SupaRice
-
Posts
40 -
Joined
-
Last visited
Posts posted by SupaRice
-
-
I'm looking for a good event correlation device/software. Something that can help reduce the standard information overload you get from the tons of log messages from firewalls, IPS devices, servers, etc. Security oriented correlation.
I've had experience with Cisco's MARS:
http://www.cisco.com/en/US/products/ps6241/index.html
Which is a great idea, that works well in a lab. But in the real world, ummmm, not so much. Not to mention you have to have pretty much all Cisco gear for it to be of any value. And, like everything else they make, it's ridiculously expensive.
I've also messed with Splunk, which I think is awesome, but doesn't really put any intelligent correlation to the information. It just seems to be a better way to sort information.
Has anyone used something that they like? The only other ones I know of, which are both really expensive, are RSA enVision and Q1.
-
Yeah, I didn't take offense, I was just trying to apologize if I caused offense. I guess I didn't explain myself very well either.
I have a customer that wants me to figure out what they may be vulnerable to without running a scanner like Nessus or something. So all I have is version numbers and such. I was just curious what sites everyone here used for research. I figured if I asked, there might be some really good sites that are not well known.
Sorry for being a dumbass n00b, but my main job function doesn't take me as deep into hacking as I'd like so I'm not as familiar as you guys are.
Thanks for the replies.
-
Just asking.
-
Where is the best place for me to find any known vulnerabilities for application X and version Y?
-
So, I'm a n00b... maybe this has already been done. I've searched but I didn't see anything.
Would it be possible to do the following
Run Jasager on an Acer Aspire One, and use a 3G card to offer broadband upstream service to your
victimsfriends. ;)This link shows how to put a 3G card into the Aspire.
http://tnkgrl.wordpress.com/2008/10/28/mod...pire-one-hsdpa/
I'd like to be able to do this while booting from a USB thumb drive, so I don't have to use the Windows OS installed on my Aspire.
Do you guys think this would be possible? Or am I missing the boat, and someone has already done it?
-
Do this:
So that you can use linux without messing up your PC. Most new machines will boot from a USB. Backtrack has a lot of tools already installed and ready to go.
Or you could do this:
https://help.ubuntu.com/community/Installation/FromUSBStick
And once you feel more comfortable, you can move on.
Good reading:
Also, think of things you'd like to be able to accomplish. Like be able to configure all of your networking manually, wireless and wired. Then read the docs and howto's to figure out how to do it.
Most of all....
Welcome to the fold! ;-)
-
-
Linux as the host OS, Windows in a VM for everything you can't do in Linux. Which isn't much. For me it consists of a couple of company Windows only apps (.Net apps that require IE), and Visio. Because dia doesn't even come close. And the only other thing is iTunes. GTKpod sucks ass. iTunes sucks ass too, but at least it works. There really is no excuse for not having a better solution to iTunes by now, but then again I've not contributed to a solution so who am I to bitch about it.
Although it's been my experience that Hardy is WAY faster than Vista out of the box. That is without performance tweaking either, maybe you could get Vista to perform as well with some tweaks. I dunno, don't care.
I used to make an argument for Windows to people. Justifying it's existence, so that the non-technical folks out there who just want to surf the internet and check email could have something that was familiar and easy to use. That is no longer a valid argument. I'd say at least 70% of those people (who make up a large portion of the non-commercial computer purchases) would be perfectly fine with a Linux system. The only time that they wouldn't, would be if they wanted to play games. Games are better on Windows. That's all there is to it. It's just too much of a hassle to get it working in Linux most of the time.
And Windows does offer businesses something that most other OS's don't, AD and group policy. Although most don't use it, or at least not properly. It is something that other systems lack in the way managing rights and access. I don't do admin stuff, so maybe I'm missing something, but that's just been my observation. I know Apple has something like AD, but I've heard it sucks and isn't as comprehensive.
It's all what you are comfortable with. Both get the job done.
-
I've done it without a U3 following these instructions:
http://forums.remote-exploit.org/showpost....amp;postcount=1
But I don't seem the advantage of using the U3 to do that. I mean, you're already booted up to another OS for it to recognize a U3 partition. And if you want to boot from it, the PC would require booting from a USB. In which case you could just use the above type of full USB ISO.
