Ricardo Ceballos | 1 Mar 13:39 2004
Picon

help with exchange

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb files
my informarion store service doesn't want to run I have try almost everything that I founf on Microsoft web
Page and every time that I try this service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

Ricardo

-----Original Message-----
From: Aditya, ALD [Aditya Lalit Deshmukh]
[mailto:aditya.deshmukh <at> online.gateway.technolabs.net]
Sent: Thursday, February 26, 2004 10:14 PM
To: Joey Peloquin; 'Paul Kurczaba'; security-basics <at> securityfocus.com
Subject: RE: Preventing OS Detection

> The only way I know of to change IIS banners is to modify the 
> corresponding
> DLL with a hex editor [3].  For example, \winnt\system32\inetsrv\w3svc.dll
> for the web service.
> 

this prevents iis from starting ? or does this work cleanly ? googled around for results but had some reports
that iis crashes or becomes unresponcive after this lobotization

-aditya

________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

(Continue reading)

Rosenhan, David | 1 Mar 16:59 2004

RE: frequent vpn tunnel drops

I see this is a debug from an initial connection, I am assuming this
debug is from the concentrator, and after the first part of it you see a
"duplicate first packet detected" error.  This error means the client is
resending packets to the concentrator, but for some reason the ACK
packets that the concentrator sends out are not being received by the
client.  This could be because UDP port 500 is being blocked from the
concentrator to the internet, or ESP is being blocked.  

I would suggest turning on transparent tunneling using UDP port 4500,
this is called NAT-T in the concentrator.  This can be done in the
concentrator under this menu: Configuration | System | Tunneling
Protocols | IPSec | NAT Transparency.  If this is not an option then you
have the option above NAT-T that will allow your client to establish a
tunnel over any TCP port you configure in that same menu, the same port
will need to be manually configured on the client. 

There is one other option in the group configuration that allows the
client to connect over different UDP ports, this can be configured under
this menu:
Configuration | User Management | Groups, choose the group the user is
connecting to, click the "client config" tab and the third and fourth
option is where you can configure this.

If this does not work then send the debugs from the client side and we
can look at them.

Thanks!!

David Rosenhan, CCNP
Information Technology
(Continue reading)

Horn Michael | 1 Mar 18:04 2004

RE: help with exchange

How big are the files?  Exchange 5.5 has a size limit on those files; if
they reach that limit the services will not start.  

Michael Horn
Network Administrator
Morgan Electro Ceramics
232 Forbes Rd.
Bedford, Ohio 44146
(440)232-8600 X268
(440)232-8731 Fax
Michael.Horn <at> morganplc.com
www.morganelectroceramics.com

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl] 
Sent: Monday, March 01, 2004 7:39 AM
To: ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul Kurczaba;
security-basics <at> securityfocus.com
Subject: help with exchange
Importance: High

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb
files
my informarion store service doesn't want to run I have try almost
everything that I founf on Microsoft web Page and every time that I try this
service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

(Continue reading)

Mitchell Rowton | 1 Mar 18:27 2004

Re: A basic Question from a new bie!!

Your best bet is to google for specific intrusions and see how others
react.  In general, after you have been in your job a while you will
become accustomed to seeing the same intrusions directed to the same
servers/IP ranges.  After time you will have a better idea of which are
false positives and which you aren't vulnerable to anyway. 

You just have to get acclimated to your network patterns.  If you can
google your way through the first month you'll be fine.

NIST Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf

Intrusion Detection Documents
http://www.securitydocs.com/4

Incident Handling Documents
http://www.securitydocs.com/17

>>> new bie kapper <securekaps <at> yahoo.com> 02/29/04 03:42PM >>>

 
 Hi all ,
 I just recently started with my new job which
 involves
 security monitoring on csids , iss real secure and
 entercept sensors.I was looking if anybody could
 help
 me with like websites on internet which would give
 good tips on incident response like different ways i
 could work on a suspiious attack to conclude
(Continue reading)

Justin_Andrusk | 1 Mar 18:19 2004
Picon

Re: restricting telnet via username


By telnet, do you mean 'ssh'?
Thanks,

=================================================
Justin Andrusk
Information Security
Phone: (440) 395-0630
=================================================

                                                                                                                                       
                      Gregory Dunlap                                                                                                   
                      <gtdunlap <at> midsou         To:      security-basics <security-basics <at> securityfocus.com>                            
                      th.rr.com>               cc:                                                                                     
                                               Subject: restricting telnet via username                                                
                      02/27/2004 11:55                                                                                                 
                      PM                                                                                                               

Hello all,
  I'm attempting to restrict a telnet session of a group of users who
need to run one application on a server.  They login via telnet and that
is the only option at the moment.  They need to run a shell script and
then that will launch the app.  I've set the shell for these users to
the shell script so they won't have access to anything but this app.  I
would like to restrict the telnet daemon further to allow only certain
user names so they can't do a brute force attack.  In sshd_config I've
aways used allowd users setting but I don't see that in the hpux telnet
config.  Any help would be greatly appreciated.

Thanks,
(Continue reading)

LordInfidel | 1 Mar 19:07 2004

RE: help with exchange

have you tried.....

