We picked up a DEC Alpha Multia cheap at auction a couple years ago. We will use this multia to dump the network traffic that NT creates on boot using TCPDump. The first problem we had was that our Multia is not Y2K compatible. Many of our files ended up with dates of 2019, and […]

Free NIMDA Scanner checks for known NIMDA worm files (admin.dll, load.exe, readme.exe, etc.), checks your system.ini, and remotely checks “Administrators” group for “Guest” account. Click here to download. [Beware of running free programs that scan for viruses… better look that gift horse in the mouth. 🙂 Ed.]

Microsoft has published a tool available here that will tell you what hosts need patching to protect against the 823980 buffer overrun in RPC flaw (Blaster).

Nmap is a free port scanner you can use to audit your own network and ensure the security of your hosts from outside your firewall as well. It is also entirely likely that your external interfaces are being scanned at this very moment with Nmap, or tools like it. One cool thing about Nmap, is […]

There is a new bagle worm that uses an exploit in IE. It does not need to have the user open an attachment, they just need to read an email with HTML in it. !!! There is a test to see if you are vulnerable here: http://secunia.com/MS03-032 More detailed info here: href=http://secunia.com/advisories/9580/ Bagle Q info […]

Do check out the Baseline Security Analyzer tool from Microsoft. Just download the MSI package from the page and install it with a shortcut on the Desktop (default). We ran it against a fresh Windows 2000 install with just SP2 installed. Here is a screenshot of the results. We are alerted to many security issues. […]

We use MD5deep, because it has a recursive option which we discuss in this article. For now, though, we are just going to cover how to verify the MD5 checksum on a file. Grab the MD5 checksum from a site authoritative for your software package, and grab the software from a mirror site. Of course, […]

If you are being attacked or abused by a particular host, just enter the following command to deny all access to the host: /sbin/route add -host <ip address> reject Replace with the IP address of the host you want to block. The address will stay blocked until you bounce the interface. Alternatively, you could allow […]

We talked a little about MD5deep in this article. One nice thing about MD5deep is that it can do recursion. This allows you to create a set of MD5 sums for an entire directory. /etc is a good one to use as an example. Let’s create the set of MD5 sums: root@srv-1 etc # md5deep […]

Check out the European Institute for Computer Anti-Virus Research (eicar) Anti-Virus Test File page. EICAR provides test files you can send to your users to determine if their anti-virus software is functioning correctly. We’ve seen this work fine on Trend Micro and Norton Anti-Virus software, but most ant-virus software should correctly detect these files. To […]

This is certainly an old topic, but I always forget how to compile PGP 2.6.2 on GNU/Linux. Grab the source from MIT, probably, is what you want. You may also want to consider gpg. Much has changed since 1994! PGP 2.6.2 is particularly interesting for keeping password files using conventional encryption. It is possible to […]

If you have any kind of intrusion detection set up like Psionic’s PortSentry or a personal firewall, you’ll see attempts to connect on ports you may not be familiar with. Even looking up the port in /etc/services doesn’t tell the whole story. To find all known network services, trojans, worms and exploits associated with a […]

There is a local user privilege exploit for the Linux kernel. Details are here: http://isec.pl/vulnerabilities/isec-0021-uselib.txt One thing to remember is that a local user does not mean that the user has to have access to the physical machine. It means that any user that can run code on the machine can gain root access.

If you need to automate FTP downloads, and want lots of flexibility, an oldie but goodie is Kermit. I know what you’re thinking: “Hey, isn’t Kermit an old DOS comms program?”. Yes, it is a very old program. The cool thing about this, though, is that if you need to automate file transfers, it has […]

We wrote about blocking particular IP addresses with the route command here. If you are already using iptables, or want to start, a better way is to block particular hosts: iptables -I INPUT -s 25.55.55.55 -j DROP This command will simply drop any packet coming from the address 25.55.55.55. To list the chains: iptables -L […]