Thursday, December 14, 2006

Joe's BGP Page

Great reference page on BGP.

Tuesday, November 14, 2006

UDP/137

Today I finally got around to researching why our Windows DNS server keeps sending mass amounts of packets on UDP/137. From this post I finally figured out why. It appears when a DNS server can find a local record that Win32 gethostbyaddr() will additionally use NetBIOS for name resolution of the host and therefore send a packet to the host on udp/137 and given the size of your enterprise, this can be a pretty significant number of requests.

Thursday, October 26, 2006

Wednesday, August 30, 2006

EasyVPN

IOS guide for EasyVPN on IOS Remote to PIX/ASA 7.x EasyVPN Server (here).

Sunday, August 27, 2006

Port description for net/quagga

Opensource project for routing implementations on FreeBSD, Linux, et al. Found here.

PIX/ASA 7.x VPN/IPsec with OSPF Configuration Example [Cisco PIX 500 Series Security Appliances] - Cisco Systems

Here's an interesting config on allowing OSPF unicast over an IPsec tunnel between two PIX/ASA devices. The 7.x code removes the need to configure an additional GRE tunnel to encapsulate the OSPF unicast traffic.

Wednesday, August 16, 2006

Tuesday, August 15, 2006

Running out of space on the ol' iPod?

Upgrades! :

2. Press and hold the following combination of buttons
simultaneously for approximately 10 seconds to reset the iPod.
* iPod 1G to 3G: "Menu" and "Play/Pause"
* iPod 4G+ (includes Photo, Nano, Video, and Mini):
"Menu" and "Select"
3. The Apple logo will appear and you should feel the hard drive spinning up. Press and hold the following sequence of buttons:
* iPod 1G to 3G: "REW", "FFW" and "Select"
* iPod 4G+ (includes Photo, Nano, Video, and Mini):
"Back" and "Select"
You will hear an audible chirp sound (3G models and higher) and the Apple logo should appear backwards. You are now in Diagnostic Mode.
4. Navigate the list of tests using "REW" and "FFW". The scroll wheel will not function while in diagnostic mode.

Monday, August 07, 2006

Useful..

Here's the manual for TCPRelay ( and other related tools..)

Friday, August 04, 2006

Thursday, August 03, 2006

PDB

Yet again Matasano delivers some interesting tools. Ala GBD, this is PDB: protocol debugger with hooks for Ruby. Hopefully this generates some interest and keeps the code developing.

Monday, July 31, 2006

Wednesday, July 26, 2006

Metasploit Anti-Forensics

Some decent anti-forensics links.

Tuesday, July 25, 2006

Federal Cyberespionage

Interesting read.

Monday, July 17, 2006

Core Debian server compromised

Pretty straightforward - Debian was broken into (again). Post mortem revealed the compromise was the result of a local kernel exploit and weak user passwords. Without getting into a long winded rant here, but again this is clear example of why in many cases you can spend millions if not billions of dollars on security tools and architectures to mitigate all of your risks but the common compromise is the result of the abstract - you, the average user, developer or administrator. Just like physical security flaws, security begins to dissolve at the abstract human layer when Joe Schmo doesn't adhere to the recommendations or warnings and still plunges away with whatever. Many security researchers continuously focus on the coveted remote exploit for whatever common daemon/service you dare to run. If you talk to anyone who does penetration testing for a living, they'll gladly trade any one of those remote exploits for a solid internal local exploit simply because getting access is pretty trivial. You just have to evaluate all of the links of the chain, take advantage on that single one chain from a distance and then work your way up from there. This will bypass your IPS, Anti-X, HIPS, and Managed Security Operations center 100 out of 100 times.

Wednesday, July 12, 2006

Keylength.com

In case you ever have question about what's a solid key length to use; go here.

Phishing Filters

Here's one blog link about the new filtes in IE7 that help protect against Phishing as well as the Google toolbar for Firefox users.

Monday, July 10, 2006

Fuzzers

Here's a link to some useful binary protocol analysis fuzzers written by someone who used to work on Cisco's Critical Infrastructure Assurance Group.

Friday, July 07, 2006

NAC Resources

Some links and resources on NAC and NAC Framework.

Tuesday, June 27, 2006

For CS-MARS users..

For anyone who regularly uses Cisco's CS-MARS know the pain of having to rely on IE for the necessary Adobe SVG plugin to generate the pretty pictures from MARS. I came across an Adobe SVG plugin so you can use MARS with Firefox. Note: most of the topology maps don't generate properly but most of the graphs do however. I'm sure there's more to come..

Monday, June 12, 2006

So much for customer service..

In true capitalist zeal, more and more companies are oferring up our data for for the right price. SecFocus has a pretty in depth article discussing the logistics and the good/bad of our ISPs cooperating with our government to search for those pesky terrorists. I think in the 90's, they were also known as drug dealers, in the 50's through the 80's they were Communists and before then they were American citizens with questionable activities. Muddy enough for you? Good..