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q
_20848297.html

=====
Use this if your mail server is sending duplicates or is just acting up.
=====

shut down information store service and then run from exchsrvr\bin directory

isinteg -pri -fix -test alltests

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl]
Sent: Monday, March 01, 2004 7:39 AM
To: ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul Kurczaba;
security-basics <at> securityfocus.com
Subject: help with exchange
Importance: High

Hello everyone .

I do have a serius issue with my Exchange 5.5 and his Prib.edb and PUB.edb
files
my informarion store service doesn't want to run I have try almost
everything that I founf on Microsoft web Page and every time that I try this
service just doesn't want to work, I do have some emails that I need to
recover any help o suggestion please.

(Continue reading)

patrick | 1 Mar 19:10 2004

RE: security based on IP address

Hi Amit,

Basically you're asking about IP spoofing.  It's possible to craft IP
packets with a false source address.  Thus, you can circumvent "security"
controls if there are inclusive ACL and you craft packets with IP addresses
included in the ACL.

-----Original Message-----
From: Amit Sharma [mailto:amit.sharma <at> linuxwaves.com] 
Sent: Sunday, February 29, 2004 12:03 AM
To: security-basics <at> securityfocus.com
Subject: security based on IP address

Hi there,

My ISP provides internet access based on IP address. As in, he gives static
IP addresses to its customers and allows/disallow internet access based on
the same.

1. What am wondering at is, what if my ip address is blocked but I take over
somebody else's ip address and try to connect to the internet? Will the
ISP's proxy detect this?

This leads to the second question..

2. Can I take over the ip address of a system that is already up?

Gracias,

Amit
(Continue reading)

Tom Milliner | 1 Mar 19:14 2004
Picon
Picon

RE: IP block

I think a simple Linksys Router/Firewall will assign
sub netted IP addresses for the temporary training room, 
and keep them separate from the rest of your network;
cost is about $50. 

For a permanent training room, a Cisco Pix 501 at a
cost of $600-$800 plus added cost for configuration would
provide better security, but the Linksys would probably
work as well (depending upon other factors pertinent to
your network).

Tom Milliner, CPA, MCSE
Director of Information Services
Greater Dallas Assc of Realtors
8201 N. Stemmons Frwy
Dallas,  TX  75247
www.gdar.org
mail to: milliner <at> gdar.org
(214) 540-2741

-----Original Message-----
From: Ronald Balk [mailto:Ronald.Balk <at> borland.com] 
Sent: Sunday, February 29, 2004 1:56 PM
To: security-basics <at> securityfocus.com
Subject: IP block

All,

I need to setup a temporarily training room in my office.

(Continue reading)

David Gillett | 1 Mar 18:28 2004

RE: Port Knocking questions

  Since most ordinary applications don't work this way, such
services can only be accessed using specialized tools.  Technically,
that makes it a security tool, but one that is routinely used by 
crackers to secure an unauthorized backdoor rather than by 
administrators to secure an authorized service.
  A host might have "ICMP echo request" blocked, or this might
be blocked at a firewall in front of it; if the knock sequence
doesn't use that, then the block will not interfere with it.
(It's *convenient* to use ping to determine if a server is up,
but it's not a requirement.)

Dave Gillett

> -----Original Message-----
> From: Richard Shinkle [mailto:rshinkle451 <at> hotmail.com]
> Sent: Friday, February 27, 2004 8:58 PM
> To: security-basics <at> securityfocus.com
> Subject: Port Knocking questions
> 
> 
> Hello...
> 
> I have a few questions about port knocking.  First of all, is 
> it a hacker 
> tool or a security tool?  Does it require the hacker to be 
> able to ping the 
> device?
> 
> Rich S.
> 
(Continue reading)

Ricardo Ceballos | 1 Mar 18:57 2004
Picon

RE: help with exchange

I don't have the information of my eventviewer but I do remember that everything start with the follow problem
"the information store Stop responding, and the CPU usage level remains at 100 percent" and I them read and
aply all the steps describe in Microsft Knowledge Base Article 31384, and still I can not read my mail.

Ricardo

-----Original Message-----
From: Horn Michael [mailto:Mhorn <at> morganelectroceramics.com]
Sent: Monday, March 01, 2004 2:39 PM
To: Ricardo Ceballos; Horn Michael; ald2003 <at> users.sourceforge.net; Joey
Peloquin; Paul Kurczaba; security-basics <at> securityfocus.com
Subject: RE: help with exchange

Those limits should not stop the service from starting.  What error messages
show up in the eventviewer when you try to start it?

Michael Horn
Network Administrator
Morgan Electro Ceramics
232 Forbes Rd.
Bedford, Ohio 44146
(440)232-8600 X268
(440)232-8731 Fax
Michael.Horn <at> morganplc.com
www.morganelectroceramics.com

-----Original Message-----
From: Ricardo Ceballos [mailto:rceballos <at> actualiza.cl] 
Sent: Monday, March 01, 2004 12:35 PM
To: Horn Michael; ald2003 <at> users.sourceforge.net; Joey Peloquin; Paul
(Continue reading)


Gmane