Re: [Full-disclosure] [Tool] - inundator - an intrusion detection false positives generator.
I guess you missed this line? We thought this was an original idea, but it looks like Snot, fwsnort's snortspoof, and possibly others beat us to the punch. On Tue, Jul 6, 2010 at 2:51 AM, Nelson Brito nbr...@sekure.org wrote: That is not new and you should give the credits, not just for NNG (http://packetstormsecurity.org/filedesc/nng-4.13r-public.rar.html), but you are missing STICK, SNOT and and IDSWAKEUP as well. Nelson Brito Security Researcher http://fnstenv.blogspot.com/ Sent on an iPhone wireless device. Please, forgive any potential misspellings! On Jul 1, 2010, at 10:25 PM, epixoip epix...@hush.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 homepage: http://inundator.bindshell.nl/ deb repo: deb http://inundator.sourceforge.net/repo/ all/ gpg key : http://inundator.sourceforge.net/inundator.asc Announcing the release of inundator v0.5! inundator is a modern twist on an old concept -- it's an IDS/IPS/WAF evasion tool, used to anonymously flood intrusion detection systems with false positives in order to obfuscate a real attack. inundator leverages the vagueness and poor quality of Snort's rules files to generate completely harmless packets / HTTP requests that contain just enough keywords to trigger a false positive. We thought this was an original idea, but it looks like Snot, fwsnort's snortspoof, and possibly others beat us to the punch. However, these tools were developed around the turn of the century, are quite dated and well-forgotten, and overall quite inferior to inundator. inundator is full featured, multi-threaded, queue-based, supports multiple targets, and requires the use of a SOCKS proxy for anonymization. Via Tor, inundator is capable of generating around 1000 false positives per minute. Via a high-bandwidth SOCKS proxy, you might be able to generate ten times that amount. The general idea is one would launch inundator prior to starting an attack, allow it to run during the attack, and continue to run it a while longer after you've accomplished the attack. The goal, of course, is to generate an overwhelming number of false positives so that your real attack is essentially buried within the other alerts, minimizing the chance of your attack being detected. It could also be used to ruin an IDS analyst's day, or keep an organization's infosec department busy for a while. I suppose it could also be used to test the effectiveness of an IDS, but no, not really. inundator is implemented in Perl (version = 5.10 is recommended due to ithreads bugs in previous versions), and has been tested on Debian Lenny, Debian Squeeze, Ubuntu Jaunty, BackTrack4, and Mac OS X against Snort v2.8.5.2. It is presumed to work on all POSIX operating systems. Hell, it might even work on Windows. /epixoip. -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkwtQBUACgkQacHgESW3wZpdIwP+P6LnI4PLGYPOOcoE84PKcVr/4dNu /T9kXWFqi0WWE9mO5zGo/UqemhBEutjUsxH880i39AnpKVuHroBbuouO3p/9AJ+q6CoJ z64LBg6mSYzzcrCbBGU1XGxNiNsqhaHc9SIMAYCM1Yj6jbnHrm+lMIzneIuCgRhIJeoj NlqSahc= =O9AY -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No anti-virus software? No internet connection
If the ISP's are being expected to do the policing (which a less than thorough read of the paper indicates), who's shelling out for all the NAC kit? The ISP? On top of all the kit required to log all users Internet activities for an as yet undetermined period of time? On top of the kit to implement the great firewall of .au? Welcome to China, we hope you enjoy rice. Although, at least in China the govt's policy and intention is fairly clear. On Tue, Jun 22, 2010 at 9:41 PM, valdis.kletni...@vt.edu wrote: On Tue, 22 Jun 2010 12:55:25 +1000, Ivan . said: Security is as easy as that.. http://www.news.com.au/technology/no-anti-virus-software-no-internet-connection/story-e6frfro0-1225882656490 OK. I'll bite. 1) What antivirus are they going to force me to install on my Fedora laptop? 2) How will they verify the presense of A/V software on a properly firewalled system? 3) If the answer to (2) is run some sort of agent software on every box, in how many different ways can this end badly? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Slander of security researcher n3td3v
On Tue, Aug 11, 2009 at 5:07 PM, someone lawyersome...@lawyer.com wrote: List, My client is legitimate security researcher who been slandered last month on the list. This matter is taking care of legally now. some...@lawyer.com Mr Wallace is off his meds again? :( ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] It's time for me to go now
You are, the weakest link. Goodbye. On Mon, Jan 12, 2009 at 12:45 PM, n3td3v xploita...@gmail.com wrote: I don't know how to hack and I don't have any technical abilities I must go now before MI5 take me away in a van and dump my body in the sea. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v is big in the security community protecting the UK against the threats.
