> Still seems weird that we're looking at small-time black-hat scum as
> Intervew material
I know that the best approach is to ignore you trolls, even as your
slander becomes more and more outrageous. I will admit that I did
some trolling of the trolls last year. Big mistake - they have much
more of an appetite and time for this than I do. It has been a year
and they still continue to write new stories that are more and
more absurd. Perhaps I should be flattered that they consider me so
important. The troll journal you linked accuses me of "illegally
penetrating computers across state lines" and that "Fyodor even
submitted his "troll hunting" story to Slashdot, though it was
rejected". Another
page includes a fake interview with me, a fake Nmap bug, and notes
that I have been "pushing crystal meth on the street for a
few months." It has also been said that I am "obviously
a terrorist" and that Nmap "is
spyware to spy on the american people". So I have learned to deal
with abusive criticism. Another Slashdot journal
currently says "Fyodor is... a depraved, insidious hacker hell-bent
on criminal intrusions into systems owned by minors!" Even I couldn't
help but chuckle at that one:). Replying is useless, since the
trolls are just looking for attention and care nothing of accuracy.
But I will make a few points lest anyone else take the trolls
seriously:
I am not a terrorist, and have never sold drugs.
I did not actually break into any troll boxes, although I did
imply that in a misguided attempts to use some of their trolling
rhetorical devices against them. I stand by my posting history.
Much of the content in the journal you posted is an outright
fabrication and the lies and accusations change by the minute! This
(currently score 5) post quotes text that I saw in this
journal an hour ago. Now it is gone, and many other changes have been
made as well. Be careful of linking to Troll journals, or they may
turn into goatse links.
Some of his lies are self-evident. How could he possibly know
much of this stuff, such as that I submitted this as a Slashdot story?
I have never submitted any story whatsoever to Slashdot. If there
is some sort of public interface to the submission queue that I am
unaware of, please post it. You will not find any submissions from
me. Note that these were all
submitted by other people.
I have not been "advised by legal counsel not to speak about it in
public." If I was to speak with lawyers, it would be about their
slander campaign. But they aren't even close to being worth the
effort.
They claim I hacked a troll named Sdem who is a member of Trollaxor.Com. That
page currently admits that he has moved on to harassing other
security folks - he is now impersonating Theo
de Raadt, the leader of OpenBSD.
I could go on, but I have a much more important project to work on
today. I won't post further on this troll topic, no matter how much you
trolls slander and attack me in your journals and replies to this
post. And don't bother posting "YHBT," I know. Hopefully Slashdot
moderation will eventually catch up with your games and we can focus
on interesting security subjects rather than troll gossip and manufactured scandals.
AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.
Thanks,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
> Although it wasn't on the list, Wellenreiter is really great wireless scanner.
Wellenreiter only received 6 votes (even after correcting for poor spelling:) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry.
Thanks for the suggestion,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
I can understand how American Greetings could be a little uncomfortable about imagery of Plum Pudding getting her ass smacked by Strawberri Shortcake, but they need to chill out. A while back someone took my Nmap Security Scanner and created cartoonish parody that is 100 times more disgusting and offensive!
Yet I didn't sue. I just got a chuckle at the sick mind who would create such a thing! AG should take note.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner. Version 3.27 was released today
> I like to look at network security with the same attitude as I look on
> the stock market: diversify. Don't put all your eggs in one basket.
That is certainly true in the stock market, but I would be careful
about applying it to network security. Adding a new stock to your
portfolio does not place your other stocks at greater risk. Yet every
new network service/machine you add _does_ increase the risk to the
rest of your network. If an attacker manages to get a foothold into one
of your machines, there are a myriad of ways that she
can leverage that access to further compromise your network.
Adding a new service is like having to defend a new front in a war.
You have to divide your administrative effort into securing all of
your systems, while the bad guys need only break through one of the
defenses. So I would generally recommend standardizing on (say) a
locked-down qmail, rather than putting out a "diverse" network that
includes qmail, postfix, sendmail, exim, etc. Choosing one of those
(even if you have instances on many machines) allows you to put more
effort into locking it down, learning about it, and watching for & patching vulnerabilities.
