lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <02d701c3560f$4d9ed960$6701a8c0@VALUEDBGU6KK3Z>
From: admin at governmentsecurity.org (Admin GSecur)
Subject: Dcom.c - (Shutting it down on 5,000 systems) - a Paul Schmehl Post

I have to say I agree with the previous statement if not with the
format. As admin we need to sometimes just suck it up and spend the
hours to correct a problem.

Now we are all busy especially the enterprise admins' who are over
worked and under manned.  But remember in today's job market there are a
million other people who won't mind spending the late nights at the job.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Andy Wood
Sent: Tuesday, July 29, 2003 3:22 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Dcom.c - (Shutting it down on 5,000 systems)
- a Paul Schmehl Post

??????? Some may have gotten this, sorry.? I sent it from the wrong
acct: 
Users: 
??????? There are inexpensive tools to take care of this for you, not
that MS lacks the free ones...oh yes, they do exist.? Dameware NT
utilities is one great 3rd party tool.? If you're an admin and haven't
touched this one you're missing out.? A few click of the mouse and all
you can hope for can come true.? It also can be used on both sides of
the fence....it is one of my main utilities for working my way into
networks.? Now, be warned all, it may not have a button to do the exact
function you're looking for, but rather has the ability to perform batch
functions...even across domains and standalones (given the correct
creds), and that's really the issue here, right.? If'n one has been
blessed with "Creativity" then that person may just be able to use it
beyond the help, faq and user files....but don't assume you have it
(creativity), most don't.
??????? (Now that I see the rest of the orig post I'll comment on the
IDS part): 
??????? Weak-ass admins ONLY complain that IDS' make work for them AND
that they are worthless.....Boo hoo, *we* have to research, *we* have to
interpret and *we* have to take action....WAAAAAAAAAAAAAAAAAA.? 
??????? So, some joe-hacker that has intelligence so far beyond most
any-type admin (especially Windows), and he wants into your
network.....the complaint is that ya might have to do some analysis??
Just like in the Navy...Officers don't know shit!? That's why they're
called Security Analysts, clown...cause they analyze security threats
and take actions.? Hell, I don't know ANY OS that I would trust to make
an informed decision on taking action.? And if yer staring at a 1/2
million alerts then perhaps you need to hire someone competent to tune
your IDS....and if you have, perhaps you should FIRE THEM!
??????? I'm not surprised to hear it though...especially from an edu,
you guys are your biggest enemies.? If ya want easy access, take a
university.....easy targets.....lamer admins.
??????? 5,000 system changes, such as disabling DCOM.....about 30mins of
work and I'm off to bed.....which is a good thing, cause I'm friggin'
fallin' asleep ova hea. Zzzzzzzzzzzzzzzz
??????? Oh, BTW...Secure your *STUFF* man.? I mean a denial of service
without even entering a password??? What kinda security does
ut-Steers-n-queers have.? I mean 129.110.8.140, 9.96, 11.30 all allow
changing the IP information and resetting the device thus causing a DoS
(Not to mention dozens of others).? I could go on and on with others,
but that wouldn't be nice.? Betcha there aren't any alarms on the IDS
for that huh?? What kinda? University allows there users to use Kazaa
(129.110.19.223 - User:sinc, 15.46 - User:Butt40, 27.59 - User:kimbom,
27.149 - User:kingfuhampster....I guess we know what the FU in kungfu
really means)??? Isn't the RIAA getting up yer pooper for that?? Should
you use time sync?? How can you tell when an attack acutally occured, to
the second, and on which systems.? I'm not even going to ask about
129.110.94.181.
??????? Be careful man, or all your holes might cause AVIEN to mean
'Another Virus Infected Enterprise Network' ??????? 
Andy 

On Sun, 2003-07-27 at 14:24, Jason wrote: 
> 
> Ok: 
> In short it goes like this. 
> 
> Click Start->Run 
> Type "dcomcnfg.exe" 
> Turn it off 
Great!? Now go click all 5000 computers we have to take care of.? This 
is exactly what I'm talking about.? You smugly criticize networks for 
not fixing problems, yet you completely ignore the fact that the tools 
to do this on an enterprise scale either don't exist, are far too 
expensive for the average network or require scripting expertise that 
most don't have.? Not to mention the fact that for this to even work, 
the security context must be administrator and the concept of sudo 
hasn't entered the Windows world in a secure implementation (that I'm 
aware of). 
> 
> Please see references above for the counter to this statement. 
> 
> As to charging for the knowledge. Yeah, it is my time and my mind that

> does the work, of course I am going to charge for it. Does UT provide
an 
> education for free to everyone? 
> 
No, but we don't charge them an arm and leg either.? Like most 
universities, the product we provide is bargain priced and available to 
almost anyone that's alive and breathing. 
> 
> Hardly hypocritical, the information is free for the taking and the 
> tools are readily available. Most of them already exist in the OS that

> was paid for. It simply requires that the time be put in to do it. 
> 
> To the open source easy to use statement, since windows is pay to use 
> why would anyone expect to be able to manage it for free? 
I don't think it's unreasonable to expect an operating system to come 
with the tools to manage it on an enterprise level rather than having to

spend extra dollars for that functionality.? Do you? 
>? I vote to 
> spend my time making the free things easier to use so I do not have to

> buy windows. 
> 
Then don't criticize the Windows "community" for not having the tools to

do the job.? Criticize Microsoft. 
> 
> I live in the real world, it is harsh and brutal, it is in fact the
same 
> world we all live in. Unfortunately the universities are half the 
> problem here. A fantasy world exists on every campus where the belief
is 
> that everything should be free and you should be able to do what ever 
> you want. 
You're sadly mistaken.? Unis don't expect to get everything for free. 
But they don't get enough funding to purchase a full set of commercial 
tools either.? And where do you think a large chunk of the open source 
stuff comes from anyway?? Who writes much of the code?? Who provides the

mirrors to the world, free of charge?? Who does most of the research? 
>? Only one catch, we charge to be here at university to have 
> access to our fantasy world where you get this information and do what

> you want but we want you to give your information to us for free even
if 
> you are not in our fantasy world. That is hypocritical. 
> 
It would be, if that were reality.? The reality is that most people's 
education is highly subsidized by governments and private contributors. 
If students actually had to *pay* for their education (what it actually 
costs to provide it to them) there would be far fewer students, far 
fewer universities and a lot less open source programs. 
> 
> Here we go again with this fantasy stuff, the information is free, the

> work to implement it is yours to do. 
Funny how you think *your* labor has value, but the IT admins' does not.

> > 
> > IDSes don't protect anything.? They merely tell you where the shit
just 
> > hit the fan.? IPSes are still in their infancy, and very few admins
are 
> > going to trust them to stop bad stuff without also stopping
important 
> > traffic. 
> 
> Some select quotes from any dictionary. They seem to apply to IDS in 
> this case. 
> 
> protect: To keep from being damaged, attacked, stolen, or injured;
guard. 
> 
> guard: To protect from harm by or as if by watching over. 
>???????? To supervise entry or exit through; keep watch at. 
> 
> 
Oh, I get it.? You've never actually used an IDS.? You just understand 
the dictionary definition of one.? Try sitting in front of the console 
staring at a half a million alerts and see if the IDS *does* anything 
besides spewing information that *you* have to research, that *you* 
have to interpret and that *you* have to take action on. 
-- 
Paul Schmehl (pauls@...allas.edu) 
Adjunct Information Security Officer 
The University of Texas at Dallas 
AVIEN Founding Member 
HYPERLINK http://www.utdallas.edu/~pauls/
http://www.utdallas.edu/~pauls/ 


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
? 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