Here is a diagram of three servers: What we want to do is create a tunnel with SSH so that 10.50.101.100 can go directly to 10.50.100.72. There is no routing between the networks. The box in between is dual-homed and acting as a security buffer between the 10.50.100 and 10.50.101 networks. After we set up […]
Tunnelling Through a Gateway With SSH
Maximum Number of Sockets and FD_SETSIZE
There is a limit on the number of concurrent socket connections that an application can accept in BSD, Windows, and other operating systems. This is set at compile time, but it can be overridden. Here is a discussion of this limitation by Microsoft, and here is further discussion. One application that is sticking this on […]
Remote Console Server and Web Administration Tool for NT
Two very useful remote administration tools are the Remote Console Server and the Web Administration tool. Both of these tools come on the NT 4.0 Server resource kit CD. To install the Remote Console, go into control panel -> network -> services tab -> add -> remote access service, and point to the ..\..\netadmin\rconsole directory […]
Installing and Using Telnet Service for Windows NT
[Ed. Note: This is a wee bit dated. SSH is widely available for Windows now, and should be used instead of telnet for administration. Still, telnet can be handy for testing. For an updated version of this for Windows 2000, see this article.] We wrote a tip about using IIS and rconsole to remotely manage […]
Virus Test File
Check out the European Institute for Computer Anti-Virus Research (eicar) Anti-Virus Test File page. EICAR provides test files you can send to your users to determine if their anti-virus software is functioning correctly. We’ve seen this work fine on Trend Micro and Norton Anti-Virus software, but most ant-virus software should correctly detect these files. To […]
A Trojan in Every Port
If you have any kind of intrusion detection set up like Psionic’s PortSentry or a personal firewall, you’ll see attempts to connect on ports you may not be familiar with. Even looking up the port in /etc/services doesn’t tell the whole story. To find all known network services, trojans, worms and exploits associated with a […]
Windows Run At Logon Keys
One key to check on Windows boxen is the Run key. The run key is located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. When a user logs on, the programs specified in the run key also run. Many times a trojan will install itself here. A lesser evil is the hordes of small little apps that like to run some […]
Netcat and Hammurabi
When I was a kid in 1975, my dad brought home a terminal with an accoustical coupler on the top where I could put a standard phone handset in, and communicate with a Microdata minicomputer at his work. [Dick Pick developed the operating system for the Microdata. To make it fast, he programmed it using […]
Using HfNetCk To Audit Windows Patches
There is a most fabulous utility available for free download from Shavlik Technologies here that will scan your Windows boxen for needed security/bug fixes. The command line version doesn’t require registration, and is quite easy to use. The cool thing is that the status of current patches is downloaded at run time. Let’s run this […]
Fizzer Worm is Nasty – Update Sigs, OK?
Yet another worm making the rounds via email. This one has a nasty payload. More info here. Removal tool here. Additional info for administrators and operators on IRC networks here.
Building a Security Audit Toolkit
As moon-howling, tree-hugging, packet-sniffing pagans, we like to celebrate the Summer Solstice by doing a security audit of the systems on our network. Spending the longest day of the year auditing systems will help us avoid spending the longest night of the year restoring a hacked one. In our audit, we will be disabling unused […]
Building a Chrooted sftp Environment
There was a time, not so very long ago, when we used to enjoy running an ftp server and locking our users into tiny little chrooted jails. While we still enjoy denying users their freedom, we now prefer to do so using a maximum security facility. The sftp file transfer program, which comes with OpenSSH […]
Running Nmap on Windows
We wrote about Nmap in this article, but this assumed that you were running Nmap on GNU/Linux. There is another version available, now, for Windows. We used nmapwin_1.3.0_src.zip on a Windows 2000 workstation. It is important to scan your network, especially when there is a lot of virus activity. Hopefully before, but we know how […]
Scanning Tool To Determine Unpatched Windows Boxes
Microsoft has published a tool available here that will tell you what hosts need patching to protect against the 823980 buffer overrun in RPC flaw (Blaster).
New Worm that Doesn’t Need Attachment
There is a new bagle worm that uses an exploit in IE. It does not need to have the user open an attachment, they just need to read an email with HTML in it. !!! There is a test to see if you are vulnerable here: http://secunia.com/MS03-032 More detailed info here: href=http://secunia.com/advisories/9580/ Bagle Q info […]
Verifying File Integrity with MD5 Checksums
We use MD5deep, because it has a recursive option which we discuss in this article. For now, though, we are just going to cover how to verify the MD5 checksum on a file. Grab the MD5 checksum from a site authoritative for your software package, and grab the software from a mirror site. Of course, […]
Using MD5deep To Verify Tree Integrity
We talked a little about MD5deep in this article. One nice thing about MD5deep is that it can do recursion. This allows you to create a set of MD5 sums for an entire directory. /etc is a good one to use as an example. Let’s create the set of MD5 sums: root@srv-1 etc # md5deep […]
Compiling PGP 2.6.2
This is certainly an old topic, but I always forget how to compile PGP 2.6.2 on GNU/Linux. Grab the source from MIT, probably, is what you want. You may also want to consider gpg. Much has changed since 1994! PGP 2.6.2 is particularly interesting for keeping password files using conventional encryption. It is possible to […]
Linux Kernel Exploit
There is a local user privilege exploit for the Linux kernel. Details are here: http://isec.pl/vulnerabilities/isec-0021-uselib.txt One thing to remember is that a local user does not mean that the user has to have access to the physical machine. It means that any user that can run code on the machine can gain root access.
Automating Secure FTP Downloads With Kermit
If you need to automate FTP downloads, and want lots of flexibility, an oldie but goodie is Kermit. I know what you’re thinking: “Hey, isn’t Kermit an old DOS comms program?”. Yes, it is a very old program. The cool thing about this, though, is that if you need to automate file transfers, it has […]