Meanwhile, attackers must have an exploit for that exact
server rather than for any one of the mail servers you are running.
Remember that even if you somehow manage to patch every announced
vulnerability within 12 hours, there is still some window of exposure
there. And many bugs will still float around underground for months
before you hear about them - take a look at the recent SAMBA exploit
for just one example.
I'm certainly not saying that diversity is always bad. In some cases
it makes sense. But don't treat it as a tenet of secure network design like
"deny by default" or "defense in depth".
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner. Version 3.27 was released today.
Even MORE vehement positions
on
Strike on Iraq
·
· Score: 4, Interesting
> What amazes me about the political discussions on Slashdot is how many
> people hold vehement positions even though they don't follow the news
Scarier is that this Slashdot discussion is refreshingly civil compared to what I've encountered the last few days! Last Sunday I released a version of Nmap and included a very short peace plea at the top of the announcement. I received well over 50 replies. While a few people such as Ilan Meller of Israel
and Amir Safayan from Iran for presenting reasoned cases for
preemptive action against Iraq, most of the replies were the worst flamage I've seen in years!
For
suggesting that perhaps Bush could have been a little more patient
with the UN & weapons inspectors, one person said I am "obviously a
terrorist". Another concluded that Nmap "is spyware to spy on the
american people." Chet from Hotmail explained that we must attack
because "the religion of Islam seeks to destroy the USA". Jason from
CMITexas said "Stick it up your ass!.... You are another resentful
European loser. I demand an answer now asshole!!!!" Another crazy
Texan said "Iraq will bow to the most powerful nation in the world and
you will stand by and observe. Your representatives are powerless
against gods chosen nation. No country has the power or the intellect
to do anything about it." Guys: I am a proud US Citizen residing in
California -- please tailor your invective appropriately.
Fortunately I sent out a second mail yesterday which noted the flames above and also clarified my points. I was quite gratified that this one already has elicited more than 220 replies, with 95% being civil! Many still disagree with me, but at least they respected my right to have and express my beliefs. It restored some of my faith in humanity (or at least in Nmap users). I can appreciate alternative views too. What frustrates me are the people who believe Saddam is linked with Al Qaeda or a bigger threat to the US than North Korea only because Bush says so.
I wish I had time right now to go through the hundreds of mails and piece together some of the very best arguments on each side. But I guess/. has no dearth of comments already:). So I'll just leave you with a few links I found interesting or funny;).
A very relevant and insightful quote from Hermann Goering at the Nuremberg Trials.
And on a completely different (and much happier) note, I am pleased
to announce just-released version 3.20 of the Nmap Security Scanner. It is the first "stable" release since last July and contains hundreds of improvements (release notes))
The systems described in the paper such as IP Personality and Honeyd
(my favorite), work by watching for the exact probes as
described in my
fingerprinting paper and then responding as detailed in the Nmap
OS DB. But what about all the other TCP/IP techniques for
fingerprinting a system? Later this year, I hope to add about half a
dozen, including selective ACKs, TTL-normal-reply, and TTL-RST-Echo.
Once these are implemented, spoofed systems will appear as a
Dreamcast (or whatever) using the old techniques and will be exposed
as their real OS via the new techniques. So Nmap could offer
fingerprints like "Linux 2.4 pretending to be a Laserwriter". And
attackers could even scan the 'Net looking for spoofed boxes -- lets hope
the spoofing modules/programs don't open any security holes of their own!
Of course, the spoofers will then update their software to recognize
the new fingerprinting technique and the cycle begins anew. Ah well.
I enjoyed
Berrueta's paper, by the way.
Indeed, my site is just listed in passing, yet my web traffic suddenly tripled .
As for the paper, I found it interesting and amusing enough to announce
to the nmap-hackers.
I'm all for doing this to your personal machines for entertainment and
experimental value, but would almost never recommend it as a serious
security hardening technique. Your time is almost always better spent
working on fundamental security improvements such as applying patches,
tightening firewalls, installing IDS systems, removing unnecessary
services and setuid binaries, auditing system logs, etc. And sometimes
this type of spoofing can actually increase security risk.
