Basic computer security

Ricardo Ceballos | 1 Mar 2004 13:39

Picon

help with exchange

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb files
my informarion store service doesn't want to run I have try almost everything that I founf on Microsoft web
Page and every time that I try this service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

Ricardo

-----Original Message-----
From: Aditya, ALD [Aditya Lalit Deshmukh]
[mailto:aditya.deshmukh <at> online.gateway.technolabs.net]
Sent: Thursday, February 26, 2004 10:14 PM
To: Joey Peloquin; 'Paul Kurczaba'; security-basics <at> securityfocus.com
Subject: RE: Preventing OS Detection

> The only way I know of to change IIS banners is to modify the 
> corresponding
> DLL with a hex editor [3].  For example, \winnt\system32\inetsrv\w3svc.dll
> for the web service.
> 

this prevents iis from starting ? or does this work cleanly ? googled around for results but had some reports
that iis crashes or becomes unresponcive after this lobotization

-aditya

________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

(Continue reading)

Rosenhan, David | 1 Mar 2004 16:59

RE: frequent vpn tunnel drops

I see this is a debug from an initial connection, I am assuming this
debug is from the concentrator, and after the first part of it you see a
"duplicate first packet detected" error.  This error means the client is
resending packets to the concentrator, but for some reason the ACK
packets that the concentrator sends out are not being received by the
client.  This could be because UDP port 500 is being blocked from the
concentrator to the internet, or ESP is being blocked.  

I would suggest turning on transparent tunneling using UDP port 4500,
this is called NAT-T in the concentrator.  This can be done in the
concentrator under this menu: Configuration | System | Tunneling
Protocols | IPSec | NAT Transparency.  If this is not an option then you
have the option above NAT-T that will allow your client to establish a
tunnel over any TCP port you configure in that same menu, the same port
will need to be manually configured on the client. 

There is one other option in the group configuration that allows the
client to connect over different UDP ports, this can be configured under
this menu:
Configuration | User Management | Groups, choose the group the user is
connecting to, click the "client config" tab and the third and fourth
option is where you can configure this.

If this does not work then send the debugs from the client side and we
can look at them.

Thanks!!

David Rosenhan, CCNP
Information Technology

(Continue reading)

Horn Michael | 1 Mar 2004 18:04

RE: help with exchange

How big are the files?  Exchange 5.5 has a size limit on those files; if
they reach that limit the services will not start.  

Michael Horn
Network Administrator
Morgan Electro Ceramics
232 Forbes Rd.
Bedford, Ohio 44146
(440)232-8600 X268
(440)232-8731 Fax
Michael.Horn <at> morganplc.com
www.morganelectroceramics.com

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl] 
Sent: Monday, March 01, 2004 7:39 AM
To: ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul Kurczaba;
security-basics <at> securityfocus.com
Subject: help with exchange
Importance: High

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb
files
my informarion store service doesn't want to run I have try almost
everything that I founf on Microsoft web Page and every time that I try this
service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

(Continue reading)

Mitchell Rowton | 1 Mar 2004 18:27

Re: A basic Question from a new bie!!

Your best bet is to google for specific intrusions and see how others
react.  In general, after you have been in your job a while you will
become accustomed to seeing the same intrusions directed to the same
servers/IP ranges.  After time you will have a better idea of which are
false positives and which you aren't vulnerable to anyway. 

You just have to get acclimated to your network patterns.  If you can
google your way through the first month you'll be fine.

NIST Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf

Intrusion Detection Documents
http://www.securitydocs.com/4

Incident Handling Documents
http://www.securitydocs.com/17

>>> new bie kapper <securekaps <at> yahoo.com> 02/29/04 03:42PM >>>

 
 Hi all ,
 I just recently started with my new job which
 involves
 security monitoring on csids , iss real secure and
 entercept sensors.I was looking if anybody could
 help
 me with like websites on internet which would give
 good tips on incident response like different ways i
 could work on a suspiious attack to conclude

(Continue reading)

Justin_Andrusk | 1 Mar 2004 18:19

Picon

Re: restricting telnet via username


By telnet, do you mean 'ssh'?
Thanks,

=================================================
Justin Andrusk
Information Security
Phone: (440) 395-0630
=================================================

                                                                                                                                       
                      Gregory Dunlap                                                                                                   
                      <gtdunlap <at> midsou         To:      security-basics <security-basics <at> securityfocus.com>                            
                      th.rr.com>               cc:                                                                                     
                                               Subject: restricting telnet via username                                                
                      02/27/2004 11:55                                                                                                 
                      PM                                                                                                               

Hello all,
  I'm attempting to restrict a telnet session of a group of users who
need to run one application on a server.  They login via telnet and that
is the only option at the moment.  They need to run a shell script and
then that will launch the app.  I've set the shell for these users to
the shell script so they won't have access to anything but this app.  I
would like to restrict the telnet daemon further to allow only certain
user names so they can't do a brute force attack.  In sshd_config I've
aways used allowd users setting but I don't see that in the hpux telnet
config.  Any help would be greatly appreciated.

