Ever since Cisco bought the Wheel group all those years back, they've attempted to make a real entry into the security market.
Although they have great market share in the blue-chip corporate sector these days, they are still lacking two major components from the suite of products have also been lacking: A decent workable management platform (anyone that has built or used VMS knows where this is coming from), and an event correlation engine (the Protego aquisition addresses this).
Cisco has made so many aqusitions over the years, but has had little success with re-branding them and taking them to market. Check out the host based IDS as an example of this (for those who cannot be bothered, Cisco introduced an OEM'ed HIDS then dumped it very quickly after aquiring yet another vendor in the HIDS space...)
Whilst NAC and the latest product offerings all sound great and definately are the way of the future converged network, I'll believe it when I see it deployed in a real network - not in the lab in the Cisco building.
A question for other aussie/.'ers - what other alternative are availble for us down under? I don't want a PC in the living room, so I like the form factor of this box, but bloddy hell, $1700 entry level? The device/box needs to be simple enough that my little cousins (5 year old) can come over and figure how to watch all the simpsons episodes.
I know there are numerous news groups/email lists around getting UK TiVo's working, is this the most only option at this point in time?
An Australian, a Kiwi and South African are in a bar one night having a beer.
All of a sudden the South African drinks his beer, throws his glass in the air, pulls out a gun shoots the glass to pieces. He says "In SethEfrika our glasses are so cheap that we don't need to drink from the same one twice".
The Kiwi (obviously impressed by this) drinks his beer throws his glass into the air, pulls out his gun and shoots the glass to pieces. He says "Wull mate, in Niw Zulland we have so much sand to make the glasses that we don't need to drink out of the same glass twice, either".
The Australian, cool as a Koala, picks up his beer and drinks it, throws his glass into the air, pulls out his gun and shoots the South African and the Kiwi. He says "In Australia we have so many damn South Africans and Kiwi's that we don't need to drink with the same ones twice".
Thankfully, this particular worm isn't smart enough to identify the OS of the target, thus it *could* possibly end up using the incorrect return address for the *actual* OS target, thus causing the RPC process to crash.
A week or so back, global return address were identified for Windows 2000 and Windows XP. This meant that regardless of service pack or region, Windows 2000 could be 0wned using a single return address. Ditto fo XP.
It appears as though this worm uses the original dcom.c exploit code, which did not have the universal return addresses.
It won't be long until the next variation of this type of worm is released, with much more intelligence.
Actually it hasn't been cracked in reality, only theoritically. Vendors like such as Cisco have agreed and have not only provided responses to the claims, but also have 'fixes' (although somewhat proprietory in the Cisco case) - see this article
Actually it does have a payload, the users will be emailed a zip file which will either contain a.pif or.scr. If the user executes this, it will attempt to search.wab,.dbx,.htm,.html,.eml and.txt files to harvest email addresses and re-propogate.
ummmm RTFA? last paragraph of the summary and conclusion here:
"Overall, the Asus MyPal a620 proved to be an excellent PocketPC, with great battery life, easily making it through a full day of extensive use and hours of multimedia playback. On average we clocked between 10 till 12 hours on the battery, which is a little more than weâ(TM)ve seen from popular PocketPC 2002 devices. If youâ(TM)re in the market for an affordable, yet powerful and versatile, PocketPC be sure to give the Asus MyPal a620 a serious consideration."
If this is true, and you want to share your playlists, assuming you have a firewall in place, simply NAT any "outside" or non-local traffic to an address on you "inside" subnet on only the ports required (sorry I'm not familiar with iTunes).
Then hey-presto, all requests appear to come from your local subnet.
I am unsure of the specifics of this case, but I have previously done quite a bit of work inside the one of the Crime Commission offices in.au
The techos were quite proud of the fact that with a quick phone call to Telstra (and a warrant of some sort I imagine), they can mirror *ANY* broadband (read: xDSL or Cable) line to a residential home/apartment. At the back end, they have sniffers written by a major commercial company which are unavailable to consumers for purchase. I don't know the details or the level of the decode these sniffers can perform, but would imagine it is VERY good.
Apparently they have caught quite a few dealers and other small crims soley by using this.....
From all the news sources though, this sounds like a raid on ISP infrastructure rather than mirror of some users internet links.
MS uses IP protocol 47 (GRE) for transport and 1723/tcp for control. PoPToP is another that uses the same protocols/ports.
With IPSec VPN's, most products these days (including Free S/WAN) allow for ESP (IP protocol 50) to be encapsulated in UDP or TCP.
This feature was originally designed for devices that couldn't NAT anything other than the standard protocols used by the average home user (ICMP, TCP and UDP) - quite a few olders style cable and DSL routers couldn't do this.
So the answer is quite simple. Configure your VPN termination device to tunnel the IPSec over UDP or TCP, and your ISP won't know any different.
Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.
actually this product has some sort of clue in the respect that it looks at the file headers and recognises mime types.....so unfortunately simply renaming ain't gonna avoid the filtering
Slashdot Mirror
Looks like someone on the inside has confirmed that the Feds were in fact running some topsites:B rought.To.You.BY.-FBi.nfo
http://restless.ugtech.net/Todays.Raids.UPDATED..
Ever since Cisco bought the Wheel group all those years back, they've attempted to make a real entry into the security market.