Nmap expects many modern UNIX operating systems to offer
nearly-unpredictable generation of TCP initial sequence numbers and
the IP ID field. Crippling the generators to appear as a printer can
make you vulnerable to TCP connection spoofing and a plethora of
vulnerabilities related to the new Nmap Idle Scan
technique.
And remember that many or most worms and script kiddies simply spew
their exploit code to every listening server rather than bothering
with fingerprints. All the attempted IIS exploits in my Apache log
are testament to that! And if you attract a more competent attacker,
you probably won't fool them for long anyway.
the attacker has to a be a man in the middle with capability to intercept and replace traffic. Outside the scope of a university campus network the possibility for such attack is becoming a very rare occurance
I wouldn't say that at all. DNS spoofing is sadly still feasible
in many situations and easily gives you this capability. It is
trivial if the attacker is on the same layer 2 network (insider
attacks are extremely common, and so are outsiders who own one machine
on the network and then leverage that for more.) Remember that the
SSL certificate validation process won't protect you from this attack,
since that part of the protocol is proxied through unmolested.
US Alternative Tunnel Broker
on
Slashdot over IPv6
·
· Score: 5, Informative
>Disclaimer: I help run ipng.org.uk, which is a UK tunnel broker,
>who gives you a/64... and delegates full forward and reverse DNS to you
Great! And for those of us in the States (especially California), Hurricane Electric offers a free tunnel broker with these characteristics that I would recommend.I have been using it for more than 6 months, and find it quite stable. You do lose your/64 if HE can't ping you for 24 hours, but a new one is only a mouse click away. And what kind of geek would leave their computer inaccessible for that long anyway?;). Initial activation does take a day or so.
> Are there enough/.'ers using IPv6 to/. sixxs.org?
Apparently not yet:
felix/home/fyodor> ping6 slashdot.org.sixxs.org
PING slashdot.org.sixxs.org(3ffe:4007:1:1:210:dcff:fe20:7c7c) 56 data bytes
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=0 hops=56 time=266.762 msec
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=1 hops=56 time=257.366 msec
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=2 hops=56 time=258.530 msec
Of course, authentication cookies won't work in that domain (unless they've hacked around that). And the login form uses a relative URL, so it posts your password to the.sixxs.org gateway. Whoever runs that will have a lot of low-UID accounts if he wants 'em:).
> Many Japanese ISPs will give you your own IPv6 subnet right now, for not very much money.
And even if your ISP won't assign you an IPv6 subnet, you can always utilize a free Tunnel Broker to obtain a huge IPv6 address space of your very own (tunneled to your IPv4 IP). I used this recently when adding basic IPv6 support to the Nmap Security Scanner. My announcement also provides a concrete example of IPv6 being used to subvert firewall rulesets.
A ton of useful IPv6 information is available from Kame.Net -- once your setup is working, the turtle on the top of that page starts to dance:). I also found the Linux IPv6 HOWTO to be incredibly helpful.
When I want to web surf (only thing the Internet's good for), I
just type in random IP addresses and see what I get.
