wrote:
HI all,
I'm in some trouble.
I have a sun os but I change the shell of the root user to a
none existent shell.
now, I could not su to root.
root:x:0:1:Super-User:/:/sbin/csh
On Tue, Dec 21, 1999 at 09:08:09AM -0600, Eric wrote:
| I'm not clear on what a port scan accomplishes with a spoofed address
| unless it is just to make you think you're being scanned from elsewhere.
| If you're being scanned from a spoofed address, then whoever is trying to
| find a
At 12:51 21-12-1999 -0500, you wrote:
What are ports 6671 6771 used for? Last night someone
felt the need to check both of these ports three
times each, alternating between the two. I verified
that I am not running any services there, but I am curious.
I found 6771 is used for DeepThroat, but
At 22:52 21-12-1999 +0800, you wrote:
HI all,
I'm in some trouble.
I have a sun os but I change the shell of the root user to a
none existent shell.
now, I could not su to root.
root:x:0:1:Super-User:/:/sbin/csh
patyi:x:106:20:Patrick Yi:/export/home/patyi:/bin/csh
Is there a way I can
I'm not clear on what a port scan accomplishes with a spoofed address
unless it is just to make you think you're being scanned from
elsewhere.
If you're being scanned from a spoofed address, then whoever
is trying to
find a vulnerability will never know the result, right?
Except, of
Does any one know if it is possible to set up Microsoft Proxy server on a
machie that only has one network adapter? Please e-mail me at
[EMAIL PROTECTED] if you know how to do this.
Thank you very much,
Arkady Yerukhimovich
__
Get Your
At 09:08 21-12-1999 -0600, you wrote:
"Parker, Gary W" wrote:
Retaliation is not the proper response to attacks, real or perceived.
Remember that you propose to spoof the attacker's address in your response.
The attack itself could well have been made using a spoofed address, and
you
will in
On Tue, 21 Dec 1999, Interpaul wrote:
Hello list,
In the office network we have a UNIX firewall server. At the moment it is
impossible the use ICQ and RealAudio etc on our NT network. I don't know of
we have a SOCKS firewall or a differt one, nor do I know ports of the
firewall.
It
Jeff Bachtel wrote:
A few problems with that:
1) Sometimes portscans aren't malicious, that is I (at least) have
used quick scans to determine services that a remote host provides, ie
anon ftp and whatnot.
But then the services you are trying to find are not BackOrifice or
other
SIPRNET
- Original Message -
From: Jimi Aleshin [EMAIL PROTECTED]
To: Ken Milder [EMAIL PROTECTED]
Cc: firewall-lista [EMAIL PROTECTED]
Sent: Sunday, December 19, 1999 4:29 PM
Subject: Re: 2 IP addresses in one corporate/local network?
Well their secret network called the SIPERNET (I
On Tue, 21 Dec 1999, Eric wrote:
"Paul D. Robertson" wrote:
In that case, they'd probably be more interested in putting a stop to
you, and you'd perhaps run afoul of the law if you hit one of their
customer's machines. I'd recommend against it. Also, if they source
spoofed, you'd be
On Tue, 21 Dec 1999, Kevin Eberman wrote:
I wouldn't want to argue the business merits of ICQ, but what protocol would
you use for real time one-to-one text communication? ICQ is not supported
Internally I like to use IRC servers, we use two to talk between my
group's two predominant
I know you said *one* network adapter, but I assume you are implying that
the machine has one NIC and a modem. Is this correct? If that is, then
there is nothing special to do. Just install the thing, connect the proxy
server to the internet and then setup the clients.
That doesn't have much
On Tue, 21 Dec 1999, Eric wrote:
How about just running a port scan against whoever is portscanning you.
If someone sees port scans coming from a system they are trying to break
into, it would hopefully scare them off.
A lot of times scans are done from an already compromised host, *if*
Hi all,
I like to thank all who helped me with the afore mentioned problem.
Most of the advices given were based on a sun box.
However, I do not know how to boot into single user mode from cdrom
as the SUn os is on an intel box.
Has anybody installed or has any experience with sun os
on an
I do not know how to boot into a single user using cdrom
as the sun os is on a INTEL box.
I tried the command and it doesn't work
bach% su -c /bin/csh
su: Unknown id: /bin/csh
Please HELP !!
[EMAIL PROTECTED] wrote:
try su - -c /correct/shell
-g
On Tue, Dec 21, 1999 at 10:52:20PM +0800,
During the past three years, I have contacted the sysadmins at five
sites and provided them with a brief log extract. Four sites provided
feedback that the offender had their account revoked. The 5th site was
untraceable to the source as it was a computer lab at a major university
and I
I wouldn't want to argue the business merits of ICQ, but what protocol would
you use for real time one-to-one text communication? ICQ is not supported
by our SonicWall DMZ router, but if it's possible, I'd like to get something
else working.
Regrards,
Kevin
-Original Message-
From:
Hi
I have a problem with PPPD.
On a slack 3.5 system it connects to my ISP just fine (through a leased line)
and the same connect scripts an everyting moved on a RedHat 6.1 machine don't
work. On the slack machine things go like this (taken from syslogd) :
pppd started by...
pppd using
If an attacker uses decoy mode you will be hit by 10 different source
addresses and only one is from the attacker itself. If you do a reverse
scan you will hit 9 addresses for which you appear to be an attacker.
My recommendation: secure your box and let them scan. A port scan is f*
boring
Could also be that ISP's don't care about your problem's as long as their
users are happy.
Renee Lee
-Original Message-
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 21, 1999 1:47 AM
To: [EMAIL PROTECTED]
Subject: Dealing with port scanners / attackers
I'm getting
Check out
http://www.rmsbus.com/gu.html for Gauntlet Oracle
"william.wells" wrote:
There has been talk about Oracle on CheckPoint. How about Gauntlet? Anyone
have any experience with their Oracle SQL proxy? I may need to use it soon.
-
[To unsubscribe, send mail to [EMAIL PROTECTED]
On the Doubleclick website there is an option to set a cookie
that "OPTS-OUT". Which is under the privacy link. This is sort
of the same way that the PIII signature was able to hush the
privacy crowds.
Now all you have to do is inform all the users, they if they do
not want this behavior to
Title: RE: 2 IP addresses in one corporate/local network?
first posting to this list...been lurking for a while,
and the conversation looked intersting ;)...
SIPRNET
correct, and the other side of the coin is NIPRNET,
(Nonsecure, etc..)
we don't use IPv6 ...NIPRNET or SIPRNET ;)
and
44 matches
Mail list logo