Good Bye Ethereal

Good bye Ethereal. Hello Wireshark(?). Same tool, gayer name.

Wednesday, May 31, 2006

Q&A with Cisco's CCIE lab exam developer - Network World

Network World article with the developers behind the CCIE labs.

Thursday, May 25, 2006

How well is your data protected?

Network World article on the risks companies face by outsourcing to companies based in other foreign countries who may not have a well developed law system around IT.

Wednesday, May 24, 2006

Virtual Malware

UMich and Microsoft paper on virtual machine based rootkits. Pretty crazy..

Germans running on Vegetable Oil...

Funny.

Thursday, May 04, 2006

Cisco SPAN

Bookmark for creating SPAN ports on Cisco Catalyst switches.

Wednesday, May 03, 2006

ANA Spoofer Project

Here's an interesting project being run out of MIT. Donate some time and see if you're network is vulnerable.

Monday, April 17, 2006

Friday, April 07, 2006

'I get angry about stuff'

CNN article on Henry Rollins on his new show and why he kicks ass. From the article:

"Getting into a beef with the military about the war is to me like getting into an argument with a cop about the law; it's really not the person to take your grievances out on."

'I get angry about stuff'

Henry Rollins on his new show and why he kicks ass. From the article:

"Getting into a beef with the military about the war is to me like getting into an argument with a cop about the law; it's really not the person to take your grievances out on."

Now even Arbor blogs..

About time that Arbor made a blog. Now if they'd actually discuss something interesting...

NetBSD's CGB

If I only used NetBSD.

Sunday, March 26, 2006

Paranoid?

For the paranoid users reading, refer to this. The onion router network is an excellent way to scrub your source ip when you're just surfing or logging into a friend's server. Read the documentation here to install. Then either use the proxy settings in PuTTy and make sure to use SOCKS4 and keepalives to keep it alive, or if you're doing it from command line use socat to create a bidirectional connection with the destination. Example:

socat TCP4-LISTEN:4242,fork SOCKS4A:10.0.0.1:www.fbi.gov:22,socksport=9050
ssh -p 4242 federale@localhost


The connection/latency isn't always the greatest but at least you've covered your tracks.


[federale@fbi:~] last -10 federale
federale ttypd ned.snow-crash Sun Mar 26 15:05 still logged in
federale ttypg ned.snow-crash Sun Mar 26 15:01 - 15:04 (00:03)
federale ttypd slab.caida Sun Mar 26 14:50 - 15:02 (00:12)
federale ttypd 137.148.5.13 Sun Mar 26 10:19 - 12:25 (02:05)
federale ttypb 137.148.5.13 Sun Mar 26 10:18 - 12:19 (02:01)
federale ttype 85.31.186.61 Sun Mar 26 00:08 - 02:13 (02:04)

Saturday, March 25, 2006

FreeBSD lists

I use FreeBSD. You should too. Here are some worthwhile FreeBSD mailing
lists.

Bugtraq

I'm this lazy. I don't want to subcribe and fill my quota with dozens of cross site scripting exploits but every once there are some good posts

Friday, March 24, 2006

Thursday, March 23, 2006

South Park v. Scientology (Payback)

And thus the battle continues..

To quote:

"A lot of us don't agree with the choices the Chef has made in the last few days," one of the children eulogizes him at a funeral. "Some of us feel hurt and confused that he seemed to turn his back on us. But we can't let the events of the past few weeks take away the memories of how Chef made us smile.

"We shouldn't be mad at Chef for leaving us," the eulogy concludes. "We should be mad at that fruity little club for scrambling his brains."

Tuesday, March 21, 2006

Interesting

Another day, another blog. It even has its own moderated mailing list.

Scientology v. South Park

While I'm not the biggest South Park fan, this battle just gets funnier and funnier. This could be up there with Ali v. Frazer...

Saturday, March 18, 2006

For the hardware hackers..

You might want to check bunnie’s blog if you're really into hardware hacking. There's a monthly 'name that ware' game as well as discussions on reverse engineering hardware like HP2600N Watermarks (if you're not aware of printer watermarking, you might want to read here first).

Friday, March 17, 2006

HP Openview whackiness

I was troubleshooting some significant network alert messages from Cisco Security Agent and determined it was relating to HP Openview sending ICMP ECHO packets to the host. Typically, some of the security checks in CSA wouldn't alert on this, however it appears the echo packets being sent to the host are putting random data into the payload as opposed to the typical packet payload. The CSA check thought it was someone sending an ICMP covert channel payload ala Project Loki (article 6) by Mike Schiffman
and Jeremy Rauch. Its pretty funny that commercial monitoring management software sends commercial grade host intrusion prevention software into a tizzy. Also read the SANS following from SANS discussing various ICMP packets that you see from the net.