Thanks,

(Continue reading)

LordInfidel | 1 Mar 2004 19:07

RE: help with exchange

have you tried.....

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q
_20848297.html

=====
Use this if your mail server is sending duplicates or is just acting up.
=====

shut down information store service and then run from exchsrvr\bin directory

isinteg -pri -fix -test alltests

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl]
Sent: Monday, March 01, 2004 7:39 AM
To: ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul Kurczaba;
security-basics <at> securityfocus.com
Subject: help with exchange
Importance: High

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb
files
my informarion store service doesn't want to run I have try almost
everything that I founf on Microsoft web Page and every time that I try this
service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

(Continue reading)

patrick | 1 Mar 2004 19:10

RE: security based on IP address

Hi Amit,

Basically you're asking about IP spoofing.  It's possible to craft IP
packets with a false source address.  Thus, you can circumvent "security"
controls if there are inclusive ACL and you craft packets with IP addresses
included in the ACL.

-----Original Message-----
From: Amit Sharma [mailto:amit.sharma <at> linuxwaves.com] 
Sent: Sunday, February 29, 2004 12:03 AM
To: security-basics <at> securityfocus.com
Subject: security based on IP address

Hi there,

My ISP provides internet access based on IP address. As in, he gives static
IP addresses to its customers and allows/disallow internet access based on
the same.

1. What am wondering at is, what if my ip address is blocked but I take over
somebody else's ip address and try to connect to the internet? Will the
ISP's proxy detect this?

This leads to the second question..

2. Can I take over the ip address of a system that is already up?

Gracias,

Amit

(Continue reading)

Tom Milliner | 1 Mar 2004 19:14

Picon

RE: IP block

I think a simple Linksys Router/Firewall will assign
sub netted IP addresses for the temporary training room, 
and keep them separate from the rest of your network;
cost is about $50. 

For a permanent training room, a Cisco Pix 501 at a
cost of $600-$800 plus added cost for configuration would
provide better security, but the Linksys would probably
work as well (depending upon other factors pertinent to
your network).

Tom Milliner, CPA, MCSE
Director of Information Services
Greater Dallas Assc of Realtors
8201 N. Stemmons Frwy
Dallas,  TX  75247
www.gdar.org
mail to: milliner <at> gdar.org
(214) 540-2741

-----Original Message-----
From: Ronald Balk [mailto:Ronald.Balk <at> borland.com] 
Sent: Sunday, February 29, 2004 1:56 PM
To: security-basics <at> securityfocus.com
Subject: IP block

All,

I need to setup a temporarily training room in my office.

(Continue reading)

David Gillett | 1 Mar 2004 18:28

RE: Port Knocking questions

  Since most ordinary applications don't work this way, such
services can only be accessed using specialized tools.  Technically,
that makes it a security tool, but one that is routinely used by 
crackers to secure an unauthorized backdoor rather than by 
administrators to secure an authorized service.
  A host might have "ICMP echo request" blocked, or this might
be blocked at a firewall in front of it; if the knock sequence
doesn't use that, then the block will not interfere with it.
(It's *convenient* to use ping to determine if a server is up,
but it's not a requirement.)

Dave Gillett

> -----Original Message-----
> From: Richard Shinkle [mailto:rshinkle451 <at> hotmail.com]
> Sent: Friday, February 27, 2004 8:58 PM
> To: security-basics <at> securityfocus.com
> Subject: Port Knocking questions
> 
> 
> Hello...
> 
> I have a few questions about port knocking.  First of all, is 
> it a hacker 
> tool or a security tool?  Does it require the hacker to be 
> able to ping the 
> device?
> 
> Rich S.
>

(Continue reading)

Ricardo Ceballos | 1 Mar 2004 18:57

Picon

RE: help with exchange

I don't have the information of my eventviewer but I do remember that everything start with the follow problem
"the information store Stop responding, and the CPU usage level remains at 100 percent" and I them read and
aply all the steps describe in Microsft Knowledge Base Article 31384, and still I can not read my mail.