-
I had to tab out the originally posted code to get it to work:
import urllib2 subs = ["www","wi","wik","wiki","forum","forum"] for sub in subs: site ="http://"+sub+".hak5.org" try: urllib2.urlopen(site).readlines() print site except: pass
But after that it worked like a champ.
-
Thanks, is there a way to pick up the loss percentage on the other line?
For instance, I took what you did and put this into ping.sh
ping -c10 -l10 $1 | grep '/' | awk '{split($4,t,"/"); print t[1], t[2], t[3]}'That gives me the min / avg / max from the second line of output, but I need to pull the % of loss from the first line too.
Thanks for your help!
-
So, I'm setting up cricket (basically like MRTG) for some simple network performance trending. I've used it before, but a long time ago. And I've lost a script that a friend wrote for me to measure latency.
I basically need to be able to do this:
latency.sh www.google.com
And get output that looks like this:
45.23 48.94 56.7 0
Which would be minimum, average, maximum round trip times, followed by % of packet loss.
I'm able to do this, but don't know how to write a script that will clean up the output:
#ping -l 10 -c 10 -n -q 172.20.227.1 PING 172.20.227.1 (172.20.227.1) 56(84) bytes of data. --- 172.20.227.1 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.299/2.362/2.451/0.065 ms, pipe 10
Can anyone help me? I'm sure this is a pretty easy thing to do, but I can't figure it out. I've been working on it for a while and looking at scripting guides, but nada...
-
News of slight fail:
Turns out that most wireless devices are retarded, and want to always connect to the channel 1 AP even if the channel 11 AP has 80% strength and the channel 1 AP only has 10%. The exception to this are macs, they seem to connect to which ever is the strongest.
Now I'm open to suggestions as to what to do. Setting them all back to channel 6 will be epic fail. At the same time setting them to call separate channels is epic fail because the connecting devices are retarded (except macs).
I could give each one it's own SSID, but that is slight fail in my tests. I could get my computers to connect to the renamed AP fine, but computers running Vista can't do it apparently.
What kind of APs are they?
-
I think you'd be fine with an off-the-shelf type antenna. I've deployed wireless for college dorms with concrete walls like you are talking about and the APs have those same style antennas. Although this would depend greatly on the specifics of your walls. Can you see the signal at all with your laptop's OEM wireless card?
-
I'm not really sure what kind of connectors and all you would need, but site below has it all. And they'll even custom make you something.
I've used the below style with good success. It's from an old Lucent Wavelan AP.
The plug directly into the old Orinoco Gold cards. And could probably be had on eBay for cheap.
-
That is quite nifty! I'm going to use this to tell my dog to get off the couch while I'm at work. ;)
-
Very cool! I don't use Windows much anymore, but I will check that out and pass it along to others. That's cool.
-
Just want to learn how to write code for my own purposes. Mostly to automate things when I need to, and maybe create an app or two here and there.
-
It'd really cool if there was a mod to hook up an external antenna.
-
Something I do that is kinda lame but gets me by on Windows is to setup a batch file to launch PuTTy. It let's me do Start > Run > ssh x.x.x.x
putty.exe located c:
ssh.bat located in system32
c:\putty.exe -ssh %1Any of you batch file masters know how to make the batch window go away after launching PuTTy?
-
Cisco is bringing a 3G module for their routers to market soon. Expensive, but cool.
-
Well then, you don't really have the right to call Vista an "infection", do you? I think you have to actually use an OS before you can say it's shit.
I was referring more to the fact that it was installed (and I had to pay for it), but didn't want it.
Chill bro, this is just internets...
-
I don't care if you use Windows. I've just lately stopped using it myself. I thought XP was great, I just don't NEED to use it other than for Visio. And I started to find myself using linux more and more in a VM inside of Windows. So now I've reversed that, and only use Windows for Visio inside of a VM.
Linux isn't without it's flaws, thats for sure! How about shit like sound not working from multiple sources at the same time out of the box. There's always some crap like that. It has proven to be way faster for me though, but that's me.
I don't know about Vista as I've not used it for more than like 15 minutes.
Use what you want, and don't get all pissed off. It's not like you wrote the code for Windows.
-
Sweet, thanks for the post!
I've got a project in mind already. It's a bit of a lofty goal for a n00b like myself, but it's always been easier for me to learn by doing.
What Are Good Event Correlation Systems?
in Questions
Posted
Yeah I've seen that, but I'm looking more for something equipment vendor agnostic.