Thanks in advance for your help.
PM Drake <PMD...@nospam.hotmail.com> wrote in message
news:3822...@news.nwlink.com...
>I use Black Ice on my workstation and servers at work and my systems at
>home. It's great! It's detected several attacks my systems recieved over
>the Net and logged them all well enough for me to report them to their
>respective ISPs.
I am afraid this probably had no effect because predicting TCP
conenctions initial sequence numbers and so forth is triival when the
remote system is any version of windows. Thus most ISPs will not
consider the source IP numbers, including any element of the source
route if recorded, as serious evidence.
If you gave them logs via a Linux or other box that uses highly
unpredicatble sequence nuymbers and does not allow source routing you
have some hope. Almost all unicies, appropiately figured, have been in
this category for many years. Having said that, lots of attacks all
implicating the same person, might work if the attacker gets IP
addresses randomly from a pool. If this is the case then the attacker
is definately a clueless script kiddie.
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."
Duncan,
If you would, please, could you tell me what tools would be used by a script
kiddie to conduct a successful unauthorized access of an NT box, using the
predictable TCP ISNs you mentioned? I am seriously interested in knowing
of any tool that is available that will allow someone to launch a successful
attack.
Carv
You might want to take a look at hunt:
http://www.securiteam.com/tools/Hunt__a_new_Hijacking_software.html
And Juggernaut:
http://www.securiteam.com/tools/Juggernaut__a_session_hijacking_tool.html
Although I haven't tried them against NT, there's no reason why it shouldn't
work as well as it does against UNIX.
--
-------------------------
Aviram Jenik
SecuriTeam
http://www.SecuriTeam.com
"Harlan Carvey, CISSP" <carv...@patriot.net> wrote in message
news:3829FDA7...@patriot.net...
Memento Mori...
-=RONIN=-
Regards,
Gary ;+}
On Mon, 6 Dec 1999 17:08:53 +0200, RONIN <st...@ronin.widenet.co.il>
wrote:
Log files can be edited. Also, NT log files don't tell the whole
story, most information needed to trace and/or trap an intruder isn't
there. Plus, once you've found the intrusion, knowing what was done
to the system can be critical in recovering from the intrusion.
Jeff
>Whatever happened to a knowledgeable sysadmin locking down his
>box and reviewing his log files?
He went out and bought some tools to make his job easier?
Gareth
> I agree with you, but an NT system can be locked down well enough to
> prevent unauthorized
> access in the first place...or at least, make it a non-trivial exercise.
Reading NTBugTraq might quickly cure you of this misconception...
Happy Holiday's all,
> ----------------------------------------------------------------------- <
> Wayde Nie <
> Software Analyst Computing and Information Services <
> phone: (905)525-9140 ext 23856 McMaster University, CANADA <
> fax: (905)524-5288 ni...@mcmaster.ca <
> -------------------------[\]--->=\o.:---[\]---------------------------- <
Jeff Cochran wrote:
> >Whatever happened to a knowledgeable sysadmin locking down his
> >box and reviewing his log files?
>
and I haven't wavered yet.
Wayde Nie wrote:
> On Thu, 23 Dec 1999, WinterMute wrote:
>
> > I agree with you, but an NT system can be locked down well enough to
> > prevent unauthorized
> > access in the first place...or at least, make it a non-trivial exercise.
>
Wayde Nie wrote:
>
> On Thu, 23 Dec 1999, WinterMute wrote:
>
> > I agree with you, but an NT system can be locked down well enough to
> > prevent unauthorized
> > access in the first place...or at least, make it a non-trivial exercise.
>
> Reading NTBugTraq might quickly cure you of this misconception...
>
That's what I'd thought coming from the Unix community but, after having
started _Hacking_Exposed_, NT looks a lot better...w/proper measures in
place.
cheers,
Craig
Gareth Jones <gar...@uberdog.net> wrote in message
news:386673c4....@news.giganews.com...
> WinterMute <carv...@patriot.net> wrote:
>
> >Whatever happened to a knowledgeable sysadmin locking down his
> >box and reviewing his log files?
>
I like the book...only argument I have is that it's really light on null sessions
in the
enumeration section.
Maybe... I'm not saying that Unix, or any other OS for that matter is
better in this respect. It's just my opinion that intrusion detection
software is an import part of Internet host security, and getting more
important all the time.
People put locks on their windows and doors to keep others out, but more
and more people are putting in alarm systems as well so that they know
when someone came in...
Happy Holidays,
What is _Hacking_Exposed_?
Thanks in advance.
"Craig B. Olofson" <cra...@puck.org> writes:
>> > I agree with you, but an NT system can be locked down
>> > well enough to prevent unauthorized access in the first
>> > place...or at least, make it a non-trivial exercise.
>>
>> Reading NTBugTraq might quickly cure you of this
>> misconception...
>
>That's what I'd thought coming from the Unix community but,
>after having started _Hacking_Exposed_, NT looks a lot
>better...w/proper measures in place.
Richard Ballard CNA4 KD0AZ
1) NTBugTraq is a web site. www.ntbugtraq.com
2) _Hacking_Exposed_ is a book. _Hacking_Exposed_: Network Security
Secrets & Solutions, Stuart McClure et al, Osborne Press, Berkeley CA,
1999. ISBN 0-07-212127-0
The subject header provides the context.
Happy Hunting,
Craig
A mailing list for NT security bugs and exploits
http://www.ntbugtraq.com/
NTBugtraq - NTBugtraq Home
: What is _Hacking_Exposed_?
A book:
http://www.sanctury.com/book/0/122/30693.html
Hacking Exposed: Network Security Secrets and Solutions
--Jerry Leslie (my opinions are strictly my own)