Re: Unsigned Windows 2000 Patches - full answer

I saw that you got a few responses to your question, but this has been asked many times before yet never fully answered to satisfaction. So here is the complete explanation, which will probably be much more than you want to know about this subject. Nonetheless, I thought it would be nice to s

Re: Encryption Basics

[EMAIL PROTECTED] wrote: > > What sources would you suggest for getting basic info on encryption? (How > it works, software sources, best practices in business settings, etc.) > > Michelle Horner > Outcome Technology Associates, Inc. I would recommend Google as a very go

RE: MORPHEUS

I think it's enogh. I used this policy. But its better that you add a master server ip. You can find it using Search engine. Good luck. Mongolia. -Original Message- From: Jose Rayo [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 1:08 AM To: Security-BASICS (E-mail) Subject:

Re: Webserver relaying mail

On Wed, Feb 20, 2002 at 04:09:17PM -0700, Lisa Bogar wrote: > > Someone on campus called me yesterday inquiring about how to stop relaying > through sendmail. He thought he had configured his sendmail.cf to not > allow relaying, but then got notified he was relaying mail. Today after > some sea

Re: Webserver relaying mail

Quoting Lisa Bogar ([EMAIL PROTECTED]): > www.8wire.com. Is anyone else familar with this and have you encountered > it? The logs show attacks targeted at the cgi-bin that sent out tons of > porno spam. Your formmail.pl is a security hazard. Not only does it allow the specification of arbitray

RE: Operations of smartcard-enabled PCs

I will add one other thing to be very careful of - the implementation details. I've had experience with the Siemens fingerprint mouse. On the surface it looked really nice. But under the covers, what they did was to store your password in an (encrypted) data file and replace msgina.dll with the

Re: Webserver relaying mail

On Wednesday 20 February 2002 05:09 pm, Lisa Bogar wrote: > Someone on campus called me yesterday inquiring about how to stop relaying > through sendmail. He thought he had configured his sendmail.cf to not > allow relaying, but then got notified he was relaying mail. Today after > some searchin

Re: capturing traffic on cisco routers

along with the tip given by Victor, you could start playing with (provided you have loging enabled and tweeked your buffers accordingly): #sh buff assi dump - Original Message - From: "Victor Usjanov" <[EMAIL PROTECTED]> To: "Dave Stein" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wed

Re: Software Product Download and FTP

First give us litle bit more informations. Which operating system do you have as a server? Which ftp server do you want to use? The best way to do this is to set password on directory but then you will got that problem that you will have to change password every time when someone download the pro

Re: Detecting Sniffers?

Quoting Sumit Dhar ([EMAIL PROTECTED]): > 1. What would be the best method to see if someone is carrying > out ARP-Spoofing? > > 2. Would it be possible to locate a machine that is flooding > the network with fake MAC replies? arpwatch > Also, what would be the o

Re: Webserver relaying mail

On page 158 of Lincoln Stein's "Web Security" book, FormMail (version 1) is listed as having a vulnerablity allowing remote users to execute commands with server privileges. The book is rather dated (copyright 1998), but if that's the version being run then yes, there is a published vulnerabil

Re: Detecting Sniffers?

Well, i would take a long and hard look at this document : http://robertgraham.com/pubs/sniffing-faq.html. Several methods of sniffing detecting are describet there . Best Regards Henrik Johansen > Hello All, > > I was wondering the other day as to how one could go about detecting a > s

Re: Software Product Download and FTP

Hello Mike, I would use a cgi script that after verifying the customers purchase info, such as credit card number and etcetera, it sends them the files. Just use the attachment header to define the file name to save as, then the content-type header to let the browser know you're sending an appli

Re: Webserver relaying mail

Lisa Bogar([EMAIL PROTECTED])@Wed, Feb 20, 2002 at 04:09:17PM -0700: > > Just trying to find out more information and I am surprised if it is > indeed happening why I haven't seen anything on CERT or bugtraq. Yeah, this one's real. The ISP I work for had to add an additional note to our custom

Re: Webserver relaying mail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://nms-cgi.sourceforge.net/ here is that link I mentioned... these are drop-in replacements for Matt's scripts... thanks, shawn On Thu, 21 Feb 2002, Lisa Bogar wrote: > Shawn, > > Yep, your right. I wasn't given the complete information about

RE: Best means to block MSN Messenger, AIM and other chat programs?

This chat programs uses any available ports. You cant deny them by ports. Just leave the ports patient. You'll need block access to their master servers. I know some of them. Exam: yahoo. 216.136.130.46/24 216.136.173.179 216.136.175.132 216.136.175.143 216.136.224.215 216.136.225.

Re: disabling port 79

On Wednesday 20 February 2002 09:55 am, Dean Fox wrote: > I am contemplating to remove/disable finger or port 79 from some > workstations and/or servers. Is there any negative impact for doing it? > > Any advice is much appreciated. > > Thanks, almost nothing looks to finger anymore, so it's safe

Network Security Risk Analysis

Hi This might seem a very vague question but even a start would be fine. I am interested in knowing how (what are the steps involved) does one initiate in conducting a network security risk analysis. Do you know of any online resources that help in this process? TIA A.