Perhaps you are just joking, but I do that too:). In fact, I added a
special "random input" mode to Nmap for this sort of
occasion. There is also a "turbo" mode for scanning
just one port. If you are ever bored enough to check out some "random"
web (or ftp, SMB, etc) servers, here is the command I use:
core/home/fyodor#nmap -iR -sS -PS80 -p 80 -oM- | grep Interesting
Interesting ports on lucus.creativepresence.com (216.181.159.18):
Interesting ports on 64.96.235.88:
Interesting ports on pddafb6.ykhmac00.ap.so-net.ne.jp (218.221.175.182):
Interesting ports on marudmz2-broadcast.interq.or.jp (210.172.130.199):
Interesting ports on rn068058189.dcmdw.dcma.mil (131.68.58.189):
Interesting ports on 208.167.47.3:
Interesting ports on 66-224-4-78.atgi.net (66.224.4.78):
Interesting ports on 225.245.70.200.ppp.nuria.net.ar (200.70.245.225):
Interesting ports on www.fortcollins.caddbase.com (65.127.93.15):
Interesting ports on 207.106.191.83:
Interesting ports on dsl-64-34-112-223.telocity.com (64.34.112.223):
Interesting ports on 64.119.66.83:
Interesting ports on arizonashomesonline.com.criticalpath.net (209.231.209.73):
Interesting ports on www.renavigator.net (217.170.39.157):
Interesting ports on 200.21.137.18:
Interesting ports on fornosenigaglia.it (209.227.205.157):
Interesting ports on BSN-250-18-26.dsl.siol.net (213.250.18.26):
Interesting ports on 213.196.33.90:
Interesting ports on 213.193.115.242:
Interesting ports on ridgewood77-77-213.bergen.org (168.229.77.213):
Interesting ports on dirweb03.search.aol.com (205.188.180.3):
Interesting ports on 161.58.90.51:
Interesting ports on www.tokyo-media.com (61.126.14.5):
Interesting ports on ppp39.plsntvl.eticomm.net (208.9.153.39):
Interesting ports on 210.122.215.2:
Interesting ports on YahooBB219030013082.bbtec.net (219.30.13.82):
Interesting ports on s9-66.umiva.9netave.net (216.149.9.66):
Interesting ports on www.thumbvault.net (210.18.207.67):
Interesting ports on CPE014080212685.cpe.net.cable.rogers.com (24.114.90.220):
Interesting ports on www.delmarlaw.com (209.251.144.77):
Interesting ports on ccvideo.com (204.167.145.27):
Interesting ports on 80.239.139.33:
Interesting ports on pathspeedweb.com (169.207.184.1):
Interesting ports on ns1.gloryworks.com (64.71.189.130):
Interesting ports on www.thechicagolighthouse.org (209.242.31.136):
Do remember to stop this scan when you are done. Otherwise it will never end and you may wake up to a nasty letter from your ISP. Trust me on this one;).
> do you have no respect what's so ever? What are you doing posting
on the LKML, which is not meant to be political.
Do you even read the kernel list? David Miller, the list maintainer,
clearly stated that discussions of the BK license are "very
ontopic" because BK "is the primary source management
tool used by Linus and others, it is even documented in the source
tree as such."
Yes, this restriction supposedly only applies to the free version.
But Larry can easily exclude people he doesn't like from the paid
version via discriminatory pricing. Note how he immediately threatens
lawsuits when someone posts
the BK pricelist. Even if the pricing was not discriminatory, few
open source hackers have an extra $5,800 lying around for a
single-user Bitkeeper license. So if you are or ever want to be a
kernel hacker, Larry wants you to think long and hard before
contributing that little Subversion or CVS patch. It is true that you
can still "work around" using Bitkeeper for kernel development, but
Linus seems to be subtly encouraging
its use more and more.
I for one plan to resist this bogus, anticompetitive license. As
others have mentioned, this is like MS changing their EULA to
exclude developers of competing operating systems. The best way to
fight BK is to write a compelling replacement. My best wishes go out
to those who are already doing such admirable work!
Re:Slashdot to change?
on
Linuxworld Fun
·
· Score: 0, Troll
> No, they want to have the corporate version of sourceforge run on DB2
> and WebSphere. My guess is that VA Software won't be migrating
> sourceforge.net.
"OSDN today announced that SourceForge.net, the world's largest Open Source development web site, will run exclusively on IBM's DB2 database software for Linux -- including SourceForge.net's 460,000 registered users and the 45,000 Open Source software development projects hosted on the site."
While Hemos says "just use the bottom line - don't click on spam URLs", he misses the point. The insidious nature of these emailed "web bugs" is that they DON'T requre any clicking. Spammers hide the information in the URL of an invisible image which is automatically loaded by (stupid) HTML-based mail readers. Every time you open the message, the sender is notified and generally logs the time, location (IP) and email address of the person reading the email. They also frequently set an HTTP cookie so they can cross reference future browsing activity with your email address (which they know because they sent you the spam).
Making matters worse, these email bugs have moved beyond the domain of "get-rich quick" and porn spam. Even companies you might consider legitimate have been doing this. One would think financial institutions would be particularly concerned about privacy, but I have found email bugs lurking in mail from both E*Trade and American Express.
While these bugs aren't very effective against those of us who use pine, mutt, etc., they set a dangerous precedent. If users tolerate applications retrieving untrusted data from the net without notification or permission, we could see even worse abuses like this in the future.