Although they have great market share in the blue-chip corporate sector these days, they are still lacking two major components from the suite of products have also been lacking: A decent workable management platform (anyone that has built or used VMS knows where this is coming from), and an event correlation engine (the Protego aquisition addresses this).
Cisco has made so many aqusitions over the years, but has had little success with re-branding them and taking them to market. Check out the host based IDS as an example of this (for those who cannot be bothered, Cisco introduced an OEM'ed HIDS then dumped it very quickly after aquiring yet another vendor in the HIDS space...)
Whilst NAC and the latest product offerings all sound great and definately are the way of the future converged network, I'll believe it when I see it deployed in a real network - not in the lab in the Cisco building.
A question for other aussie /.'ers - what other alternative are availble for us down under?
I don't want a PC in the living room, so I like the form factor of this box, but bloddy hell, $1700 entry level? The device/box needs to be simple enough that my little cousins (5 year old) can come over and figure how to watch all the simpsons episodes.
I know there are numerous news groups/email lists around getting UK TiVo's working, is this the most only option at this point in time?
An Australian, a Kiwi and South African are in a bar one night having a beer.
All of a sudden the South African drinks his beer, throws his glass in the air, pulls out a gun shoots the glass to pieces. He says "In SethEfrika our glasses are so cheap that we don't need to drink from the same one twice".
The Kiwi (obviously impressed by this) drinks his beer throws his glass into the air, pulls out his gun and shoots the glass to pieces. He says "Wull mate, in Niw Zulland we have so much sand to make the glasses that we don't need to drink out of the same glass twice, either".
The Australian, cool as a Koala, picks up his beer and drinks it, throws his glass into the air, pulls out his gun and shoots the South African and the Kiwi. He says "In Australia we have so many damn South Africans and Kiwi's that we don't need to drink with the same ones twice".
Thankfully, this particular worm isn't smart enough to identify the OS of the target, thus it *could* possibly end up using the incorrect return address for the *actual* OS target, thus causing the RPC process to crash.
A week or so back, global return address were identified for Windows 2000 and Windows XP. This meant that regardless of service pack or region, Windows 2000 could be 0wned using a single return address. Ditto fo XP.
It appears as though this worm uses the original dcom.c exploit code, which did not have the universal return addresses.
It won't be long until the next variation of this type of worm is released, with much more intelligence.
Actually it hasn't been cracked in reality, only theoritically. Vendors like such as Cisco have agreed and have not only provided responses to the claims, but also have 'fixes' (although somewhat proprietory in the Cisco case) - see this article
Actually it does have a payload, the users will be emailed a zip file which will either contain a .pif or .scr. If the user executes this, it will attempt to search .wab, .dbx, .htm, .html, .eml and .txt files to harvest email addresses and re-propogate.
Taken from SARC
ummmm RTFA? last paragraph of the summary and conclusion here:
"Overall, the Asus MyPal a620 proved to be an excellent PocketPC, with great battery life, easily making it through a full day of extensive use and hours of multimedia playback. On average we clocked between 10 till 12 hours on the battery, which is a little more than weâ(TM)ve seen from popular PocketPC 2002 devices. If youâ(TM)re in the market for an affordable, yet powerful and versatile, PocketPC be sure to give the Asus MyPal a620 a serious consideration."
If this is true, and you want to share your playlists, assuming you have a firewall in place, simply NAT any "outside" or non-local traffic to an address on you "inside" subnet on only the ports required (sorry I'm not familiar with iTunes).
Then hey-presto, all requests appear to come from your local subnet.
Simple no?
I am unsure of the specifics of this case, but I have previously done quite a bit of work inside the one of the Crime Commission offices in .au
The techos were quite proud of the fact that with a quick phone call to Telstra (and a warrant of some sort I imagine), they can mirror *ANY* broadband (read: xDSL or Cable) line to a residential home/apartment. At the back end, they have sniffers written by a major commercial company which are unavailable to consumers for purchase. I don't know the details or the level of the decode these sniffers can perform, but would imagine it is VERY good.
Apparently they have caught quite a few dealers and other small crims soley by using this.....
From all the news sources though, this sounds like a raid on ISP infrastructure rather than mirror of some users internet links.
MS uses IP protocol 47 (GRE) for transport and 1723/tcp for control. PoPToP is another that uses the same protocols/ports.
With IPSec VPN's, most products these days (including Free S/WAN) allow for ESP (IP protocol 50) to be encapsulated in UDP or TCP.
This feature was originally designed for devices that couldn't NAT anything other than the standard protocols used by the average home user (ICMP, TCP and UDP) - quite a few olders style cable and DSL routers couldn't do this.
So the answer is quite simple. Configure your VPN termination device to tunnel the IPSec over UDP or TCP, and your ISP won't know any different.
Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.
--audiowhore
wow.... /. running a story only 1 day after the vulnerability was announced?? :)
this is hard to believe.
-- audiowhore
whoa dropped some of the syntax :)
access-list 1 permit (management
access-list 1 permit
line vty 0 4
access-class 1 in
ummm.....not too dificult and unless the version of IOS running is vulnerable, this will restrict access to the vty lines ala tcp wrappers.
actually this product has some sort of clue in the respect that it looks at the file headers and recognises mime types.....so unfortunately simply renaming ain't gonna avoid the filtering