IM - ANY WAY OF BLOCKING FILES

Assuming my only concern with Instant Messaging (IM, ICQ, etc)is trojans, backdoors delivered with message is there any way of blocking attachments ? For example, could messages be funnelled through a proxy which strips attachments from messages ? Mike __

md5

Hi all i've been lurking this gracefull maillinglist for quite some time now, like any newbie on security, i got a question about md5. could anyone feed me with a simple example on how to encrypt data with a feeded password (symetric encryption like), in C programming language ? pointers

Re: Best means to block MSN Messenger, AIM and other chat programs?

Can you stop by blocking via destination messenger server ? Mike --- KEN MORRIS <[EMAIL PROTECTED]> wrote: > Hello, > I am using both filtering software and Firewall > (GNat Box) to try to > block out the use of several chat programs. On the > FW I have blocked > ports: > 4000 - ICQ > 1863 - MSN

Re: College advice

Tim, Is this rumor only, or do you have some links to go with this? Dave A - Original Message - From: "Tim V(@DZ)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, February 20, 2002 11:21 AM Subject: College advice > > -BEGIN PGP SIGNED MESSAGE--

RE: Recommended Ethical Hacking, Hacker Techniques class

I attended Verisign's "Applied Hacking & Countermeasures" about 18 months ago, and it coverd some older stuff, as well as current technology. We used current linux distros & Win2K at that time in the "target lab", which were the latest OS's at the time. I would recommend it, but it's VERY fast p

RE: Internet Explorer 5.x/6

Hello, Rob As some of our fellow Subscribers have posted sugestions like Content Advisor. Content Advisor is a way to go to a certian extent. First this you would need to do is generate a list of accepted sites. As in Sites that your users need to do thier jobs. Then go to a client PC, Go into Co

Re: hardening script for redhat 7.2?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 19 February 2002 06:55 pm, you wrote: > Hi everyone, > > Does anyone know of a good script (that they have successfully used > not > just read about) that works with Redhat 7.2? I wanted to use the > bastille > script but it seems to work

Re: Webserver relaying mail

Hi Lisa, There is, I think, nothing special about FormMail.pl and this exploit Any request to send mail made from the local machine is not relaying. The request to send mail comes in via http. the request sendmail receives is from the owner of the cgi script (local) which may or may not be t

Re: Detecting Sniffers?

Ettercap 0.6.2, Arpwatch 2.1a4 & Snort 1.8-RELEASE all running on Linux Redhat 7.2 sounds like what you need. Got to http://packetstormsecurity.org Let me know how it goes. Cheers Taiye. In a message dated Thu, 21 Feb 2002 21:30:35 Greenwich Mean Time, Sumit Dhar <[EMAIL PROTECTED]> writes:

RE: Security Manual - Due Diligence

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://nsa1.www.conxion.com/ and http://csrc.nist.gov/publications/ Security Operations, be it for any size organization, is not a 'cookie cutter' project. If you company is serious about their Due Diligence, they should be willing to invest the

RE: certification advice

This list is certaintly not comprehensive of colleges known for their network security research programs, but is a good start: Center for Education and Research in Information Assurance and Security (Cerias) http://www.cerias.com Purdue University West Lafayette, IN 47907-1315 The Center for

RE: DHCP Server solutions

Your best option would probably be to use a managed switch which allows you to specify the mac address of each machine that is connected to a specific port, and to disallow any other conenction or MAC address. This way, it would not be possible to get an IP address or talk to anything on the netwo

Re: Recommended Ethical Hacking, Hacker Techniques class

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 20 February 2002 01:24 pm, you wrote: > I would like to attend a class on Ethical Hacking, Hacker Techniques and > Exploits to gain a better understanding of what we need to prepare for as > an Incident Response Team. I am looking at the

RE: MORPHEUS

Do you run a login script on the network? If you do, you could do a test install of Morpheus on a system after taking a snapshot with some sort of install tracker (Picture Taker or the freeware Inctrl 5) and write a script to remove the changes to the system/registry that Morpheus makes. We do

Re: Software Product Download and FTP

Hi Mike, I can say you we did something of similar. Now I tell you, and I hope it could give you any idea: We had some web servers (Apache), we used an authentication based on OpenLDAP, we wrote some Apache Modules in order to permit that when a user was recognized, in the attributes of Ldap the

RE: capturing traffic on cisco routers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave, One way of letting you know what type of traffic is going through your router is to define access-list on your interfaces and send all your syslogging to an external system for real-time or later viewing. You would have to log all line

Unclassified Disk "Sanitizers"

Does anyone have recommendations for freeware or shareware that effectively erases disks for unclassified but sensitive information? This would be used for all machines "retired" to school programs, etc. We need one for Windows and one for UNIX, if one tool can't clean both types of disks. Anybod

Re: Webserver relaying mail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You havent seen anything on bugtraq because, sorry to tell you, this is an old vulnerability... Apparently, from what I hear, Matt's script archive aren't the best scripts in the world... I think there is a replacement project on sourceforge.net... ca

Re: Unsigned Windows 2000 Patches

All security patches are signed. Once you download the file, right click on it and view properties, you should see a tab for digital signatures. If you expand the signed package, the files within the patch won't have a digital signatures tab, however, after you install it, run sigverif.exe and