SEARCH RESULTS
 
Showing 1-10 of 13 records
 
Expand article

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org
 
...UDP traffic above 1024. I'm a firm believer in deny all and make exceptions only via legitimate business case. If you can achieve such lockdown, even though your hosts may suffer infection, they won't be communicating with their friends and neighbors From API analysis we see a few interesting tidbits w32tm /config /update 403014...
 
Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192
 
 
 
 
Expand article

TCP Syslog =/= Reliable?

2008-04-03 13:28:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...UDP-based log transfer with being "unreliable" and TCP with being "reliable." Rainier here raises a few interesting issues (not the least of which is TCP buffering) that question the reliability of TCP syslog Is there a need for a "more reliable" TCP with application-level ACKs? Maybe ... but not in the world where UDP syslog is still king...
 
Tags: tcp syslog, tcp, reliable, log transfer, udp syslog, issues, reliability, unreliable, world
 
 
 
 
Expand article

Some Burning Logging Questions - Answered!

2008-04-23 16:20:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...UDP uncompressed has a chance of doing a pipe saturation DoS on your network. Yes, people say "use a dedicated LAN," but this is definitely wishful thinking for many. Also, raw UDP syslog in large quantities over WAN = insanity Q5: What were some successful strategies for obtaining buy-in from system owners and operators in regards to...
 
Tags: data, raw log data, logs compress, logs, analyze unknown logs, unknown, data retrieval commands, measure logs, log data
 
 
 
 
Expand article

Windows Live OneCare Firewall and Software

2008-01-10 07:37:00 by Keith Brown in Security Briefs
 
...UDP connections to all ports (I figured I needed four, since each rule only allows one protocol and you have to pick between local subnet vs. Internet). Then I shut off the prompts for "blocking" programs and everything seems to be working fine. But I wonder how many software developers will be running into deployment problems in home...
 
Tags: firewall, onecare firewall, software, outbound firewall, firewall outputs, windows live onecare, homebrew software, people, highly technical people
 
 
 
 
Expand article

Malware Infected Hosts as Stepping Stones

The Article has images
2008-02-21 22:03:01 by HASH0x8b1f7bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...UDP) connection to the target destination (typically a mail server on the outside The commercial aspect's always there to say, and vertically integrate since besides selling the product in the form of the tool for, they could eventually start coming up with various related, and of course malicious services in the form of spamming, phishing...
 
Tags: hosts, malware, socks hosts, malware infects hosts, top application, application, stones, top, activities
 
 
 
 
Expand article

Say When - Trusting Log Timestamps

2008-03-23 04:05:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...UDP or TCP port 514 connection are usually timestamped upon arrival BY the syslog daemon (using its own "knowledge" of time) - and then it shows up in the syslog files in /var/log Let's assess whether this "in-log timestamp" provides an adequate way of timing the actual event that is being logged. Answering this question is important for...
 
Tags: logs, windows event logs, syslog files, syslog, define logs, syslog-ng, system logs, syslog daemon, time
 
 
 
 
Expand article

Montego Networks spotted on radar

The Article has images
2008-03-28 12:40:02 by John Peterson in Security In The Virtual World
...UDP Ports) that they need to communicate on vs. opening up all channels. This helps mitigate exposure. So, lets say you open up port 6667 and only port 6667 for them to communicate with each other. Well, this is now a bit more secure than the other option of leaving all ports open but lets say this is a very very critical server and you want...
 
Tags: montego networks, montego, montego networks technology, montego networks announcement, announcement, virtual communication, communication, party security vendors, security vendors
 
 
 
 
Expand article

A Botnet Master's To-Do List

The Article has images
2008-04-26 14:36:23 by HASH0x8ae3c28 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...udp&tcp tsunami ddos (push +ack flood Scanning features latest vulnerabilities scan exploits scann for homepages (php/perl/cgi scripts (not a priority Sniffers and interceptors bank sniffer & readers paypal boa egold nationwide usw game reader steam Misc features encrypted config better clonning function (with timer based join (no...
 
Tags: botnet, commodity malware bots, malware bots, to-do list, wannabe botnet masters, malware, botnet masters, malware botnets, anti malware
 
 
 
 
Expand article

BackTrack Beta 3 Man Pages

2008-05-19 06:36:31 by Editor in Irongeek's Security Site
 
...udp , nemesis , netcat , nmap , nmapfe , obexftp , obexftpd , p0f , packetforge-ng , psk-crack , rain , runscript , scrollkeeper-config , scrollkeeper-gen-seriesid , sipsak , socat , tcptraceroute , truecrypt , tsql , unicornscan , vomit , wesside-ng , wordview , xls2csv , xminicom , xnmap , gdbm , etter.conf , scrollkeeper.conf , sudoers ,...
 
Tags: nemesis, nemesis-ip, nemesis-rip, nemesis-igmp, nemesis-icmp, nemesis-arp, nemesis-tcp, ettercap plugins, ettercap
 
 
 
 
Expand article