Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 66

Thread: Serious Offshore Attacks from China

  1. #31
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    Im coming across to be a bit of a nusscence I think lol. This is what I got when I clicked on the link:

    Code:
    You are not authorized to view this page
    The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
    
    Please try the following:
    
        * Contact the Web site administrator if you believe you should be able to view this directory or page.
    
    HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
    Internet Information Services (IIS)
    
    Technical Information (for support personnel)
    
        * Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
        * Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.
    Ahh, you're in the forbidden zone.

    PM me an email address.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  2. #32
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by The_Denv View Post
    That sounds like an excellent setup streaker69! I would highly appreciate if you could throw together a quick diagram. I have an old Pentium II 500MHz 128MB Ram.
    I had a passive tap box running with similar specs (with old and new 3Com nics) and it proved to be inefficient. I would strongly urge you to run @ least 512MB of RAM, otherwise you run the risk of having a machine that is not able to capture all of the traffic. Streaker had pointed that out to me when I originally set it up on the lower end machine, and in the end a RAM upgrade got it up to speed (literally).

    Also the cool thing about the setup in Streaker's diagram is that you can put the tap part on any part of your LAN (doesn't necessarily have to be outside the red nic @ all times. For example, if you suspect your router / firewall / primary IDS is letting some rogue traffic through to a machine, you can isolate it by placing the tap 1 hop away from the subnet or suspected machine to analyze the traffic.
    dd if=/dev/swc666 of=/dev/wyze

  3. #33
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by swc666 View Post
    I had a passive tap box running with similar specs (with old and new 3Com nics) and it proved to be inefficient. I would strongly urge you to run @ least 512MB of RAM, otherwise you run the risk of having a machine that is not able to capture all of the traffic. Streaker had pointed that out to me when I originally set it up on the lower end machine, and in the end a RAM upgrade got it up to speed (literally).

    Also the cool thing about the setup in Streaker's diagram is that you can put the tap part on any part of your LAN (doesn't necessarily have to be outside the red nic @ all times. For example, if you suspect your router / firewall / primary IDS is letting some rogue traffic through to a machine, you can isolate it by placing the tap 1 hop away from the subnet or suspected machine to analyze the traffic.
    Will do, infact at my old workplace I think they sell old ram [256MB_sd] for as little as £3.00 each as they are in the dust bundle and have been for ages! lol I have received the diagram via email from streaker, looks like a sleek and tidy setup and I 'will' accomplish this. I even got my brother searching in his attic for the Cisco 800series///Cisco FastHub 400 series cables as I have the boxes here but no leads at all...so Ive been just reading the users manual until I get the cables. Aswell as that, this USB install is next on my list.

    Yeh, isolation and nulling are the key points [apart from obvious customization that Cisco allows you] of my goal. The packets from 121.18.13.107 are still flying into my network.

  4. #34
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    You can also setup snort on windows, however, it looses some of its functionality. This website has a windows snort/apache/mysql/BASE package plus tutorial on setup and configuration:

    http://www.winids.com/

    It's good start if you have never worked with snort before, and are not fluent in linux, but I definitely recommend using snort on a linux box in the long run.

    Here as a tutorial on how to setup snort/.../BASE on fedora box:

    http://www.infosecwriters.com/text_r...t_base_fc3.pdf

    It is a bit out of date, but it should point you in the right direction.

    In regards to your packet dropping/firewall issue, I have two recomendations. One is snort inline, which basically drops all packets that are suspect. The best way I can explain it is this: an intrusion dection system logs and alerts you to potential scans and attacks, snort inline is more of an intrusion prevention system, not allowing the packets to pass. So in essence, it functions as a firewall. The down side to this is you will have to do a lot of rule modification to prevent false positives.

    Another suggestion I have is microsoft internet security and acceleration server (ISA). You'll have to do some research on this one...but I have read articles on how a box running MS ISA can be used as a NAT, firewall, proxy server, etc.

    With both of these products, you would need a pretty powerful CPU configured as a bastion host, which would sit between your network and the internet (basically, all network traffic would pass through this machine). This may or may not be in your budget range....

  5. #35
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Here's one for slackware 12

    http://www.cochiselinux.org/files/sl...-snort-0.2.txt

    not sure how good it is.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  6. #36
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by spankdidly View Post
    Here's one for slackware 12

    http://www.cochiselinux.org/files/sl...-snort-0.2.txt

    not sure how good it is.
    I had attempted that extremely long and in depth tut, but in the end couldn't get it set up properly in BT3 (Barnyard and Acid didn't want to play).
    dd if=/dev/swc666 of=/dev/wyze

  7. #37
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by swc666 View Post
    (Barnyard and Acid didn't want to play).
    Are those some of your friends? Lol.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  8. #38
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by anubis2k7 View Post
    You can also setup snort on windows, however, it looses some of its functionality. This website has a windows snort/apache/mysql/BASE package plus tutorial on setup and configuration:

    http://www.winids.com/

    It's good start if you have never worked with snort before, and are not fluent in linux, but I definitely recommend using snort on a linux box in the long run.

    Here as a tutorial on how to setup snort/.../BASE on fedora box:

    http://www.infosecwriters.com/text_r...t_base_fc3.pdf

    It is a bit out of date, but it should point you in the right direction.

    In regards to your packet dropping/firewall issue, I have two recomendations. One is snort inline, which basically drops all packets that are suspect. The best way I can explain it is this: an intrusion dection system logs and alerts you to potential scans and attacks, snort inline is more of an intrusion prevention system, not allowing the packets to pass. So in essence, it functions as a firewall. The down side to this is you will have to do a lot of rule modification to prevent false positives.

    Another suggestion I have is microsoft internet security and acceleration server (ISA). You'll have to do some research on this one...but I have read articles on how a box running MS ISA can be used as a NAT, firewall, proxy server, etc.

    With both of these products, you would need a pretty powerful CPU configured as a bastion host, which would sit between your network and the internet (basically, all network traffic would pass through this machine). This may or may not be in your budget range....
    Thank you very much anubis2k7, your post is highly appreciated. I downloaded the PDF file and the above TXT file [Cheers spankdidly]. I cant find my bloody serial leads and power lead for both the Cisco router and switch, going to head to Maplin Electronics to see if they have something, even something I can brew up myself. Alternatively I can wait on my brother to see if he can find the leads in his attic.

    Now onto my USB install, lol..still havent started!

  9. #39
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Quote Originally Posted by streaker69 View Post
    I threw that together in Visio, only took about 10 minutes.
    Streaker69:
    Thanks for posting the layout, I've been meaning to do something like in setting up my lab.

    Also for other, using Visio or SmartDraw 2008 to map out your own network or a network you are pentesting is great to get a visual layout where you may see possible vulnerability or bad design. It also great it give the client a better and more detailed map of their network that they understand then their own IT Dept can.

  10. #40
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by BOFH139 View Post
    Streaker69:
    Thanks for posting the layout, I've been meaning to do something like in setting up my lab.

    Also for other, using Visio or SmartDraw 2008 to map out your own network or a network you are pentesting is great to get a visual layout where you may see possible vulnerability or bad design. It also great it give the client a better and more detailed map of their network that they understand then their own IT Dept can.
    I have a 42"x42" plot of my entire network hanging in my office. Instead of using the standard Visio Icons for the objects, I took pictures of each device, edited out the background and turned them into Visio Icons. That way, someone else looking at the map and seeing the devices knows exactly what they're looking at. I have it detailed to the point that the lines connecting equipment actually show exactly which port they're connected to on the switches.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 4 of 7 FirstFirst ... 23456 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •