headers
Andrew Oman | 2 Dec 2002 06:54

Re: Low end machines for Firewall/IDS

I like retrobox
http://www.retrobox.com/
or ebay

Thanks,
Andrew

"ALBEE,RUSSELL. S FC2 (CV63 CS5)" <ALBEER <at> kitty-hawk.navy.mil>
11/29/2002 12:01 PM

        To:     security-basics <at> securityfocus.com
        cc: 
        Subject:        Low end machines for Firewall/IDS

Does anybody know of any good locations online to purchase old 486 
machines
or low end Pentium machines for use as a Firewall and/or IDS?  I've tried
searching on google and just keeping getting links to Pentium 4 computers.
I will be using either a Linux or BSD flavor on these machines.

Thank you,

Russell
Permalink | Reply | 0 comments |
headers
Spencer D'oro | 1 Dec 2002 23:08
Picon

RE: Protect folder data.

Or better yet, a removable flash memory stick of some kind.  Truly
removable, much more reliable than a floppy (and faster) and the size
difference is remarkable.  Some of the new ones can hold quite a bit of
data.  If you want to be completely safe, store your data there encrypted,
and that way keep it off the rig.  They can't crack it if they can't find
it.

Spencer

-----Original Message-----
From: rjc <at> caley.org.uk [mailto:rjc <at> caley.org.uk]On Behalf Of Richard
Caley
Sent: Friday, November 29, 2002 10:05 AM
To: Tony - CIA;CISA;CDP;CPA;MBA
Cc: SECURITY-BASICS <at> securityfocus.com
Subject: Re: Protect folder data.

In article <F5B0vIrk3jQDz4WolWa00009198 <at> hotmail.com>, tony572000  (t)
writes:

t> I have some highly confidential data that I frequently access on in a
t> folder that is on my desktop computer (ie win2k).  I want to make sure
t> no one but me will able to see this data.

Unless I have missed it, no one seems to have mentioned the
possibility of putting the data on a removable medium and locking it
away securely when not in use. Of course, someone could set the
computer to intercept the data when accessed, but the same would be
true for encryption, and I certainly trust a good sturdy locked box
more than any encrypted filesystem. You could do both of course,
(Continue reading)

Permalink | Reply | 1 comment |
headers
Sarbjit Singh Gill | 2 Dec 2002 16:22

Preventing DHCP from allocating IPs

Greetings all,

How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other clients and nobody gets an
IP unless reserved earlier, but i have hundreds of clients. I frequently
have visitors who need to plug in their laptops into the network and i have
visitors who are not allowed to plug in their laptops into the network and
get IPs. I do not want these visitors who are not allowed to access the
network to get an IP and start accessing internet through my network.

What about in a wireless environment. How do i prevent it in a similar
capacity.

Kind Regards
Gill
Permalink | Reply | 15 comments |
headers
Meritt James | 2 Dec 2002 15:10

Re: Protect folder data.

As the sole protection.  Think "defense in depth".

Jim

Margles Singleton wrote:
> 
> I wouldn't advise excel password protection - that's very easy to break
> - and it's not encryption, it's just password protection.
> 
> mas
> 
> >>> "Rick Darsey" <rdarsey <at> aims1.com> 11/26/02 08:03AM >>>
> What format is the data in?  Excel will let you password protect a
> workbook.
> 
> You can also turn on encryption in Windows 2000. You have to be
> running
> NTFS. If you setup encryption on your system, and password protect the
> Admin
> user, the the only way someone can open the file is to set them up
> with
> rights to the file, or as a Encrypted File Recovery Agent on your
> local
> system. Depending on your network security, this may work. If the
> Network
> Admin has set the domain to override local policies, he may still have
> access to it.  If this is not the case, then he would have to have
> Administrative rights to your system.
> 
> Rick
(Continue reading)

Permalink | Reply | 0 comments |
headers
Leonard.Ong | 2 Dec 2002 05:09
Picon

Wireless LAN Design at public places

Hi,

Anyone has URL or experiences at designing WLAN at public Places.  I would like to replicate a good
implementation, I've seen in one airport.  Once we have joined the WLAN using auto-detect accesspoint, my
notebook was assigned IP address. However, even the next hop / default gateway is not reachable
(destination unreachable - ACL?) and so does any other services.

It is only when I have authenticate via webpage ( the browser redirects me to the auth page, regardless
whatever URL I have typed in ), then access is allowed to any.

Thanks... I am particularly intrested on how you can block access even to the def. gateway.

