bwall

You are basically looking for a 3 part system. You only really need to write one. Most languages have some sort of voice to text and text to voice engine, whether they are built in(like in .net) or are external. This section would be the IO section, handling input and output. The next layer would be what you actually have to write to make this work at all. This is the translation section. It would be best to have a selection of commands for input, that can parse the command they are running on the actual system(the actual system, ie. your linux box, is the 3rd part). With command line applications being what you are running from this, you would want to pipe their input and output via the translation section. I would suggest avoiding using scripting languages for something like this, but mono isn't very good with the most intricate parts of .Net, and the alternative that will save you time is Java. And I hate Java. Let's walk through a use case: You say "Get System Uptime" The first layer recognizes speech, converts it to text, and passes it to the translation layer. The translation layer parses this string to make sure it matches one of the acceptable commands, in this case system_uptime(just for example). The translation layer then calls "uptime" with its stdout(standard out) piped into the translation layer, reading "18:51:13 up 2 days, 22:53, 4 users, load average: 0.47, 0.82, 1.02" The translation layer parses this string to get the uptime, converting it to what should be said, "The system has been running for 2 days, 22 hours and 53 minutes". This is passed to the first layer to be spoken. I feel this would be a good starting design for at least prototyping the concept. If you have an Android device, it would be kind of an easy project to do on that. My biggest concern about this project is my concern with any voice recognition system. When does it know you are talking to it? Random example, what if playing Uptown Girl makes it think you are asking for the uptime?

So I got to rethinking how I block web scanners, and had an idea for putting some code in my custom 404 page. Here is the run down of my idea. http://pastebin.com/Nf2YyAGe It blocks any IP that visits those pages(if they don't exist that is). I'm going to try your tool against that idea, and let you know the results. I'm not sure if PHP code will run on a HEAD command, but if it doesn't, that could be one way to bypass my idea. Edit: The custom 404/403 method does work against your tool. This includes ninja mode.

Ok, so the original question was about exploits in IRC? And MrProtocol gave the exact correct answer. There is no across the board exploit. As a developer, that would be one of the first bugs I would fix. When looking for vulnerabilities, you are looking for them in a specific piece of software and version. digip is right too. Google hacking isn't hacking into Google...its using Google to expose targets. IRC is most commonly used in hacking for bot nets. If you want to hack an IRCD, grab a version of it, and start poking holes. Or even better, if you can find the source, dig through that for holes. You can look at the Anope module list and find a few modules that have massive holes in them, for instance, http://modules.anope...page=view&id=42 That module has problems in many places, mostly revolving around its access system. The bugs that are mentioned mostly shutdown all services... If everyone knew a fuck-all vulnerability, then no one would use that software. So in most cases, when someone finds a fuck-all vulnerability, they keep quiet about it, tell the devs, or sell it. I say most cases meaning security experts, most you've never and will never hear of.

China's military puts way more money/effort into hacking.

Good catch, but yeah, I'm sure there are tons of backdoor cases that haven't been found yet. I just hope NTKernel didn't put one in Winpkfilter...

Its not a question of spying, its a question of remote access. If its to machines controlling the power grid, it could shut down our ability to retaliate altogether, unless there is a plan. Henry Kissinger talked about how China uses "shock and awe"/"rapid dominance" in various occasions throughout history. The whole point is attack out of the blue, leaving your enemy crippled to counter attack, winning the battle in one short carefully planned fight. The Art of War also puts a lot of emphasis on knowing your enemy, so spying does come into play, but like you said, they have been for years. I think the only way to prepare for an attack like this is what I refer to as a dead switch. A term taken from bomb making, the idea is that when something can no longer respond, an attack is triggered. Like if the bomber gets shot and dies, they let go of the dead switch, blowing everything up anyways. I realize this idea isn't very different from the Cold War nuclear war plans, but its not exactly dumb when all it does is stop our attacker from attacking and being able to coordinate their attack. The idea is that this would be a deterrent. If they attack us, they automatically get hit back. By the way, please limit the War Games references.

I've been following China's actions for a few years now, and its become extremely obvious that China is looking to pull off a flash and awe kind of attack in order to secure their place as the dominant country in the world. http://www.information-age.com/channels/security-and-continuity/news/2105468/security-backdoor-found-in-chinamade-us-military-chip.thtml Can anyone else see what is going on? Couldn't we be ready to hold off an attack that was written in the Art of War, or at least setup a method of striking back?

It might be a good idea to have a white list for stopping IPs from getting on the list, but that would be something static I would imagine. So machines can make sure they don't block their update servers.

How would they be prompted? If they can only add IPs to be blocked, it would not be very effective at taking down defenses. If a false IP is added, maybe a message signed with an administrative key could be sent out to remove the IP from the list. I guess that would be generated for every P2P net that used it.

The port traps are actually pretty easy to implement in iptables. Just add the ip to a list when it syns to the trap port, and set a rule to block any IP on that list. I am a fan of the honeypot approach, as I wrote http://honeyports.sourceforge.net/ a few years back, but what I'm proposing is a cross system P2P block list between trusted peers to stop attacks that your computers might not be vulnerable to, but someone else's could be. Or if they aren't vulnerable to something you are vulnerable to, getting the word to others that they should block communication with that IP. We could easily add a way for artillery to submit to this list. I'm thinking that it would be a daemon running on the machine, that anything with access could write to the "new blocked IP" file, and it would continually check if it had new entries, then upload them, while also managing the P2P communication from the others.