Only in their own minds. Delusions of grandeur my friend. On Wed, Jan 7, 2009 at 8:50 AM, n3td3v xploita...@gmail.com wrote: http://twitter.com/n3td3v/status/1100384047 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
I think you're the one who misunderstands. Nobody gives a shit what you have to say, as it's completely OT. Take your rant elsewhere. On Tue, Jan 6, 2009 at 11:07 AM, Mainbox Notif rokade...@gmail.com wrote: Coolz, I think you misunderstood everything: First : you are from Israel, so probably you read only Israeli newspapers. In modern world we see news from reliable (independent) sources. That makes your story not very believable. But it can be worse: some people here do never read newspapers or see the news. But still have an opinion or think that they have the knowledge. Hamas is elected, IMO because they can do something against Israel. You told it: hamas give them food, money and other things if they join them in the fight against israel. The other things you mentioned are (hopefully) weapons. Of course, they do not have to negotiate with the thief that stool their country. Lets help the Palestinian victims: give them food, medicines and weapons. Lets help them fight the occupiers. They deserve their country back. (Yes, you do want to hear it: it is THEIR country) 2009/1/5 Coolz c00l.z...@gmail.com Congratulation's handrix, and few other people here. for proving you amazing history and middle east knowledge. few facts (I'm from Israel, and also in the idf, for everyone who want few more reasons to hate me): In the beginning of the 20th century there were almost no Arabs in the land of Israel. However, the Jews, in spite of two thousand years of persecution, have been the majority of the population there during most of the history. In Jerusalem- they have always been the majority. When general Alenby , the commander of the British army, conquered Israel in 1917-1918, he found only a few thousands Arabs. Other Muslims in the region came from Turkey, or were the descendants of Jews and Christians who were forced to change their religion by the Muslims conquerers- but none of them was originally Arab. That about the so called Palestine country and all of that crap. (btw, if you care about it you may want to search for Philip Hitti AN ARAB PHD for middle east history who said: it is well known that there is no such thing as Palestine in the history there are few other arabs how said pretty much the same... just search it.) for the hamas part, please search for the Fatah, after that, you might ask so why did the Gaza strip people voted for hamas in democratically election? simple, hamas give them food, money and other things if they join them in the fight against israel, hamas control the fuel, hospital and most of the guns in the Gaza strip, they threat people and made them vote hamas, i won't go on with that line, so handrix and few other people here won't say I'm telling lies. from the year 2000 hamas is firing rockets (grad, improved grad qaasam and other rockets) the numbers that people wrote here are not even close to the real numbers. so what would you do? if your country was bombed each day, day after day even when you are not doing anything (and for a long time the idf didn't do anything in gaza) during the cease fire hamas still fire rockets to israeli civilian and military targets! so don't say its israeli propaganda or lies, hamas is a terrorist organization and nothing else matter, we gave them option to stop this stupid fight, they didn't took it. (for example, on the other of israel judea and samaria, israel is letting all the arab enter israel and work, not shooting down anybody and they are not under any israeli control, read about the fatah if you care about what is going on with the israeli arabs. Israel is doing everything it can in order to hurt only hamas people and is doing everything in our power not to hit civilians no one, including the UN,USA or anyone else has the civilians hit rate that the IDF is achieving in the small, crowded Gaza strip (usa bombed weddings and pure civilians targets in Afghanistan, UN is not enforcing there own rules about fire arms in Lebanon, Iraq war do i really need to say anything else?) so please think again before you spread your ignorance to the world. Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. beside that, I'm sorry for for the English mistakes i probably have, as you can understand, i speak Hebrew as prime language, not English Hopefully that i managed to show you the bigger picture (more then a half a million Israelis that are suffering daily from hamas rockets for something that only the hamas can be blamed on) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