Regards,
Leonard Ong
Permalink | Reply | 4 comments |
headers
Meritt James | 2 Dec 2002 16:35

Re: ridiculous situation

Alas, normal situations usually ARE ridiculous.  :-(

H C wrote:

[snip]

> Your situation isn't so much ridiculous as it is
> pretty normal...

--

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Permalink | Reply | 0 comments |
headers
Niall O Malley (LMI | 2 Dec 2002 09:48
Picon
Picon

Log Analysis

Hi,

Are any of you aware of a tool that will allow an administrator to analyse log files and produce statistics
based on the log content.  I want to see what sites have been accessed, how many times etc.

I want something preferably in real time with a gui/html interface. If it was freeware/open source it would
be great i.e. gnu etc.

Any help or suggestions would be greatly appreciated.

regards

Niall
Permalink | Reply | 6 comments |
headers
flur | 1 Dec 2002 01:13

Re: Can anyone break MD5 scheme?

Perhaps a less controversial solution to get your linux box online would be 
to designate an older machine running MS Windows as a router... There is 
lots of software that will do this for you (ie Sygate, WinRoute, etc). With 
few access list rules you can make the router quite transparent, and it can 
serve as your first line of defense.

As for MD5, to the best of my knowledge, brute force is the only way to 
'crack' it... however I have heard rumors that some implementations are 
weaker then others.

At 06:03 AM 11/28/2002 +0800, you wrote:
>I paid a high monthly fee for my PPPOE connection. The damned ISP offered 
>only the client for M$ Windows. According to the packet dump, they use 
>CHAP for authorization and the CHAP challenge  said it used MD5. But when 
>rp-pppoe MD5s the string of Identifier+Secret+Challenge Value, the 
>concentrator said the response is wrong.
>
>Apparently the ISP-offered client is not going with the RFC 1994 standard 
>for CHAP and obviously I cannot get their source code by social engineering.
>
>/Is there a way to break the MD5? Or anyway around ? /I  need to know my 
>ISP's digest scheme to get my Linux box online. I lived in a 
>higly-sensored country and who knows what the offered client will do 
>behind my back? Thanks in advance for my safety (not privay).
>
>__________________________________________________
>Do You Yahoo!?
>Everything you'll ever need on one web page
>from News and Sport to Email and Music Charts
>http://uk.my.yahoo.com
(Continue reading)

Permalink | Reply | 2 comments |
headers
Chris S | 2 Dec 2002 20:27

Re: Question on Blocking an ISP.

Thats just 1 class, so far i found 4 others. 

Robb, Bev writes: 

> Some info from Spade:
> OrgName:    America Online 
> OrgID:      AOL 
> 
> NetRange:   152.163.0.0 - 152.163.255.255 
> CIDR:       152.163.0.0/16 
> NetName:    AOL-BNET
> NetHandle:  NET-152-163-0-0-1
> Parent:     NET-152-0-0-0-0
> NetType:    Direct Assignment
> NameServer: DNS-01.NS.AOL.COM
> NameServer: DNS-02.NS.AOL.COM
> Comment:    
> RegDate:    1992-04-01
> Updated:    1999-12-02 
> 
> TechHandle: AOL-NOC-ARIN
> TechName:   America Online, Inc. 
> TechPhone:  +1-703-265-4670
> TechEmail:  domains <at> aol.net  
> 
> OrgAbuseHandle: AOL382-ARIN
> OrgAbuseName:   America Online, Inc. 
> OrgAbusePhone:  +1-703-265-4662
> OrgAbuseEmail:  abuse <at> aol.net 
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Rick Darsey | 2 Dec 2002 19:32

RE: Question on Blocking an ISP.

Do the email servers all have aol.com in them. If so, and if your firewall
can resolve DNS, you should be able to block them aol.com domain. Of course,
this will block all traffic, but that seems to be what you are after.

Rick

-----Original Message-----
From: Chris [mailto:chris <at> jynx.net]
Sent: Saturday, November 30, 2002 3:21 AM
To: security-basics <at> securityfocus.com
Subject: Question on Blocking an ISP.

As of the last couple weeks, from 1 aol users i have gotten over 1000+ virus
emails.
These emails are your tipical freescreensaver virus that has been going
around for years now. It seems this person has an affected system.  This is
not really my question or concern.

I have been scanning though all the headers getting the proxy email servers
aol uses, but it seems like a endless list. LOL.

I'm blocking these ips though IPchains, but i really would like to know how
to get every class owned by aol so i can block them all.

Receiving mail from aol is no big thing to me, considering 99.9% of the time
is junk or spam.

Is there some way to whois arin on a nic handle to get all the classes?

Thank you.
(Continue reading)

Permalink | Reply | 1 comment |

Gmane