Hi All,

I am trying to get details about MSRPC and its working. So far I have come to know that when a Client requests for a particular service, first it comes to End Point Mapper. Then in response to Map Request, the Port and IP address are sent to client in Response's Tower id 4 and 5 respectively. Now I have the port and IP address.  I simply connect to that service. Now suppose I am firewalling it. Now if I allowed the MSRPC packets, then I will create an embryonic flow for that connection, and then the firewall will allow those packets.

Now my problem is how I will detect for how long I need to keep that flow open? If the communication on that port has finished, then how should I make sure that now its exited and I need to delete the flow ID? Can anyone help me how should I go for this or how is this actually implemented??

Thanks and Regards
Rahul Sharma

Hi All,
The first round of speakers have been selected for Securitybyte, please follow us on twitter <at> securitybyte to get the latest updates on speakers and event.
 
Deral Heiland, From Printer to Owned: Leveraging Multifunction Printers During Penetration Testing
Nithya Raman, Security threats on social networks
Alexander Polyakov, A Crushing Blow At the Heart of SAP J2EE Engine
Bishan Singh, Enabling Un-trusted Mashups
Krzysztof Kotowicz, HTML5: Something Wicked This Way Comes
John McColl, Hacking Corporate Telephony
Aseem Jakhar, Runtime thread injection and execution in Linux processes
George Nicolaou, Alternative Exploitation Vectors (A study of CVE-3333)
Michele Orru, Securing the Browser
Kanwal K. Mookhey, The Data Theft Epidemic in India
Vivek Ramachandran, Enterprise Wi-Fi Worms, Backdoors and Botnets for Fun and Profit
 
The 2nd round of CFP is out
 
CFP/CTP
 
Securitybyte is proud to announce its Second Annual International Information Security Conference, "Securitybyte 2011" in Bangalore, India. This 4-day event features two days of conferences and two days of post-conference hands-on Trainings & Certifications covering every aspect of Information Security. The Securitybyte conference features some of the most respected names in the Security space and is focused around new research and innovation. The Securitybyte Conference 2011 is planned for Sept 6th through 9th, 2011 at The Taj Hotel in Bangalore, India.
 
The two-day conference (Sept 6th & 7th) will have the following three tracks:
 
    Deep Technical
   Government & Governance
    Management
 
Submission Deadline: The first round of submission of papers for conference talks and trainings should be done no later than August 5th, 2011. Please send all your submissions to cfp <at> securitybyte.org, keeping subject line as "SB 2011 CFP Submission".
 
TOPICS
 
Got a new attack against any technology or device? We want to see it.
 
Topics of interest include, but are not limited to, the following:
 
Management
                Case studies around any of the topics above of how the implementation was done and what were some of the lessons learned.
 
Technology-Focused
 
                Cloud Security
                Electronic Device Security (Cell Phones / PDA's)
                Defeating Biometrics
                WLAN, RFID and Bluetooth Security
                Data Recovery and Incident Response
                Virtualization Security
                Database Security
                Forensic & Cyber security
 
Regulatory & Law
 
                Copyright infringement and anti-copyright infringement enforcement technologies
                Critical infrastructure issues
                Data security and privacy issues
                Identity theft, identity creation & identity fraud
                Corporate Espionage
 
               
National Security
 
               Cyber forensics
               Cyber warfare
               Cyber Espionage
               Next hyphenGen Cyber threats
               Critical Infrastructure protection
    Surveillance & counter-surveillance
 
Speaker Submission:
 
Please use the following submission form template to respond:
 
    Name, title, address, email, and phone/contact number
    Short biography, qualifications, occupation, achievements, and affiliations (limit 250 words.)
    Summary or abstract of your presentation (limit 1250 words.)
    Technical requirements (video, internet, wireless, audio, etc.)
    References (Contact name, title, and email address of two conferences you have spoken at or comparable references.)
 
**Please note, product or vendor pitches are not accepted. If your talk involves an advertisement for a new product or service your company is offering, please do not submit a proposal.

 
Regards
SecurityByte

Hi all,

I am a newbie and would like assistance on an asa.

I have a cisco asa factory default that i configured.

this is my configuration,  thank you.


1. I cannot ping the gw ip when connected on console though from teh gw which is a cisco router i can pick the asa mac address.

2. I have the two acls 101 and cmd  icmp permit any outside which should enable me to ping from any outside host to the outside interface of the asa to no avail.

3. public ip and gw are public ips.

Q. Any assistance to get this working so that i can configure an ra vpn will be appreciated.



SA Version 7.0(8)
!

domain-name ciscoasa.co.ke

names
dns-guard
!
interface Ethernet0/0
 description Link to Service Provider
 nameif outside
 security-level 0
 ip address publicip 255.255.255.252
!
interface Ethernet0/1
 description Link to Local LAN
 nameif inside
 security-level 100
 ip address 192.168.168.11 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
access-list ANY extended permit ip any any
access-list ANY extended permit icmp any any echo-reply
access-list ANY extended permit icmp any any time-exceeded
access-list ANY extended permit icmp any any unreachable
access-list ANY extended permit icmp any any
access-list OUT extended permit icmp any any echo-reply
access-list OUT extended permit icmp any any echo
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit icmp any any source-quench
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp permit any outside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.168.0 255.255.255.0
access-group ANY in interface inside
route outside 0.0.0.0 0.0.0.0 gw 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
Cryptochecksum:6f78bb9efb6b013ce7eb3cf8d77268ae

Rocker