Ricardo

-----Original Message-----
From: Horn Michael [mailto:Mhorn <at> morganelectroceramics.com]
Sent: Monday, March 01, 2004 2:39 PM
To: Ricardo Ceballos; Horn Michael; ald2003 <at> users.sourceforge.net; Joey
Peloquin; Paul Kurczaba; security-basics <at> securityfocus.com
Subject: RE: help with exchange

Those limits should not stop the service from starting.  What error messages
show up in the eventviewer when you try to start it?

Michael Horn
Network Administrator
Morgan Electro Ceramics
232 Forbes Rd.
Bedford, Ohio 44146
(440)232-8600 X268
(440)232-8731 Fax
Michael.Horn <at> morganplc.com
www.morganelectroceramics.com

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl] 
Sent: Monday, March 01, 2004 12:35 PM
To: Horn Michael; ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul

(Continue reading)

Group

gmane.comp.security.basics.

Advertisement

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 82

Articles in period: 817

March 2004

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

secure and simple file server (27 Mar 2013)
Question about passwd file (Linux) (8 Feb 2013)
Linux Web Server Hardening (LAMP + Wiki) (2 Feb 2013)
Prevent DoS (Linux+Apache+Jboss) (31 Jan 2013)
[HITB-Announce] #HITB2013AMS FINAL CALL for Paper Submissions (1 Feb 2013)
[PenTest-Announce] Phishing Attack with Social Engineering Toolkit (SE (31 Jan 2013)
Bad Antivirus (30 Jan 2013)
Bad Antivirus (29 Jan 2013)
Linux Web Server Hardening (LAMP + Wiki) (25 Jan 2013)
Network Segregation to prevent spread of malware (23 Jan 2013)
Network Segregation to prevent spread of malware (22 Jan 2013)
Manipulate PDFs with Malware (20 Jan 2013)
OS Level Backup Solution (19 Dec 2012)
DDoS-attack (17 Dec 2012)
DDoS-attack (3 Dec 2012)
iOS Game - how to secure server side resurces (7 Nov 2012)
Bank Of Montreal Online Security (6 Nov 2012)
[HITB-Announce] #HITB2013AMS Call For Papers Now Open (5 Nov 2012)
Seeking NMAP Version Detection dataset (6 Nov 2012)
iCompel Digital Signage risks (3 Nov 2012)
Security design methodology (2 Nov 2012)

Archives

3	March 2013
29	February 2013
61	January 2013
9	December 2012
31	November 2012
78	October 2012
30	September 2012
102	August 2012
157	July 2012
220	June 2012
202	May 2012
129	April 2012
72	March 2012
169	February 2012
132	January 2012
147	December 2011
122	November 2011
90	October 2011
202	September 2011
112	August 2011
140	July 2011
121	June 2011
144	May 2011
106	April 2011
135	March 2011
211	February 2011
199	January 2011
118	December 2010
60	November 2010
35	October 2010
231	September 2010
107	August 2010
198	July 2010
106	June 2010
103	May 2010
157	April 2010
192	March 2010
117	February 2010
130	January 2010
44	December 2009
142	November 2009
153	October 2009
220	September 2009
194	August 2009
227	July 2009
188	June 2009
293	May 2009
142	April 2009
296	March 2009
235	February 2009
274	January 2009
212	December 2008
231	November 2008
383	October 2008
243	September 2008
233	August 2008
347	July 2008
282	June 2008
404	May 2008
349	April 2008
456	March 2008
537	February 2008
524	January 2008
373	December 2007
328	November 2007
331	October 2007
435	September 2007
352	August 2007
264	July 2007
293	June 2007
635	May 2007
446	April 2007
277	March 2007
385	February 2007
388	January 2007
395	December 2006
488	November 2006
421	October 2006
385	September 2006
359	August 2006
418	July 2006
357	June 2006
332	May 2006
430	April 2006
473	March 2006
399	February 2006
562	January 2006
368	December 2005
541	November 2005
706	October 2005
482	September 2005
537	August 2005
457	July 2005
359	June 2005
332	May 2005
496	April 2005
483	March 2005
406	February 2005
464	January 2005
461	December 2004
607	November 2004
611	October 2004
471	September 2004
324	August 2004
450	July 2004
388	June 2004
341	May 2004
432	April 2004
814	March 2004
463	February 2004
526	January 2004
587	December 2003
708	November 2003
698	October 2003
1108	September 2003
1129	August 2003
1101	July 2003
949	June 2003
535	May 2003
592	April 2003
464	March 2003
608	February 2003
651	January 2003
589	December 2002
727	November 2002
679	October 2002
600	September 2002
905	August 2002
816	July 2002
654	June 2002
871	May 2002
792	April 2002
410	March 2002
1	January 2002
1	November 2001
1	January 2001
2	December 2000
3	July 2000
2	April 2000
1	January 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template