Re: Anyone could help with a penetration test ?

To: Bob Alexander <bob@ngi.it>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: Re: Anyone could help with a penetration test ?
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Fri, 18 Mar 2005 00:50:20 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050318003117.20542A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 423A8E0B.1040109@ngi.it>

hi ya bob

On Fri, 18 Mar 2005, Bob Alexander wrote:

> I am fairly sure I have decently setup my firewall,

you can try those free online firewall testing/auditing scripts and
see what it says..   vs the (pointless) nmap stuff, unless the goal
was to find out what ports was open, which in itself is pointless,
as what you want to know is if the (sendmail/apache/etc) apps you are
running are exploitable 

> That said I know from experience that sometimes a second eye looking can 
>   spot errors even macroscopic. 

yup.. always a good thing .. but my eyeballs are iptables challenged
as afar as the 2nd eye can see for "reviews"

>I remember once I was setting up a 
> firewall in a bank's intranet and to my surprise it was not working as 
> expected and further analisys showed that the physical networking layout 
> had been grossly violated by a technician installing a "test" dual 
> interface machine which acted as a router short circuiting the DMZ and 
> the intranet :( :( the bank's sec officer was a little distressed :)

90% of the time .. that'd will be the case and the problem vs
a cracker from the outside world

> This is just my personal laptop which I use at home, in the office and 
> at customer premises.

ah ... the infamous (sleeping) trojans going from place to place ..

> > 	- real world audits, you're constantly bombarded by the script
> > 	kiddies
> > 
> 
> I'd like to see that ...

you should see tons of dumb ( usually harmless ) port scans from
everywhere ...  ( the so-called free nmap scans from the outside )

> is there a sensible IDS that is not too 
> difficult to configure and interpret and will not fill up my little free 
> disk space ? At home I am behind a NAT router with only a few known 
> ports open and therefore would be surprised to see much traffic.

ids is too too too much data to sift thru ... vs other more definitive
ways to identify security issues and potential problems

> I am running DHCP on my router's internal interface which is a private 
> 192.168 class and have physical control of the cabling (talking about my 
> home desktop :-> still trust my wife, kids and dog even though my 
> hamster sometimes looks at me with strange eyes).

i was thinking more a a corp world running dhcp to "anybody" or "anything"
and didnt know who's laptop or wireless they were allowing into their
networks and probably sniffing login and passwd info and nice juicy emails

> > 	- if you are running open wireless ... you're good as dead
> > 	and wep is broken
> > 
> 
> AFAIK the newer WEP schemes do not have weak IVs and to be broken need 
> 300-400K frames to be captured with airsnort/aircrack.

and worst, just like passwds, what do you think the people will be
using for their wep key ??  ( dead-beef, factory default wep keys, ... )

and better still 1/2 of the people dont use any wep, let alone wpa

>  Also with kismet I cannot see any wifi activity in my home.

depends on how it's configured ??  and if the host ( the wifi driver)
you're using is capable of "monitor" mode vs master vs managed vs adhoc
and other whacky permuations from the mountain-top out your window

> I therefore thought that if I 
> use a new WEP implementation and chnage the WEP key say a couple of 
> times a month I should have a manageable risk.

nah ... some folks claim to break a wep key in a few minutes...

>  BTW my sole traffic at 
> home is to the debian-user list and similar.

good, so if they were to spend their time to sniff and crack you
stuff, all they'd see is  debian list ... or ssl-scrambled web-based
online order, thou, ssl too is sorta breakable

> Sniff that if you like :) 

trust me .. somebody out there is ...

> :) (half joke since I do use IMAP to retrieve my emails and my ISP does 
> not serve that over SSL afaik).

you should get  your-own-domain.com and host your own personal emails
and use secure pop3  and/or secure imap  and everything else is
ssl or ssh enabled or equivalent

all this .. applies to wired connections too

> > 	- if you are using wpa enabled, you're at least in better
> > 	shape and hopefully running everything with ssh 
> 
> any unexpensive AP to suggest ?

time vs buying ...

from the $$$ point of view, its free if you build your own wpa-enabled ap

just need a wifi card that is prism54 based ( aka hostap driver )

other consumer off the shelf stuff does not always work in "all ways"
across all manufacturers and all models ... its a crap shoot of which
ones work with their competitors products

> See above ... it's only the hamster which worries me but my laptop is 
> still to heavy for her :)

i'd be more worried about the kitty and the dogg walking on the keyboard
:-0

but the janitor question was emant for a "secure work environment"

> again my house is guarded by a nasty dog :)

here's a juicy steak for lunch fido ... 

c ya
alvin

Reply to:

References:
- Re: Anyone could help with a penetration test ?
  - From: Bob Alexander <bob@ngi.it>

Prev by Date: Re: Linux Libc Headers?
Next by Date: Re: symlinked /tmp
Previous by thread: Re: Anyone could help with a penetration test ?
Next by thread: Nvidia Geforce MX400 graphics driver
Index(es):
- Date
- Thread