Better yet: Route add <att.ack.ers.ip> mask 255.255.255.255 <att.ack.ers.ip>
Agent deployed.... oh wait... -------------------------------------------------------------------------- Nathan Sweaney | Security Specialist - GPEN,GWAPT Tulsa Cash Register / Bottom Line Solutions 918.294.1777 x 311 | 918.307.2071 | mailto:[email protected] http://www.tulsacash.com/ Serving Oklahoma for 51 years. Main Number 24 Hour Customer Support Line: 918.294.1777 (Follow Prompts) Notice: This E-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. ยงยง2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. Please consider the environment before printing this email. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dave Hull Sent: Wednesday, August 05, 2009 10:48 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Blue Team Tactics On Sat, Aug 1, 2009 at 9:30 AM, John Strand<[email protected]> wrote: > > [snip] > > Now I want you to focus on the CLI and the built-in tools you get with a > Windows or Linux system. How about the route command for null routing the attackers IP address(es)? route add <att.ack.ers.ip> mask 255.255.255.255 127.0.0.1 I'm not a CTF player (yet), but off the top of my head for native tools on Windows -- netstat, tasklist, route, net, wmic... _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