Unfortunately pressuring application vendors to respect our privacy is not always fruitful. And with closed-souce applications, you often have no idea what they are up to. I was glad to see that some of the Windows "personal firewall" programs such as ZoneAlarm offer features that alert users to unexpected outgoing connections made by applications. Users can define notification policies based on their own privacy concerns. I haven't run across similar software for Linux, although it wouldn't be hard to write. And it isn't quite as important on Linux since fewer users download/buy untrusted binary-only programs.
This contest was posted on LWN last week and I exchanged several emails with Greg Wilson (project coordinator and Las Alamos Python teacher) regarding the requirement that entries be implemented in Python.
I argued that C, C++, or Perl might be more appropriate depending on the performance (and other) requirements of the application. I think the developer who dreamed up the application should decide what language is best suited for the given task. It should not be dictated in advance based on the founder's pet language.
Unfortunately it seems that Python promotion is the primary goal of the project, even though their $860,000 government grant is supposed to be used for creating new open source development tools.
Is it any surprise that Greg recently chose Guido van Rossum (Python author) as one of the judges? Speaking of which, I wish they would disclose whether (and how much) the judges are paid.
Don't get me wrong, I have nothing against Python. It is a wonderful language. And if the competition $$$ was raised from Python users' groups, I would be cheering them on. My problem is that they appear to be using $860K tax dollars to support Python even though the grant was for a completely different purpose.
Sure, some of you may be thinking that spending tax money to promote Python is not so bad. But imagine if they were spending your tax dollars to promote another language -- like Visual Basic!
I urge them to drop the biases and let the developers choose the most appropriate language. And may be best program win!
Slashdot Mirror
> Intervew material
I know that the best approach is to ignore you trolls, even as your slander becomes more and more outrageous. I will admit that I did some trolling of the trolls last year. Big mistake - they have much more of an appetite and time for this than I do. It has been a year and they still continue to write new stories that are more and more absurd. Perhaps I should be flattered that they consider me so important. The troll journal you linked accuses me of "illegally penetrating computers across state lines" and that "Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected". Another page includes a fake interview with me, a fake Nmap bug, and notes that I have been "pushing crystal meth on the street for a few months." It has also been said that I am "obviously a terrorist" and that Nmap "is spyware to spy on the american people". So I have learned to deal with abusive criticism. Another Slashdot journal currently says "Fyodor is ... a depraved, insidious hacker hell-bent
on criminal intrusions into systems owned by minors!" Even I couldn't
help but chuckle at that one :). Replying is useless, since the
trolls are just looking for attention and care nothing of accuracy.
But I will make a few points lest anyone else take the trolls
seriously:
I could go on, but I have a much more important project to work on today. I won't post further on this troll topic, no matter how much you trolls slander and attack me in your journals and replies to this post. And don't bother posting "YHBT," I know. Hopefully Slashdot moderation will eventually catch up with your games and we can focus on interesting security subjects rather than troll gossip and manufactured scandals.
Cheers,
-Fyodor
AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.
Thanks,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
Wellenreiter only received 6 votes (even after correcting for poor spelling :) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry.
Thanks for the suggestion,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
Yet I didn't sue. I just got a chuckle at the sick mind who would create such a thing! AG should take note.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner. Version 3.27 was released today
> the stock market: diversify. Don't put all your eggs in one basket.
That is certainly true in the stock market, but I would be careful about applying it to network security. Adding a new stock to your portfolio does not place your other stocks at greater risk. Yet every new network service/machine you add _does_ increase the risk to the rest of your network. If an attacker manages to get a foothold into one of your machines, there are a myriad of ways that she can leverage that access to further compromise your network.
Adding a new service is like having to defend a new front in a war. You have to divide your administrative effort into securing all of your systems, while the bad guys need only break through one of the defenses. So I would generally recommend standardizing on (say) a locked-down qmail, rather than putting out a "diverse" network that includes qmail, postfix, sendmail, exim, etc. Choosing one of those (even if you have instances on many machines) allows you to put more effort into locking it down, learning about it, and watching for & patching vulnerabilities. Meanwhile, attackers must have an exploit for that exact server rather than for any one of the mail servers you are running. Remember that even if you somehow manage to patch every announced vulnerability within 12 hours, there is still some window of exposure there. And many bugs will still float around underground for months before you hear about them - take a look at the recent SAMBA exploit for just one example.
