Renato_Joves | 1 Sep 06:26 2003

RE: about viruswall?

You could be refering to Trend Micro's InterScan VirusWall. To learn more about the product, try checking
out the description of the product from our website. http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm

You can also email us through our support depending on your location. 
http://kb.trendmicro.com/solutions/

Thanks!

Regards,
Renato

-----Original Message-----
From: SB CH [mailto:chulmin2 <at> hotmail.com]
Sent: Friday, August 29, 2003 10:13 AM
To: security-basics <at> securityfocus.com
Subject: about viruswall?

Hello, list.

These days, we  have lots of problems about virus and spam.
So I would like to setup viruswall.
Is there any document or site related with viruswall?
Viruswall is similar to firewall?

Thanks in advance.

_________________________________________________________________
고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브   
http://www.msn.co.kr/love/  

(Continue reading)

James McKiernan | 1 Sep 08:48 2003
Picon

RE: Security+ Advice


"Then shoot for the Cissp cert" 

Maybe it's just your choice of words, but that just makes it sound easy. Are
you suggesting that a little bit of study, some reading of an exam crap and
a little IT savvy ness is enough to obtain a CISSP? 

What I'm trying to find is how hard is it REALLY to get a CISSP?

James McKiernan

Scott Morgan Wrote:

-----Original Message-----
From: Scott Morgan [mailto:scott <at> morganitechnology.com] 
Sent: Friday, 29 August 2003 15:01
To: sgay <at> ellijay.com
Cc: security-basics <at> securityfocus.com
Subject: Re: Security+ Advice

Security+ by sybex. If you have a goog handle on security. Just use the
exam cram 2 book. Then shoot for the CISSP cert.

Scott Morgan
Network Security Consultant

**********************************************************************
CAUTION: Electronic mail sent through the Internet is not secure and could
be intercepted by a third party. 

(Continue reading)

Tomasz Barbaszewski | 1 Sep 10:43 2003
Picon

Re: Detailed steps in Windows Terminal Services handshake

In-Reply-To: <6C56AD31C5FAD411B2300006298FA4CA053598F4 <at> b-bilarr0.iberdrola.es>

Best regards from Poland!

I will redirect you to Scandinavia :) -> www.cendio.com.

There is quite nice and deatiled description of MITM attack (in PDF).
I hope it will be helpfull

Best regards once more

Tomasz Barbaszewski

>Dear friends,
>
>I've been reading detailed descriptions of RDP (Remote Desktop Protocol) 
use
>in Microsoft Terminal Services.
>I know the communication is encrypted with RC4.
>But I can guess how the key is determined. I guess there's some kind of
>asymmetric negotiation first. But how is it done?
>
>Could you please point me to a good reference site to find this info?

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
(Continue reading)

Anders Reed-Mohn | 1 Sep 11:58 2003

Re: Ethics Question

Mike,  it shouldn't really be a problem for you
to alert Company Y about this. (However, it is now).

1. (Why it shouldn't be a problem)
You knew of this vulnerability in advance. You aquired that
knowledge as part of your job, and noone can hold you liable for
that.  
This means you could easily have told Company Y: "have you checked
with Company X whether this thing has been fixed?", based on your old
knowledge. But you can _not_ tell them that you know it still hasn't been
fixed.

2. (Why it is a problem _now_)
You have no right to know any more. The fact that you _know_
it still hasn't been fixed shows that you have poked your nose
into where it doesn't belong. And, as someone pointed out,
it is now even on record for the entire Internet to see.
Thus, you have lost your chance to alert anyone.

So, next time, don't tell the public what you did, rather go 
to the concerned parties directly.

Cheers,
Anders :)

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
(Continue reading)

Lukas Sosnovec | 1 Sep 10:16 2003
Picon

benefits of IDS (was: Network IDS)

Hello Simon,
nice article, I agree that false positives are big problem of IDS. But there is one more point of wiew you
did'n mentioned (and imho everyone forgets say this when criticising IDS): Active responses. It's good
to be able to reset susppicious connection, block somebody doing bad things on firewall etc. I think thist
(and automatic correlation) could be - and allready is - the future way of IDS.

Lukas

On Tue, 26 Aug 2003 15:45:22 -0400
-SIMON- <simon <at> snosoft.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Here is an article that I wrote for masshightech regarding network based 
> intrusion detection systems.  It outlines in very high level what the 
> issues are but doesn't get too technical. I'd like to know what people 
> think about the article, and I do realize that its got marketing 
> materials in it...  thank you marketing staff...  but the content is, in 
> my opinion still fairly reasonable and a good read for starters.
> 
> http://www.masshightech.com/displayarticledetail.asp?art_id=63368&cat_id=
> 
> 
> Duston Sickler wrote:
> > Snort was my first recommendation.  However the Network Administrator is of
> > the attitude that free software = cheap or lower class software.  He also
> > didn't like the fact the there was no tech support we could call.
> > 
> > Duston Sickler
(Continue reading)

Birl | 1 Sep 01:03 2003
Picon

RE: Password audit dictionary

For those interested in the 22,000,000+ dictionary list, I finally found
it on my hard drives.

http://concept.temple.edu/sysadmin/22million-words.lst.zip

-----------------------------------------------------------------------
# This is mega_dic.zip from http://www.hackemate.com.ar/wordlists/
# 24,083,464 bytes compressed. 245,474,830 bytes un-compressed.
# MD5 of the ZIP file: 014b50d1fcca6503b49f134f62290f8a
# wc output - 22349626 23966196 245474830 22million-words.lst
-----------------------------------------------------------------------

(now if someone can explain why I PGP'd the uncompressed file it was
 about 1,000,000 bytes smaller than the ZIP?)

