1. Install an IDE and identify the culprits 2. After one warning, pull their plug 3.... 4. Am I a prophet?
(For the benefit of the typical/. reader, when I say "pull their plug" I'm not talking about some sexual act. I mean disconnect them from the network.)
Us Debian weenies have exim installed by default. This Debian weenie does prefer to "apt-get install postfix". What is this Sendmail thing that everyone keeps talking about?
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Interesting ports on 207-171-182-16.amazon.com (207.171.182.16): (The 1098 ports scanned but not shown below are in state: filtered) Port State Service 80/tcp open http 443/tcp open https
No exact OS matches for host (test conditions non-ideal). TCP/IP fingerprint: SInfo(V=2.54BETA31%P=i586-pc-linux-g nu%D=1/7%Time= 3E1B24B1%O=80%C=-1) TSeq(Class=RI%gcd=1%SI=1130%T S=U) TSeq(Class=RI%gcd=1%SI=1F64%TS=U) TSeq(Clas s=RI%gcd=1%SI=184F%TS=U) T1(Resp=Y%DF=N%W=800%ACK =S++%Flags=BAR%Ops=WNMETL) T2(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=WNMETL) T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=UAPR%Ops=WNMET L ) T4(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=WNMETL) T5(Resp=N) T6(Resp=Y%DF=N%W=800%ACK=S%Flags=AR% Ops=WNMETL) T7(Resp=Y%DF=N%W=800%ACK=S++%Flags=UA PR%Ops=WNMETL ) PU(Resp=N)
Nmap run completed -- 1 IP address (1 host up) scanned in 202 seconds
I read his comments differently. He wasn't against honeypots, he just felt they were overdeployed. I think if you don't have a lot of time to devote to building and maintaining one they are of limited value. It may be more time saving to copy the defenses of those who do take the time to learn the latest exploits. Face it, if you don't spend a bunch of energy on your IDS then it's a toy.
Re:We should all follow Marc's example...
on
The New IT Crisis
·
· Score: 1
And what exactly did he say? Reinvent? What? How?
And then there is this pearl:
The security of a company's IT systems will improve tenfold by enabling software patches to be implemented in minutes around the world.
Since I've been getting so much junk mail recently, I've had to put a new system in to stop it. There is no record of you having sent me any e-mail from this address in the past, so I need you to verify your e-mail. You can do that by just replying to this message. Once you've done that, I'll get the message you just sent me, and your address will be added to my list so that this system will never bother you again.
If you couldn't be bothered reading that last bit then JUST SEND A REPLY TO THIS MESSAGE.
Oh, and when you reply, please don't change the subject line of the message. It breaks things. Thanks.
Slashdot Mirror
1. Install an IDE and identify the culprits
/. reader, when I say "pull their plug" I'm not talking about some sexual act. I mean disconnect them from the network.)
2. After one warning, pull their plug
3....
4. Am I a prophet?
(For the benefit of the typical
They already have one admin. That's all they will need!
Dude, I just know you're in Mensa when you pun like that!
I strongly second this post!
I'm studying for a CISSP cert and have found Secrets and Lies to be informative and inspiring.
I know some people who could use minix to open their minds.
Of course this leads one's imagination to the solution for power outages, ... explosive bolts!
I'm sure the permits will be a piece of cake to get.
This door has all the vulnerabilities of the physical key PLUS all the vulnerabilities of the new barcode system.
It's like putting a pair of firewalls in parallel. An intruder only needs to know how to bypass one of them to be into your soft and chewy insides.
He needs a back door. D'oh!
Us Debian weenies have exim installed by default. This Debian weenie does prefer to "apt-get install postfix". What is this Sendmail thing that everyone keeps talking about?
Here's an example of output:
g nu%D=1/7%Time= 3E1B24B1%O=80%C=-1)T S=U)s s=RI%gcd=1%SI=184F%TS=U)K =S++%Flags=BAR%Ops=WNMETL) T L )) % Ops=WNMETL)A PR%Ops=WNMETL )
nmap -O -sS -F -P0 -T Aggressive www.amazon.com
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on 207-171-182-16.amazon.com (207.171.182.16):
(The 1098 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
443/tcp open https
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=2.54BETA31%P=i586-pc-linux-
TSeq(Class=RI%gcd=1%SI=1130%
TSeq(Class=RI%gcd=1%SI=1F64%TS=U)
TSeq(Cla
T1(Resp=Y%DF=N%W=800%AC
T2(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=WNMETL)
T3(Resp=Y%DF=N%W=800%ACK=S++%Flags=UAPR%Ops=WNME
T4(Resp=Y%DF=N%W=800%ACK=S%Flags=AR%Ops=WNMETL
T5(Resp=N)
T6(Resp=Y%DF=N%W=800%ACK=S%Flags=AR
T7(Resp=Y%DF=N%W=800%ACK=S++%Flags=U
PU(Resp=N)
Nmap run completed -- 1 IP address (1 host up) scanned in 202 seconds
I read his comments differently. He wasn't against honeypots, he just felt they were overdeployed. I think if you don't have a lot of time to devote to building and maintaining one they are of limited value. It may be more time saving to copy the defenses of those who do take the time to learn the latest exploits. Face it, if you don't spend a bunch of energy on your IDS then it's a toy.
And what exactly did he say? Reinvent? What? How?
And then there is this pearl:
The security of a company's IT systems will improve tenfold by enabling software patches to be implemented in minutes around the world.
Does that scare the shit out of you too?
Here's an example from the RFC:
L: MSG 1 0 . 0 50
L:
L: Central Services. This has not been a recording.
L: END
I: ANS 1 0 . 0 61 0
I:
I: Oct 27 13:21:08 ductwork imxpd[141]: Heating emergency.END
I: ANS 1 0 . 61 58 1
I:
I: Oct 27 13:22:15 ductwork imxpd[141]: Contact Tuttle.END
I: NUL 1 0 . 119 0
I: END
--- THIS IS AN AUTOMATED MESSAGE ---
Hey there,
Since I've been getting so much junk mail recently, I've had to put a new
system in to stop it. There is no record of you having sent me any e-mail from
this address in the past, so I need you to verify your e-mail. You can do that
by just replying to this message. Once you've done that, I'll get the message
you just sent me, and your address will be added to my list so that this
system will never bother you again.
If you couldn't be bothered reading that last bit then JUST SEND A REPLY TO THIS MESSAGE.
Oh, and when you reply, please don't change the subject line of the message. It
breaks things. Thanks.
Thanks
Jason