SEARCH RESULTS
 
Showing 1-10 of 33 records
 
Expand article

TCP Syslog =/= Reliable?

2008-04-03 13:28:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...TCP with being "reliable." Rainier here raises a few interesting issues (not the least of which is TCP buffering) that question the reliability of TCP syslog Is there a need for a "more reliable" TCP with application-level ACKs? Maybe ... but not in the world where UDP syslog is still king About me: http://www.chuvakin.org
 
Tags: tcp syslog, tcp, reliable, log transfer, udp syslog, issues, reliability, unreliable, world
 
 
 
 
Expand article

OSfuscate: Change your Windows OS TCP/IP Fingerprint to confuse P0f, NetworkMiner, Ettercap, Nmap and other OS detection tools

2008-10-03 00:15:15 by Editor in Irongeek's Security Site
 
...TCP/IP stack works, thus changing how the above tools would detect the OS. I wasn't sure what all registry changes to make, but luckily I found Craig Heffner's work on the subject. In this post I cover the issue of passive/active OS fingerprint detection, as well as release my tool OSfuscate
 
Tags: fingerprint, tools, confuse tools, fingerprint detection, registry, windows box, nmap, change, tcpip stack
 
 
 
 
Expand article

An improved clock-skew measurement technique for revealing hidden services

The Article has images
2008-06-26 05:12:21 by Steven J. Murdoch in Light Blue Touchpaper
...TCP timestamp clock source I used, then it would take longer still This limits the attack since in many cases TCP timestamps may be unavailable. In particular, Tor hidden services operate at the TCP layer, stripping all TCP and IP headers. If an attacker wants to estimate clock skew over the hidden service channel, the only directly available...
 
Tags: clock-skew measurement technique, clock, clock-skew, clock transition, clock source, clock skew, magnitude lower noise, tcp, tcp timestamps
 
 
 
 
Expand article

A Security Assessment of the Internet Protocol

2008-08-20 07:48:56 by schneier in Schneier on Security
 
...TCP/IP protocols were conceived during a time that was quite different from the hostile environment they operate in now. Yet a direct result of their effectiveness and widespread early adoption is that much of today's global economy remains dependent upon them While many textbooks and articles have created the myth that the Internet Protocols...
 
Tags: internet, assessment, security assessment, security, security flaws, flaws, internet technology, internet operations community, protocols
 
 
 
 
Expand article

Using Metasploit to create a reverse Meterpreter payload EXE by John Strand

2008-10-15 17:53:56 by Editor in Irongeek's Security Site
 
New Video: Using Metasploit to create a reverse Meterpreter payload EXE by John Strand John Strand of Black Hills Security sent me an awesome video on using Metasploit to create an EXE with the Meterpreter payload that creates a reverse TCP connection outbound, blowing through many NAT boxes and firewalls. This goes great with a previous video I...
 
Tags: exe, video, previous video, metasploit, meterpreter payload, black hills security, awesome video, exe bindersjoiners, nat boxes
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...tcp/23 or ftp fon tcp/21. Others left you wondering, what the heck is listening on tcp/515 or tcp/7100? And remember, you couldnt ask Google because it didnt exist (well, maybe it did depending on when you got into security Your first real lesson about locking down a host was how to reduce its attack surface. You learned how to disable...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
...TCP by sending single packets but some anti-DDoS boxes out there stop that sort of connection from even hitting a box. They do this for flood protection. They wait for a full TCP state to be initiated before they connect to the web server behind them (similar to a proxy server actually Heres where some programming skill could come into play....
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

Malware Infected Hosts as Stepping Stones

The Article has images
2008-02-21 22:03:01 by HASH0x8b1f7bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...TCP connection from the "outside" to a proxybot on the "inside" and a subsequent TCP (or UDP) connection to the target destination (typically a mail server on the outside The commercial aspect's always there to say, and vertically integrate since besides selling the product in the form of the tool for, they could eventually start coming up...
 
Tags: hosts, malware, socks hosts, malware infects hosts, top application, application, stones, top, activities
 
 
 
 
Expand article

7 Seminal Security Books Every Security Wannabe Should Read

The Article has images
2008-03-17 17:49:28 by Craig Balding in Security Wannabe
...TCP/IP Illustrated, Volume 1: The Protocols (Addison-Wesley Professional Computing Series I remember the day I read that the author of this book - Richard Stevens - had passed away. I was shocked and saddened. This may sound strange as Id never met him, nor had any correspondence with him. The reason is simple: through his writing, he had an...
 
Tags: books, security books, software, software security assessment, security, thick books, security wannabe, software vulnerability research, software security