Trajik

You will generally find with any sort of Server you open up to the Internet (FTP or WEB) that you get a lot of random access attempts from around the world. You are right in saying these are usually automated scripts or bots doing this. Best thing to do is make sure that the server is fully up to date with latest patches and your passwords for it are strong. (Most ideal solution would be to have that FTP server behind a firewall and VPN in to get to it or something similar, but we can't always have perfect solutions for every situation) One thing to do is if these login attempts are all coming from the same IP range, you could block that on whatever firewall you are using. But like I said, you will notice a lot of this kind of thing if your server is accessable on the Internet. One thing you could try to limit the attempts is to change the default port the FTP service listens to by default. So no doubt this is still on port 21. If you change it to something high and random you will get less hits.

Are you sure your hosting provider doesn't block 2525 aswell? Get one of your friends that is on an external network to 'telent <your-test-exchange-server> 2525' and see if they can reach it. This would be for testing purposes but not practical... Also, you can't set up an MX record which tells the querier what port it should use. All it is, is DNS. DNS is hostname to IP lookup... and in case of MX.. has a priority. If your host doesn't allow port 25 traffic, then you might be in trouble... at the end of the day.. all SMTP traffic will be knocking on your door on port 25... you could always set up a NAT that translates that 25 to another port number internally to your network.. but if that 25 isn't even reaching your network because of your provider, i don't think there is much you can do.

Symantec Enterprise is good... with the central distribution and monitoring... but it doesn't change the fact it is Symantec. I've used this in one company... worked OK... but with another company i deployed Mcafee Epolicy Orchestrator. Now that had some really cool stuff like distributing updates in a tree like distributed manner to other servers and workstations to save on resources. Probably nothing the latest Symantec can do... but Mcafee is a lighter load on workstations and seemed to work for me. If i was to do a deployment again, i'd probably do Mcafee... only because i know how to set it up and it worked. (i have a feeling the latest offering from Symantec for enterprise would probably have more features... but you might have to weigh up the $$$$ v $$)

Yeah oxit.it is the legit home of C+A. Thanks for the tip about a VM. That actually does make sense. I'll be sure to test it out. On a side note, JTR bruteforced this hash which was 8 random characters in 2 days!! haha, wish i had that VM up....

Ok that clears things up. Thanks guys. It is unfortunate that programs that rely so intensely on CPU calculations can't utlise the full power of a CPU. On that note, does anyone know of any cracking apps that do?

Hey guys, I have a vista machine that has some pretty beefy specs. I believe its a quad core. Now i was running Cain doing a bruteforce attack on an NTLM hash. When i watch the Vista processes. CPU is at 25%. I start up John the Ripper and start cracking it aswell. Look at the processes, and JTR is at 25% and Cain is at 25%. I want to use as much processing power as possible. Not being limited to 25% per process. Is this a thing with Vista just using each core for each process or whats happening? I'm not savvy with how Vista handles business. And i've never used any of these apps on a quad core so i am pretty clueless. Has anyone got some insight? Cheers.

Was reading this blog. This dude goes on a work trip in Adelaide (Australia) and ends up getting pretty wasted. I'm from Adelaide so represent! http://sleazeempire.com/?p=475 (oh and there is a spot of nudity towards the end, so NSFW warning may apply)

LOL..... Zelda??? Hmmm interesting. I can see it now. Sitting in a meeting... all of a sudden you hear this tinny zelda music coming from somewhere. People are looking around the room at each other with confused looks on their faces.

I concur. Me, i am wearing my pedobear approves tshirt. Most people don't get it. Although... i did notice a few strange old men following me to work thismorning.

Haha don't you love that. Glad you got it solved. I was going to throw in my 2 cents anyway. The best way i found was to yes... find what MAC address is associated to a switch port, then trace it to your patch panel and find exactly where it is. If you have numerous switches it could be a daunting task, i wonder if there is a way to dump running config of the mac address table from a switch. There probably is. If there was, you could dump the logs off all of your switches into a directory and run a grep or search through them all for the offending MAC address. (If anyone knows of such a tool to use for cisco switches let me know :) im curious )

I actually set up the exact same scenario a couple of weeks ago. I had never heard or seen of freeNX before i found it. I fucking love it. It is so stable and fast. Also good for giving users terminal acess. Shits all over VNC. Glad you got it working :)

Ok cheers. Pretty sure that was the case. I was looking at some documentation on our network and it was in Megabytes, then i got confused haha. Thanks.

