Chan Kien Eng | 1 Jul 06:19 2002
Picon

How to hide local IP from outlook email

Hi All,
We are using outlook as mail client and we have IIS 5.0 SMTPSVC as SMTP
gateway. 

When we sent email out, we noticed in the email header, the information
like IP address of the machine that sending the email is in the email
header.

We don't want this because it exposed our internal network.

So, anyone know how to solve this or any workaround?

Thanks

*******************************************
 Chan Kien Eng
 Security Consultant 
 Evolution Security Solutions Sdn. Bhd.
 15.09 Signature Office
 The Boulevard, Mid Valley City
 59200 Kuala Lumpur.
 Email: eng <at> essasia.net
 Tel:   603-22879939 Ext 110
 Fax:  603-22879929
 "Make it works, make it better"
********************************************


Miles, David (ISS Atlanta | 1 Jul 16:12 2002
Picon

RE: port mapper

I really like 'fport'.  It is very easy to use.  It is run from a cmd
prompt, and lists each port in use along with the application or service
that is using that port.  Go to the following URL to download:
http://www.foundstone.com/knowledge/proddesc/fport.html

dm

-----Original Message-----
From: Naveen Maram [mailto:hadavidi <at> yahoo.com]
Sent: Thursday, June 27, 2002 2:22 PM
To: security-basics <at> lists.securityfocus.com
Subject: port mapper

Hi

I know this has been discussed before. I tried
searching the archives for this one. I am looking for
a tool that shows what ports on a system are mapped to
which services. I remember using a tool that was
called Active something. It was very cool and easy to
use. The main feature I liked about it was that it had
a windows explorer like interface and to close a port
all you had to do will click on it and click close.
Does anyone what the name of the tool is? I thought it
was called Active map or active port.

I appreciate your help

Thx
Naveen.
(Continue reading)

Jose D. Crespo | 1 Jul 19:35 2002
Picon

RE: Wireless LAN question

Netstumbler Wireless Locator
www.netstumbler.com
CERT Advisery 94-01
http://www.cert.org/advisories/index.html
Robert Graham’s Sniffer FAQ
http://www.robertgraham.com/pubs/sniffing-faq.html
Christopher Klaus’ Packet Analyzer FAQ
http://xforce.iss.net/security_library/faqs/packcapt.php
PersonalTelco’s Wireless Sniffer Page
http://www.personaltelco.net/index.cgi/WirelessSniffers
AntiSniff technical information
http://www.securitysoftwaretech.com/antisniff/

Saludos,

Jose D. Crespo de Leon
MCSE, MCSA, CISSP
E-mail: jcrespo <at> weilgroup.com

-----Original Message-----
From: David Laganière [mailto:spanska <at> securinet.qc.ca] 
Sent: Friday, June 28, 2002 10:05 AM
To: security-basics <at> securityfocus.com
Subject: Wireless LAN question

Hi!

Say an intruder connect himself to my wireless LAN, is there a way with
a GPS and it's signal to know where he is physically? Where can I get
more documentation on that?
(Continue reading)

Hiemstra, Brenno | 1 Jul 08:08 2002
Picon

RE: Netcat (NC) Secure Remote Connections via authenication

Susan,

Take a look at CryptCat

http://farm9.com/content/Free_Tools/Cryptcat

Dunno the product itself but it has secure 
communication but I dont think authentication.

Regards,

Brenno

> -----Original Message-----
> From:	Susan Chan Lee [SMTP:susan.lee <at> securityassoc.com]
> Sent:	vrijdag 28 juni 2002 21:05
> To:	security-basics <at> securityfocus.com
> Subject:	Netcat (NC) Secure Remote Connections via authenication 
> 
> Hi All
>   
> Does anyone know how to set-up a secure remote connection using
> netcat, in that one which uses authenication or port filtering
> (without the need to install any other wrapper software). 
>   
> I have a requirement were I need to connect to a remote machine and
> get a command prompt. We all know how to do this via netcat by
> setting up a listening port. My concern is that I do not want to
> leave the port open for anyone to connect.
>   
(Continue reading)

Amandusson Anders | 1 Jul 08:45 2002

RE: Laptop Security

Hi,

I've been using PointSec for 2.5 years (the product was called Protect!
before 2000).
I think that this tool is really good because it's rather easy to handle,
both the setup and the ongoing administration. Now they (PointSec Mobile
Technologies as the company is called) have released a web remote help tool
that makes the user-handling easier.

I think that EFS and a regular BIOS password will not be much cheaper when
you include the cost for user administration. And if you don't set up EFS to
encrypt everything, it's up to the user to store his/her files in an
encrypted folder. I don't know how your users are but I tnink I know how
much the "normal" user knows about computers. 

We have only used the Laptop version yet but are about to implement the PDAs
as well (scheduled for august). Our installation is today in 10 locations (4
countries) and we are about to install it in some more places before the end
of this year.

Feel free to ask me any PointSec related questions directly.

Anders

> -----Original Message-----
> From: Alan Blackwell [mailto:blackwellalan <at> hotmail.com]
> Sent: den 28 juni 2002 15:20
> To: security-basics <at> securityfocus.com
> Subject: Laptop Security
> 
(Continue reading)

Beverstock, David | 1 Jul 15:59 2002
Picon

RE: Wireless LAN question

David,

GPS is a passive device, it only listens for timing signals from satellites,
it doesn't transmit. You are left with the wireless NIC, which does
transmit. 

