RSS Feed

Netsec, comsec, infosec and IA news, research and trends



P0f v2 Beta from Michael Zalewski

P0f is a passive OS fingerprinting tool that gathers useful information
about visitors / attackers without triggering any suspicious traffic. In
addition to accurately and precisely fingerprinting a remote OS based on a
large number of metrics, p0f can also determine link types, distances and
uptimes of those hosts - all without sending a single packet. As such, p0f
is a useful addition to a firewall / IDS / server setup.


LANguard NSS
Download LANguard NSS
Problem is, keeping track of software updates isn't easy. LANguard Network Security Scanner from GFI. LANguard NSS scans your PCs for security holes and vulnerabilities. LANguard NSS sounds a lot like Nessus, an application I covered in a previous Dark Tip. LANguard is different in that it actually applies the patches. That feature alone is great, but say you're a network administrator with 60 computers on a network. You can run LANguard NSS across the network to see which computers need patches. Pretty cool.


IST 248 Textbooks:
Required: Network Perimeter Security 0-7357-1232-8

Optional: Linux Firewalls 0-7357-1099-6 and Cisco Secure PIX Firewalls 1-58705-035-8

If your boss is paying, consider them all required. ; - ) We will focus first upon PIX (I have 6) and Linux iptables. I am thinking of scenario based labs, CTF style with teams. 4 - 6 teams of 3. Each team must protect "insecure" servers without touching the OS. This should make it both fun and realistic. Feedback welcome.

Federal Information Systems Security Educators’ Association (FISSEA)
National Security Agency Centers of Academic Excellence in Information Assurance Education (CAEs)

Snip from Cisco Advisory:

Using IOS with NetFlow Enabled to Detect Infected Hosts

NetFlow can be a powerful tool to help identify infected hosts. Netflow must be
enabled on an interface with the command ip route-cache flow.

Router>show ip cache flow | i 0087

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.119 06 0B88 0087 1
Fa2/0 XX.XX.XX.242 Fa1/0 XX.XX.XX.169 06 0BF8 0087 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.63 06 0E80 0087 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.111 06 0CB0 0087 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.95 06 0CA0 0087 1
Fa2/0 XX.XX.XX.204 Fa1/0 XX.XX.XX.79 06 0C90 0087 1

Internet Mail Consortium: S/MIME

WAP: Wireless Application Protocol Security Paper

Steve Bellovin has worked for AT&T / Bell Labs for a long time. Here is his paper on why firewalls are critical. From the BSDsnob.


"What would be the use of immortality to a person who cannot use well a half hour?"
--Ralph Waldo Emerson

New Blaster / RPC worm variant on the loose This one starts an IRC backdoor, probably for a DoS attack.

Phrack 61 is Out.
Worst Fears II: A Paper from SensePost


"Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."

RPC Worm Snip from NANOG
"This worm is amazing. I have only had filters in place for about 4.5 hours and I am already approaching 100 million matches for the deny tcp/135 across my network. Of that, only one customer has said that they needed 135 open for legimate use (probably more, but I have only heard from the one)."

Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.


ISC reports that the Blaster DCOM/RPC worm is propagating
Counterpane has snort signatures

Vmap stands for version mapper. It allows you to find out the version of a daemon by fingerprinting the features and replies of bogus commands. It is a great addition to the other *map tools.

WifiBSD is a FreeBSD based AP. Link from BSDsnob.

Richard Stephens' "TCP/IP Illustrated" is THE reference for TCP/IP. Here is Volume 1, online and FREE! Alexandre Dulaunoy, the site's host, seems to have written some interesting papers on privacy, communications and freedom.


OpenBSD: Firewall On A Floppy (FOAF)
Transparent Bridging Firewall. Link from BSDsnob, of course.

This page is powered by Blogger.

Site Meter Locations of visitors to this page