Hey guys. We have a few remote sites that have got new data services installed. These are 6MB/s (megabyte) ethernet services. We need to upgrade our routers so we can not only route our traffic at the appropriate speed, but have provision for QoS aswell. Now i was looking at the Cisco product sheets at the switching speed of different router models. I don't want to get a router that won't forward the data quick enough. Here is the Cisco performance matrix with speeds. http://www.cisco.com/web/partners/download...performance.pdf Now i keep confusing myself. Are they showing the speeds in Megabyes per second or Megabits? If it is Megabits, am i right in assuming that the lowest router i would opt for would be the 2811. Or am i wrong and this is represented as megabytes? And in that case a 1701 would suffice. (i know i have to take into account bi-directional and QoS stuff. but i just want to figure out what speeds these are being represented as so i can make a choice) (i also know i could get a layer 3 switch but management doesn't want to pay the costs) Any help appreciated.

Ahh what a waste of breath :P I've never used OpenDNS. It should be pretty simple to add sub domains to it. Surely there is a configuration page, find your domain name, and add 'A records' for your sub domains there. Maybe google for 'Adding A records to OpenDNS' or something along those lines. SHould be pretty straightforward from there... now that you know what you are looking for :P

You have it set up with DynamicDNS at the moment. What Dynamic DNS provider are you using? Log into your Dynamic DNS provider and go to the section where you can configure your domains or change your domain name etc. This is where you will have to add your subdomains. SO at the moment, on whatever DynamicDNS you are using. You should have something similar to... <your DynDNS external IP> IN A domain.net (or it might be simplified. And just show you your login against what your domain name is. It all depends on your provider) Anyway, you need to add subdomains to that. So it would be like this... <your DynDNS external IP> IN A subdomain1.domain.net. <your DynDNS external IP> IN A subdomain2.domain.net. Now this all depends on what Dynamic DNS provider you use. I can't recomend any as i don't use them. But log into their website and have a look at your settings and see if you can add any subdomains to your current domain. Now that was for external. And it would also work for anyone internally trying to browse to it. Because i assume you aren't on a big LAN and you don't have an internal DNS server? If you don't have an Internal DNS server on your LAN, then the only way to get this to work is to 1) configure your dynamic DNS to also host your subdomains or 2) Add an internal DNS server (you wouldn't bother if you were on a small network) or 3) Just keep those entries in the host files for now. But basically, you need external DNS set up correctly if you want other people to view these websites. So have a look around your DynamicDNS provider and see what you can find. Good luck.

Sounds like you haven't got DNS set up. On the 'remote' hosts, for example. If you run NSLOOKUP on site1.domain.net or site2.domain.net. I assume it will come back with non existent domain right? It works when you put it in the host files because you are resolving the sub domains to the IP address within that file, your computer does not need to look up the DNS to find it. You need DNS A records for each subdomain you create. So if this is a local network of yours, what DNS server are you using? (You can find out my doing an ipconfig /all and looking for the DNS entry.) You will need the following on your networks DNS server. site1.domain.net. IN A <IP ADDRESS> site2.domain.net. IN A <IP ADDRESS> If you are trying to get this to work EXTERNALLY out on the internet. You will need to add your subdomains to your current DNS settings with your DNS hosting provider.

Haha i was reading everything in your post and agreeing totally, but was wandering where the debate actually was?.. Then I realized in my earlier posts i said to have a second NIC in the VMbox and have the 2 seperate networks on that same box. yeah sorry, i agree, thats a bad idea. I probably should have explained more. You would have a firewall (say windows firewall) preventing the untrusted NIC or network from accessing anything on the box (deny all). But looking at it now, that sounds unnecessarily messy. Keeping the one NIC on the VMbox and put it on the DMZ or in the Red zone. Then control access to it with ACLs is the simplest way.

You say VLANs are the only secure way... VLANs standing for Virtual LAN. The suggestion originally to add additional NICs was to separate the networks. A VLAN is splitting up the networks virtually, and then you can put access controls in place to secure traffic going across the VLANs. It's exactly the same as adding additional NICs. They will be on 'seperate LANs'. Physically, not virtually. They will have ACLs and routes protecting from one LAN to the other. In this scenario, of course the green zone can access the 'DMZ' or even the 'Red Zone'. That is the point of a DMZ. Trusted networks can access untrusted, but untrusted can't access trusted. What do you mean? The point of the DMZ is so OUTSIDE or public hosts can access the resources on the DMZ, but not access the trusted network. The trusted network, or 'all inside hosts' still need to access the resources on the DMZ also. That is the point of it. Maybe i am missing something but that is a secure way of implementing this. And i will say MORE secure than VLANs, as VLANs you are introducing another layer of attack vectors (layer 2).

lol i agree... i'm the same. i can't stand reading books. I had no choice when i first started learning networking, but now with the plethora of videos and CBTs it makes life easier. And yeah, totally agree, most presenters are so boring and sterile... oh and those whiney nerdy voices like a cartoon character. My favorite presenter would be Jeremy Ciora from CBT Nuggets. He does Cisco and Microsoft Vids. He is gold... he goes off on tangents about watching 24 with his wife and getting excited when he sees the Cisco IP phones and when he was watching 'Firewall' with Harrison Ford he was all cheering because Harrison used the correct ACL on the firewall to lock out the 'hacker'. Haha it's good value.

Run PMDump on his machine copy his browser memory. Then we he leaves, sift through it and collate all of his online accounts/logins. Then... i don't know... world is your oyster. Mess with his online accounts.. profiles, avatars, profile pics etc.

I was playing with this the other day. I got it working against remote hosts on my network and did a mini write up on when my online bank account was vulnerable and when it wasn't. The problem is the vast amount of data that gets dumped. And searching in a string like 'password' or 'login' will rarely get you useful information. You really need to know the specifics of what you are looking for. For example, the start of your/victim's password(s). Regardless, i really like this tool and would like to see it developed with some other features or at least utilized with some other code. I had a few sinister ideas floating around but i don't think i will share them here :)

Did anyone see the follow up with chad vader? I'm not really a fan... but a few of your geeks might be... *runs*

Haha i understand. You don't have to go through the whole 'network' setup thing just to play with exchange. I'd recommend just keeping that inside as you play with it, because it could get pretty confusing (if it wasn't already :P) Then you could play with all the network stuff separately. Totally up to you but yeah. Have you thought about doing any self study on networking? You'd be surprised at how much you learn and understand from even going through a couple of the CCNA ebooks. Especially on routing and VLANs in your case. Things would become so much clearer :). Worked for me.

I've never heard of it. Seems like a kinda cool idea. Basically the 'waste' program is just VPN-like software which comes with a little browser. Sound very gimmicky to me though. 'Darknet'? 'Waste'? 'port forward port 1337'? (wasn't that the subse7en port??) I guess it would be a 'simple to use solution' for people who don't have the capability to set up real VPN communications. If you do happen to try it out. Let us know your experiences.

Looking at that Netgear... it doesn't look ideal. Check out some user reviews here http://www.newegg.com/Product/ProductRevie...oOnlyMark=False Are you doing all this just to play around? Or is it something you will actually be using a fair bit of? If it's just to play around, you may be able to do something similar like this. Now this is what we spoke about using the same physical connections, which i don't like doing, but it will still work... if you get a second NIC for your VMbox, it will be better.... Keep your firewall 'as is'. (im only going to say add a second NIC to your VMbox, because i think it will be more efficient and better for security, but you could just use the same NIC and give the Virtual Machine this IP.) Install a second NIC on your VMbox. Give it a 0.x IP (red zone). Create your virtual machine and bind it to the new NIC and put it on the 0x subnet. Plug that NIC into your switch, which in turn plugs into the 0.x NIC of your firewall. (i can't view your diagram right now so i forget how your switches are set up, but you want to have a red zone switch, and a green zone switch. Don't use the same ones. If your switches were managed, you could VLAN this, but if not, you are best seperating them physically as it's ideal security. If you can't separate your switches, and can't set up VLANs on them... then you may aswell just do below and don't bother with installing a second NIC) Basically this configuration is just removing the part where you need a separate DMZ. Technically this is still a DMZ by design as 0.x is not a public address. You can still have access rules on the firewall to prevent people from going across to your green zone (as im sure is already in place) and have rules to allow green zone traffic > into red. If you DIDN'T get a second NIC, or you can't seperate your switches by 'zone', you could just create a virtual NIC with 0.x within VMware, and run it into your switch > into your firewall. It will work the same but i don't know, i just have a thing about Layer 2 where i think it should be seperate if you want the security. When all that is set up, all you will need to do is (depending on your modem/router) is port forward the traffic from the internet to your VM. It will go through your red zone, and stay in your red zone. Green zone will also be able to access it (obviously just using its 0.x address) Sorry if that post was a bit jumbled, i'm still half asleep