I'm certainly not saying that diversity is always bad. In some cases it makes sense. But don't treat it as a tenet of secure network design like "deny by default" or "defense in depth".
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner. Version 3.27 was released today.
> people hold vehement positions even though they don't follow the news
Scarier is that this Slashdot discussion is refreshingly civil compared to what I've encountered the last few days! Last Sunday I released a version of Nmap and included a very short peace plea at the top of the announcement. I received well over 50 replies. While a few people such as Ilan Meller of Israel and Amir Safayan from Iran for presenting reasoned cases for preemptive action against Iraq, most of the replies were the worst flamage I've seen in years!
For suggesting that perhaps Bush could have been a little more patient with the UN & weapons inspectors, one person said I am "obviously a terrorist". Another concluded that Nmap "is spyware to spy on the american people." Chet from Hotmail explained that we must attack because "the religion of Islam seeks to destroy the USA". Jason from CMITexas said "Stick it up your ass! .... You are another resentful
European loser. I demand an answer now asshole!!!!" Another crazy
Texan said "Iraq will bow to the most powerful nation in the world and
you will stand by and observe. Your representatives are powerless
against gods chosen nation. No country has the power or the intellect
to do anything about it." Guys: I am a proud US Citizen residing in
California -- please tailor your invective appropriately.
Fortunately I sent out a second mail yesterday which noted the flames above and also clarified my points. I was quite gratified that this one already has elicited more than 220 replies, with 95% being civil! Many still disagree with me, but at least they respected my right to have and express my beliefs. It restored some of my faith in humanity (or at least in Nmap users). I can appreciate alternative views too. What frustrates me are the people who believe Saddam is linked with Al Qaeda or a bigger threat to the US than North Korea only because Bush says so.
I wish I had time right now to go through the hundreds of mails and piece together some of the very best arguments on each side. But I guess /. has no dearth of comments already :). So I'll just leave you with a few links I found interesting or funny ;).
And on a completely different (and much happier) note, I am pleased to announce just-released version 3.20 of the Nmap Security Scanner. It is the first "stable" release since last July and contains hundreds of improvements (release notes))
--Fyodor
The systems described in the paper such as IP Personality and Honeyd (my favorite), work by watching for the exact probes as described in my fingerprinting paper and then responding as detailed in the Nmap OS DB. But what about all the other TCP/IP techniques for fingerprinting a system? Later this year, I hope to add about half a dozen, including selective ACKs, TTL-normal-reply, and TTL-RST-Echo. Once these are implemented, spoofed systems will appear as a Dreamcast (or whatever) using the old techniques and will be exposed as their real OS via the new techniques. So Nmap could offer fingerprints like "Linux 2.4 pretending to be a Laserwriter". And attackers could even scan the 'Net looking for spoofed boxes -- lets hope the spoofing modules/programs don't open any security holes of their own!
Of course, the spoofers will then update their software to recognize the new fingerprinting technique and the cycle begins anew. Ah well. I enjoyed Berrueta's paper, by the way.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
As for the paper, I found it interesting and amusing enough to announce to the nmap-hackers. I'm all for doing this to your personal machines for entertainment and experimental value, but would almost never recommend it as a serious security hardening technique. Your time is almost always better spent working on fundamental security improvements such as applying patches, tightening firewalls, installing IDS systems, removing unnecessary services and setuid binaries, auditing system logs, etc. And sometimes this type of spoofing can actually increase security risk. Nmap expects many modern UNIX operating systems to offer nearly-unpredictable generation of TCP initial sequence numbers and the IP ID field. Crippling the generators to appear as a printer can make you vulnerable to TCP connection spoofing and a plethora of vulnerabilities related to the new Nmap Idle Scan technique.