Re: [Full-disclosure] [inbox] Re: Supporters urge halt to, hacker's, extradition to US
Whilst I agree that criminal actions should be met with criminal consequences, 60 years for breaking (I use the term losely) into shittily protected systems is absurd. You do less time for murder in most places. I wonder, if he was an American citizen, would he have been charged with treason and executed? On Tue, Sep 30, 2008 at 7:57 AM, Exibar [EMAIL PROTECTED] wrote: So you guys are saying that if I forget my keys in my car and the door unlocked that it's not a crime to steal my car? It's not a crime to NOT lock your house, but it's still a crime to open that door and take that big screen tv if you're not the owner... Doesn't matter if he willfully caused damage or not, he still caused that damage, he's still a criminal. The details will have to come out in court, and they will. Either in the US or in the UK, doesn't matter... He's a criminal, period... He should be treated as such... Exibar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Monday, September 29, 2008 11:24 AM To: full-disclosure@lists.grok.org.uk; n3td3v; [EMAIL PROTECTED] Subject: [inbox] Re: [Full-disclosure] Supporters urge halt to, hacker's,extradition to US I just think someone from the military should be in the dock as well!!! This wasn't a one sided security incident, sloppy admins were involved in the 'threat to national security' that Gary Mckinnon supposedly posed. The passwords on the systems weren't set, if it wasn't Gary Mckinnon it was going to be some other script kid who got in. I don't know why the military are making a big deal about what happened, when ultimately its their I.T security staff who were the main culprits of blame. Accoriding to Gary Mckinnon, there were lots of script kids in the systems at the same time as him, they just decided to pick him out of the crowd to make an example of the activity that was going on. This should be a non-issue that should have been delt with internally in the military, the I.T security staff blamed and the script kids left to go on their humble way. When the way of intrusion is this lame, and its obvious the blame is on the I.T security staff, then I don't think they should waste everyone's time herding one of the script kid across the atlantic, just to keep America's nation pride in tact. Geez fucking christ, it was totally the military's fault, there is no get out clause. On Mon, Sep 29, 2008 at 4:00 PM, Kyrian [EMAIL PROTECTED] wrote: Folks, Thanks to Exibar for the (likely) clarification. No issue in converting from metric, incidentally ;-) I will check out the links you provided this evening and make up my own mind. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Typical media dramatization. No where in the article does it state that backdoors HAVE been found in router firmwares. Next we'll be seeing Japanese tactical nukes Hidden in Toyota trunks On Thu, Mar 6, 2008 at 10:09 AM, Ivan . [EMAIL PROTECTED] wrote: http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Chinese backdoors hidden in router firmware
Why stop at routers switches? You could own far more devices by backdooring BIOS', HDD's, etc, all of which are often produced in Far East countries. On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greets. It does not matter so much if there is no hard proof about the router firmware containing backdoors set in place by Chinese manufacturers. ~From a security perspective, it is a potential threat which should be addressed, especially for western networks and those they trust. It is not too far fetched of an idea. Google yielded the following fairly quick: http://slashdot.org/articles/08/02/29/1642221.shtml If you want to be inundated with reading material on the matter, be creative, or not too creative, with Google searches having to do with China and western powers and businesses, specific to information warfare. .te Larry Seltzer wrote: | Next we'll be seeing Japanese tactical nukes Hidden in Toyota | trunks | | And who knows what the French are putting in that cheese. | Larry Seltzer | eWEEK.com Security Center Editor | http://security.eweek.com/ http://security.eweek.com/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/ | http://blogs.pcmag.com/securitywatch/Contributing | Contributing Editor, PC Magazine | [EMAIL PROTECTED] | | | | | | | ___ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfPTUAACgkQVuM8PD1UnspxGwCfWA2YAcAk31lPkOeFUkOZm4ko a64AniF5C+KgjpfrAuxEkkW45BM+xpGZ =RwKm -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