As it was written on Aug 11, thus Birl spake unto Technoguru:

sbirl:  Date: Mon, 11 Aug 2003 09:56:22 -0400 (EDT)
sbirl:  From: Birl <sbirl <at> temple.edu>
sbirl:  To: Technoguru <technoguru <at> totalise.co.uk>
sbirl:  Subject: RE: Password audit dictionary
sbirl:
sbirl:  May take me some time to find it as I cannot remember where I last left
sbirl:  it.  The question is how to send it?
sbirl:
sbirl:  No mail server will accept a 85 Mb file and I really dont want to spend
sbirl:  the time breaking it down into smaller pieces.  I guess we'll have to wait
sbirl:  and see.
sbirl:
sbirl:
(Continue reading)

Tomas Wolf | 1 Sep 13:12 2003
Picon

Spam question

Hello,

 I'm reading some sources of spam I've got and I have a question that 
has crossed my mind... Is it possible to malform e-mail's header?

What I have in mind is that some of the headers come with different 
header composition in which up to two *Received:* records are from 
registered range... And also some of these e-mails have *Return-Path:* 
inserted on the bottom of the header, following *Received: from 
bla.bla.com [xxx.xxx.xxx.xxx] by bla.bla.com (MAILSERVER NAME vX) with 
PROTOCOL, DATE*... While the original Return-path: with an e-mail 
address, as it supposed to, is one of the top ones...

 I have a theory about this... Could there be a program that connects 
directly to the end-user SMTP server by telnet and makes sends to a 
localhost? I know that would be a lot of traffic and time spent on this, 
but isn't this another possibility? I remember when I was playing with 
SMTP server at home, I was capable of sending any kind of e-mail to 
anybody <at> localhost... So then I've tried it on several "real" SMTP 
servers where I knew my friends had an account and it worked as well... 
Which means if I know the user and the end server, I'm able to send 
pretty much anything and by forming the commands well, it is possible to 
try to malform the header so one of the records might trick somebody 
into believing, that it is one of the SMTP relay hops.

Thanks for your input...
Tomas

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
(Continue reading)

Picon

Re: Personal Firewall Recommendations


On Sun, 17 Aug 2003, Chris wrote:

> Check out the Cisco PIX 501 series. This firewall can be purchased for only
> $400 dollars and it runs the same Enterprise software as the big 525's and
> 535's firewalls. And you can still configure ACL's triple AAA site to site
> VPN's IDS alerting etc. Awsome value.

awesome value for a single pc connection the internet?
i think not.

i'd go with what someone else mentioned... slip a linux/bsd box between
router + windows pc :)

stephen

>
> Chris
> CCNP, CCSP
> Tampa, Florida
>
> ----- Original Message -----
> From: "Sven Pfeifer" <sven <at> yagonna.de>
> To: <security-basics <at> securityfocus.com>
> Sent: Friday, August 15, 2003 3:31 PM
> Subject: Re: Personal Firewall Recommendations
>
>
> Hi,
>
(Continue reading)

Attila Nagy | 1 Sep 10:31 2003
Picon

Re: PIX book recommendation

You can find doc about PIX in
http://www.cisco.com/univercd/home/home.htm or you can buy "Cisco Secure
PIX Firewalls" book (but I think online doc is quite good). Additional
book info: www.ciscopress.com.

nagy(A)

2003-08-29, p keltezéssel Jeff Lewis ezt írta:
> I've chosen to deploy a PIX 501 on the front end of our new WAN.
> The additional 10/100 ports that it has will be for the web server 
> in a DMZ. We will be using a linux based firewall as the second
> firewall, protecting a predominately Win2k3 based LAN.
> 
> Would appreciate recommendations for a good book for PIX. I have
> hired a CCNP to deploy it and the linux box, but I need to learn 
> this so that I know what's going on.
> 
> I have worked with several flavors of Raptor and SEF. A great 
> product, but I didn't want the "shields" to have the same vulns
> as what I was protecting.
> 
> Recommedations?
> 
> Jeff
> 
> 
> 
> __________________________________________________________________
> McAfee VirusScan Online from the Netscape Network.
> Comprehensive protection for your entire computer. Get your free trial today!
(Continue reading)

Ronish Mehta | 2 Sep 08:14 2003
Picon

Re: Error while applying iislockdown

IIS 5.0

--- Gopinath <gopinath_r <at> naturesoft.net> wrote:
> Which version of IIS you are using ?
> 
> Gopinath
> ----- Original Message -----
> From: "Ronish Mehta" <sf_mail_sbm <at> yahoo.com>
> To: <security-basics <at> securityfocus.com>
> Sent: Friday, August 29, 2003 11:12 AM
> Subject: Re: Error while applying iislockdown
> 
> 
> > Hi,
> > While appliying IIS Lockdown, on a Win2K server,
> we
> > get the following error:
> > "Unable to backup IIS metabase"; can anyone
> help...
> >
> > Thanks
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> > http://sitebuilder.yahoo.com
> >
> >
(Continue reading)


Gmane