Thursday, March 16, 2006

Coincidence?

Yano, if anyone ever doubts that politicians don't know how to prey on the American public take a look at what the Republican party is pressuring Google to do. Now add in one sick, volatile situation to sway the opinion of the masses and just see what kind of push back they express for letting them strong arm the freedom of the Internet.

Tuesday, March 14, 2006

Improved Sniffing

Here's a link over to Richard Bejtlich's blog where he mentions new improvements in FreeBSD's bonding support for bridge interfaces for network taps. I.E. allowing multiple interfaces to RX only and save some iterations from unnecessarily TX packets when you're just using it for Snort.

Sunday, March 05, 2006

Milwaukee Mexican Restaurants

Yesterday I went to Conejito's to satisfy my enchilada craving. Man, this place was great - cheap food (cheap as in served on paper plates and all meals are less than $5). You can also get plates of taco's (four at a time) for $3. Their chips & salsa is excellent too. Well worth the drive down to 6th & National. If you want something a bit more upscale, you might want to just check around the corner and visit La Perla. I ate there last year when my father visited and I've got to say it wasn't that bad -- margaritas are pretty good although it's bit more of a bar than a restaurant, at least where I sat anyways.

At any rate, if you're just looking to pick up a burrito for the road, I can't say enough about Chipotle which is quite honestly one of my favorite places to eat. Their burritos are huge, the flavor and spice is amazing, everything is cooked fresh each day, and their chicken is organically friendly. Check it out the next time you're in a rush.

And if you're not in a real Mexican mood but something close, try out Cubanita's the next time you're downtown. It's a great place for lunch although a little pricey for a lunch but if it's on the company dime - who cares? I highly suggest their Cuban sandwiches and empanadas (chicken, beef or spinach). They're pretty quick for lunch too. But they're also great for an evening affair and its just as lively, I'd recommend their mohitas to go with your dinner.

Friday, March 03, 2006

Professor Hacks-a-lot

Great Friday afternoon. Why oh why couldn't I have more professors like this when I attended university?!

Sunday, February 26, 2006

NSA going on a shopping spree..

The NY Times reports that the National Security Agency recently paid a visit to Silicon Valley shopping from what appears new technologies in data mining, a topic near and dear to every liberal's heart. The application itself isn't very new -- take volumes of data, feed it into a database and start to look for correlating events. Cisco and Symantec have entered the network security appliance market with their own data mining appliances which are hyped to take raw system logs from various entry points ( firewall syslog, antivirus and ids alerts ) and weed them out into a "actionable" events for understaffed security teams. And don't forget that auditors will dictate that "evidence" from your million dollar toy will ensure your Fortune 500 company from failing knee jerk, stupid laws that don't even work.

Sunday, February 19, 2006

Ciscio IOS Security guidde - 12.4

Quick bookmark to Cisco's Security configuration guide for IOS 12.4. Features now included: IPS, CBAC, dynamic access lists, DoS prevention and more.. Refer to earlier links if you don't have any hardware available for testing.

More attempts at defeating SP2

Here's
an interesting paper on defeating SP2 security measures, specifically Data Execution Prevention and Heap Protection. Haven't dived too deep into yet.

Saturday, February 18, 2006

Cisco Security Agent

Cisco Security Agent is probably one of the best host intrusion prevention technologies on the Windows platform. It policy driven that resides in kernel memory monitoring API calls and reduces some of the overhead that Symantec AV does not. It is not definition driven at all and takes security to a whole different level by actually preventing unknown/known attacks without requiring patching. Here are some case studies demonstrating its track history.

Cisco CSA Deployment Best Practices

Deployment guide

Sunday, February 12, 2006

MS v. Symantec

Now the Washington Post is reporting that the latest definition release of MS Anti-spyware utility will flag Symantec AV files as "PWS.Bancos.A" and delete them. Good job Bill. Just as the smoke is clearing from the anti-trust suite, his "beta" software just declared jihad on Symantec. Maybe Symantec will flag critical files for Internet Explorer as Adware/Malware and delete those off (probably rightfully so). God help us with what researchers find in the new Microsoft AV services.

Saturday, January 28, 2006

Santa came late..

A friend came across this Cisco 7200 emulator the other day and referred me to it. You can grab a 7200 image from here (CCO access required). Here's the development blog for comments and updates on what its able to support.

Sunday, January 15, 2006

For the newbies who never knew life before DSL..

Finally. Someone developed a War Dialer for UNIX that supports VoIP. For those people who forgot that its easier to dial into someone's fax machine to get in versus trying to exploit their web presence or cisco concentrator.

Tuesday, January 03, 2006

Opensource meets Cisco VPN Concentrator

A friend found this. It compiles pretty easily on FreeBSD and is in their port tree. Most of the other Linux and *BSDs are supported as well. I'll post more once I get it working with my work's vpn concentrator..