This got me thinking. Maybe we should make a collective of ips found vuln scanning us, and block them in Apache, fireBwall, and/or iptables. I already have a long list of people who tried to port scan firebwall.com, who are now dropped from the server. So the idea would be setup commonly scanned pages that are traps, that send the IP to the others who use the service, possibly via P2P communication. The same with port scans detected. Probably would be a good idea to have a timeout value on the IPs' bans, just long enough for people to update any vulnerable software they are running.

So I made a bunch of taunting 404 images on my server after I kept getting people checking to see if I had phpmyadmin. I figured I'd share them, and see if anyone else has some good ones.

I hadn't tried it out, I was just suggesting based on how I detect scans, the fact that yours does that puts it above most. I see scans from w00tw00t all the time, to the point where I started blocking IPs in iptables that scan my server for vulnerabilities, and made taunting 404 messages. :P

vb.net is an ok place to start for developing on Windows. For more serious projects, I would suggest something else.

The fireBwall team is always looking for more people. Check us out at https://firebwall.com We have some forums, a trello board, but we mostly talk in an IRC channel. I'm a software engineer finishing up college, with a lot of experience in design, and even more in development. You might be happy to hear that we are in the middle of redesigning the architecture of fireBwall, so you could see that process. #firebwall isn't where we talk, but where we answer questions for people. Take a look at the project and let me know if you want to join in. By the way, most of the code is C#, which is extremely easy to pick up if you don't already know it. -bwall

The major thing that gives away a web scan is how they don't really throttle the scan. I drop most web scans just by putting a SYN rate limit in my IPTABLES. It works with port scans and SYN floods too. I would look into HTTP 1.1 Keep Alive as it lets you keep the same connection to check multiple pages. This would stop you from getting picked up by the same rules that keep other easily avoidable attacks left out in the cold.

There's also running a free proxy, and I've been meaning to look into WINS as a protocol for potential with mitms.

Was that the IP list blocker? Because we do have a module called IPGuard that does that. It is included in the current version of fireBwall. We hope to improve it soon, allowing for IP block lists to be auto-updated and downloaded via the module, instead of manual downloads from www.iblocklist.com https://github.com/bwall/fireBwall/tree/master/IPGuard https://firebwall.com/modules.php#IPGuard There is the source in my git fork right now, it was a module headed up by drone, the other developer.

DNS cache poisoning and NDP poisoning(like arp poisoning for IPv6) for starters.

IIS is like Microsoft's Apache in the simplest way of explaining.

Hey guys, I've been working on an open source firewall for Windows for a while now. Its called fireBwall and it filters/edits/sends packets from user mode, and lets developers create modules that can filter/edit/send packets. Right now, modules are developed in .Net 2.0, just like the firewall(aside from the driver) is. We added themes because people kept saying the GUI looked lame, and for this occasion, I made a theme for Hak.5 We are fairly experienced developers, but we lack users who are writing their own modules. We allow users to submit modules so that the rest of the community can use them, and even help develop them. The same with themes. We are also always looking for more developers. I'm currently in the middle of implementing the new software architecture I drew up that will increase functionality, and make current functions more efficient. Here's a short demo of the latest version. If you want to try it out, you can download fireBwall from our site, and here is a template for Visual Studio for getting started with developing fireBwall modules. fireBwall Module Template 0.3.11.0.zip Just a heads up, the fireBwall installer installs the drivers that fireBwall needs to function, but the template does not. These drivers are currently supplied by NTKernel(the Winpkfilter drivers). Now here is the kicker. In the future, we plan on making a Module Market kind of place, where developers can sell their modules, whether they be for protection, or for attacks(like the ARP/NDP/DNS poisoning module PoisonIvy currently being developed). I think this will help security developers not only make a name for themselves, but be able to make some money without having to make an entire firewall. This project has been my raison d'etre for 6 months at least now, and I use it on all my Windows boxes(works on Windows XP all the way up through 8, including servers). You should check out the modules we've made so far and include with firebwall, the Save Flash Video module easily saves files played on sites like Pandora and Grooveshark, and various video sites. *cough* redtube *cough fireBwall Modules

ARP poisoning can cause a denial of service on the target depending on a number of variables. One could be the target's defenses. From my experience, commercial firewalls do a terrible job with protecting against ARP Poisoning, more often leading to denial of service to the target instead of actually protecting against the attack. It could also be the firewall on your machine. In both cases, this is where my firewall comes in handy. fireBwall is a modular open source firewall for Windows, letting you control packets at the NDIS layer. Anyone with .Net and networking experience can write a module(yes, user mode processing!) and we tend to write a few of our own. The Anti-ARP Poisoning module actually rectifies ARP Poisoning attacks by informing the other target(the router in most cases) of the correct mac->ip relationship. Also in the works, is our general purpose poisoner. One module handling ARP/NDP/DNS and other forms of poisoning. https://github.com/hatRiot/fireBwall/tree/master/PoisonIvy Sorry if that sounded like a commercial, but yeah, without explaining a bit more about your setup, we are kind of just pissing in the wind here.

fireBwall's SaveFlashVideo module will save megavideo streams I believe, but you actually have to buffer them in a browser first. Its been a while since I tested it on megavideo, but I know it works on stagevu, youtube, redtube, and various other streaming sites. As of right now, the only sites I know SaveFlashVideo doesn't work for is like stuff like Hulu and Netflix. I'm the head developer on the project, and its at firebwall.com if you want to check it out. -bwall

Hey, So I develop an open source Windows firewall that allows modular plugins for filtering traffic. It is more of a network framework for Windows, acting like a Winpcap that can drop/edit packets. I was wondering if you guys had any opinions about it, ideas for modules, or anything else. You can check us out at https://firebwall.com and the most up to date source code is at fireBwall on Github. Here is a short video demo of version 0.3.11.0 (youtube video for those with flashblock) Thanks, bwall