And remember that many or most worms and script kiddies simply spew their exploit code to every listening server rather than bothering with fingerprints. All the attempted IIS exploits in my Apache log are testament to that! And if you attract a more competent attacker, you probably won't fool them for long anyway.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
I wouldn't say that at all. DNS spoofing is sadly still feasible in many situations and easily gives you this capability. It is trivial if the attacker is on the same layer 2 network (insider attacks are extremely common, and so are outsiders who own one machine on the network and then leverage that for more.) Remember that the SSL certificate validation process won't protect you from this attack, since that part of the protocol is proxied through unmolested.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
>who gives you a
Great! And for those of us in the States (especially California), Hurricane Electric offers a free tunnel broker with these characteristics that I would recommend.I have been using it for more than 6 months, and find it quite stable. You do lose your /64 if HE can't ping you for 24 hours, but a new one is only a mouse click away. And what kind of geek would leave their computer inaccessible for that long anyway? ;). Initial activation does take a day or so.
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner
Apparently not yet:0 :7c7c) 56 data bytes
felix/home/fyodor> ping6 slashdot.org.sixxs.org PING slashdot.org.sixxs.org(3ffe:4007:1:1:210:dcff:fe2
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=0 hops=56 time=266.762 msec
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=1 hops=56 time=257.366 msec
64 bytes from 3ffe:4007:1:1:210:dcff:fe20:7c7c: icmp_seq=2 hops=56 time=258.530 msec
Of course, authentication cookies won't work in that domain (unless they've hacked around that). And the login form uses a relative URL, so it posts your password to the .sixxs.org gateway. Whoever runs that will have a lot of low-UID accounts if he wants 'em :).
-Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner
And even if your ISP won't assign you an IPv6 subnet, you can always utilize a free Tunnel Broker to obtain a huge IPv6 address space of your very own (tunneled to your IPv4 IP). I used this recently when adding basic IPv6 support to the Nmap Security Scanner. My announcement also provides a concrete example of IPv6 being used to subvert firewall rulesets.
A ton of useful IPv6 information is available from Kame.Net -- once your setup is working, the turtle on the top of that page starts to dance :). I also found the Linux IPv6 HOWTO to be incredibly helpful.
-Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner
Perhaps you are just joking, but I do that too :). In fact, I added a
special "random input" mode to Nmap for this sort of
occasion. There is also a "turbo" mode for scanning
just one port. If you are ever bored enough to check out some "random"
web (or ftp, SMB, etc) servers, here is the command I use:
core/home/fyodor#nmap -iR -sS -PS80 -p 80 -oM- | grep Interesting
Interesting ports on lucus.creativepresence.com (216.181.159.18):
Interesting ports on 64.96.235.88:
Interesting ports on pddafb6.ykhmac00.ap.so-net.ne.jp (218.221.175.182):
Interesting ports on marudmz2-broadcast.interq.or.jp (210.172.130.199):
Interesting ports on rn068058189.dcmdw.dcma.mil (131.68.58.189):
Interesting ports on 208.167.47.3:
Interesting ports on 66-224-4-78.atgi.net (66.224.4.78):
Interesting ports on 225.245.70.200.ppp.nuria.net.ar (200.70.245.225):
Interesting ports on www.fortcollins.caddbase.com (65.127.93.15):
Interesting ports on 207.106.191.83:
Interesting ports on dsl-64-34-112-223.telocity.com (64.34.112.223):
Interesting ports on 64.119.66.83:
Interesting ports on arizonashomesonline.com.criticalpath.net (209.231.209.73):
Interesting ports on www.renavigator.net (217.170.39.157):
Interesting ports on 200.21.137.18:
Interesting ports on fornosenigaglia.it (209.227.205.157):
Interesting ports on BSN-250-18-26.dsl.siol.net (213.250.18.26):
Interesting ports on 213.196.33.90:
Interesting ports on 213.193.115.242:
Interesting ports on ridgewood77-77-213.bergen.org (168.229.77.213):
Interesting ports on dirweb03.search.aol.com (205.188.180.3):
Interesting ports on 161.58.90.51:
Interesting ports on www.tokyo-media.com (61.126.14.5):
Interesting ports on ppp39.plsntvl.eticomm.net (208.9.153.39):
Interesting ports on 210.122.215.2:
Interesting ports on YahooBB219030013082.bbtec.net (219.30.13.82):
Interesting ports on s9-66.umiva.9netave.net (216.149.9.66):
Interesting ports on www.thumbvault.net (210.18.207.67):
Interesting ports on CPE014080212685.cpe.net.cable.rogers.com (24.114.90.220):
Interesting ports on www.delmarlaw.com (209.251.144.77):
Interesting ports on ccvideo.com (204.167.145.27):
Interesting ports on 80.239.139.33:
Interesting ports on pathspeedweb.com (169.207.184.1):
Interesting ports on ns1.gloryworks.com (64.71.189.130):
Interesting ports on www.thechicagolighthouse.org (209.242.31.136):
Do remember to stop this scan when you are done. Otherwise it will never end and you may wake up to a nasty letter from your ISP. Trust me on this one ;).
-Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner.
Do you even read the kernel list? David Miller, the list maintainer, clearly stated that discussions of the BK license are "very ontopic" because BK "is the primary source management tool used by Linus and others, it is even documented in the source tree as such."
-Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner.
I for one plan to resist this bogus, anticompetitive license. As others have mentioned, this is like MS changing their EULA to exclude developers of competing operating systems. The best way to fight BK is to write a compelling replacement. My best wishes go out to those who are already doing such admirable work!
Cheers,
Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner.
> and WebSphere. My guess is that VA Software won't be migrating
> sourceforge.net.
Here is the first line of their press release:
"OSDN today announced that SourceForge.net, the world's largest Open Source development web site, will run exclusively on IBM's DB2 database software for Linux -- including SourceForge.net's 460,000 registered users and the 45,000 Open Source software development projects hosted on the site."
> 220 exploitable.sendmailbox.ru ESMTP Sendmail 8.6
I think you owe CmdrTaco an apology. I can vouch that he would never forge a devious email like this one. His forgeries have worse spelling :).
Making matters worse, these email bugs have moved beyond the domain of "get-rich quick" and porn spam. Even companies you might consider legitimate have been doing this. One would think financial institutions would be particularly concerned about privacy, but I have found email bugs lurking in mail from both E*Trade and American Express.
While these bugs aren't very effective against those of us who use pine, mutt, etc., they set a dangerous precedent. If users tolerate applications retrieving untrusted data from the net without notification or permission, we could see even worse abuses like this in the future.
Unfortunately pressuring application vendors to respect our privacy is not always fruitful. And with closed-souce applications, you often have no idea what they are up to. I was glad to see that some of the Windows "personal firewall" programs such as ZoneAlarm offer features that alert users to unexpected outgoing connections made by applications. Users can define notification policies based on their own privacy concerns. I haven't run across similar software for Linux, although it wouldn't be hard to write. And it isn't quite as important on Linux since fewer users download/buy untrusted binary-only programs.
Cheers,
Fyodor
Concerned about your network security? Try the Free Nmap Security Scanner.
Ron Gula already posted DefCon8 data along with DC7 and SANS ID-Net dumps several weeks ago. The page says Toorcon captures will be available shortly.
--
Frustrated by firewalls? Try the Nmap Security Scanner
I argued that C, C++, or Perl might be more appropriate depending on the performance (and other) requirements of the application. I think the developer who dreamed up the application should decide what language is best suited for the given task. It should not be dictated in advance based on the founder's pet language.
Unfortunately it seems that Python promotion is the primary goal of the project, even though their $860,000 government grant is supposed to be used for creating new open source development tools.
Is it any surprise that Greg recently chose Guido van Rossum (Python author) as one of the judges? Speaking of which, I wish they would disclose whether (and how much) the judges are paid.
Don't get me wrong, I have nothing against Python. It is a wonderful language. And if the competition $$$ was raised from Python users' groups, I would be cheering them on. My problem is that they appear to be using $860K tax dollars to support Python even though the grant was for a completely different purpose.
Sure, some of you may be thinking that spending tax money to promote Python is not so bad. But imagine if they were spending your tax dollars to promote another language -- like Visual Basic!
I urge them to drop the biases and let the developers choose the most appropriate language. And may be best program win!
-Fyodor (fyodor@insecure.org)
Try the free Nmap Security Scanner: http://www.insecure.org/nmap/