I know work has been done to roughly triangulate a cell phone users position
based on signal strength received at 3-4 cell towers (I believe to fulfill
upcoming 911 legislation). It seems to me you would need 3-4 access points,
but could do the same thing with 802.11. But somehow I don't think this
model translates well to the real world.

I know with the Lucent/Agere Orinoco windows drivers there is a very nice
signal strength indicator in the client manager (along with MAC addresses).
You could get a directional 2.4 GHz antenna
(http://www.andrew.com/catalog38/Results.aspx?SearchType=1&KeyWord=&KeyWordS
earchMethod=BEGINWITH&CatalogSectionID=17), and just turn it slowly and
watch the signal increase and decrease (similar to what wildlife biologists
do to track large mammals), and roughly locate the user that way.

http://nocat.net/ might also be a solution for you to look at.

Cheers,

Dave

-----Original Message-----
From: David Laganière [mailto:spanska <at> securinet.qc.ca]
Sent: Friday, June 28, 2002 10:05 AM
To: security-basics <at> securityfocus.com
(Continue reading)

Jeremy Parr | 1 Jul 17:21 2002

Re: Password generators

I would stay away from using ALT+### characters in passwords. Some terminals
will map these differently, and you may find yourself unable to log in to
your account.

----- Original Message -----
From: "Thomas Sjögren" <thomas <at> northernsecurity.net>
To: "Josh Glover" <jmglov <at> incogen.com>; <bgardner <at> iprocorp.com>
Cc: <security-basics <at> securityfocus.com>
Sent: Friday, June 28, 2002 7:16 PM
Subject: Re: Password generators

> On Wednesday 26 June 2002 18:26, Josh Glover wrote:
>
> > Urg. A lot of password crackers use "standard 1337" translations of
> > dictionary words, anyway. So, while 84dd455mu7h4 might be a slightly
> > better password than the same thing in standard English, it is not
> > what I would call a good password.
>
> Use passphrases instead of passwords.
> "I don't just read the comics in the newspaper" would result in the
> Idjrtcitn
> passphrase, add a leet touch to it and the result would be:
> 1djr7c17n
> Now turn some of the numbers into symbols.
> !djr/c17n
> If you want, feel free to add an alt-symbol to it.
>
> /Thomas
> --
> thomas <at> northernsecurity.net     |     www.northernsecurity.net
(Continue reading)

Johnson, Wayne | 1 Jul 16:15 2002

RE: Wireless LAN question

I doubt it. A GPS device is a receiver, not a transmitter. Unless he sends
his GPS data over your network :)

It occurs to me that you could do a little preparation work with a wireless
laptop. By walking around your wireless coverage area you could identify
public areas that have good signal strength. That might reduce the number of
places you have to look. While the technique is probably useless in a large
campus environment, it might be useful in a smaller single building
environment. 
-Wayne

-----Original Message-----
From: David Laganière [mailto:spanska <at> securinet.qc.ca]
Sent: Friday, June 28, 2002 10:05 AM
To: security-basics <at> securityfocus.com
Subject: Wireless LAN question

Hi!

Say an intruder connect himself to my wireless LAN, is there a way with
a GPS and it's signal to know where he is physically? Where can I get
more documentation on that?

Thanks.

--
David Laganière
Network/System Administrator
www: http://www.securinet.qc.ca/
email: spanska <at> securinet.qc.ca
(Continue reading)

Portz, Jon T. | 1 Jul 18:27 2002

RE: Re: IPC$ blocking

Have you tried the "RestrictAnonymous=2" setting for IPC$ enumeration? It
still allows for most communications required within a Win2000 networked
environment, But will reject an anonymous IPC$ session creation (i.e.  - net
use \\x.x.x.x\ipc$ ""/user:""). I believe the only other way to eliminate
IPC$ without removing NetBIOS functionality completely is within the
registry, I am not sure of the exact key. Keep in mind that if you disable
IPC$ within an AD/Domain environment, you may start to see communication
issues with respect to logon, exchange connection, etc.

JP

-----Original Message-----
From: Demitel [mailto:demitel <at> narod.ru]
Sent: Thursday, June 27, 2002 11:31 PM
To: security-basics <at> securityfocus.com
Subject: Re: Re: IPC$ blocking

hi

  if stop the Server service or stop by firewall ports 139 and 445,
  it stops ALL shares, but i need to deny only IPC$ share. any tips?
  system is win2k.

--

-- 
 Demitel                          mailto:demitel <at> narod.ru

Raoul Armfield | 1 Jul 16:11 2002

Re: email fowarding

On 28 Jun 2002 at 9:01, Radoslav Dejanovi wrote:

> On Thursday 27 June 2002 00:44, Marcus James wrote:
> > What I am trying to determine is what the best practices are in this
> > regard. My gut-feel says that this is not a good idea since email is
> > "inherently insecure" and may be intercepted and so on and so forth.
> > But on the other hand is this such a big deal? I'm not sure.

I do not claim to be an authority on this subject reading the list to 
learn as much as I can but I had a few thoughts.

Are are you using POP mail?  If so you can have your users check 
their email from home with any ISP as long as you use your mail 
server's POP address ie. mail.foobar.com.

or another choice, If they need to be able to view their mail from 
anywhere, check out http://mail2web.com

you can check your pop mail over the web without forwarding it to a 
different mail host.  

Can anyone see a problem with this?

--

-- 
Raoul Armfield
Support Specialist
IT-Callcenter
mailto:armfield <at> amnh.org
Central Park West at 79th Street
New York, NY, 10024
(Continue reading)


Gmane