Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: Building a DHCP server under Linux, :CueCat privacy advisory, Carnovore FAQ, VBS.Disabled.Worm, Detection of unknown viruses, Major vulnerability in Alabanza control panel, E*Trade login/passwords remotely recoverable, Ciscosecure ACS vulnerabilities, Browsegate v2.80 dos, Red Hat Glint symlink vulnerability, Extent RBS directory transversal, exploit using Eudora and the Guninski hole, Wincom LPD dos, DG/UX kdebug daemon remote vulnerability, and more.
51b6b27c22f175737877cc0d9468dcdc77c0ac0cd039baae902daa9a6a126768New versions of Stacheldraht and Trinity distributed denial of service (DDoS) attack tools have been found in the wild. The new versions of Stacheldraht include Stacheldraht 1.666+antigl+yps and Stacheldraht 1.666+smurf+yps. A variant of the Trinity tool called entitee has also been reported.
bf70582377dd6c20bb49cdd77ca3e0c56492dfd692b6275a785542a9865f27f6DNSHoe.pl v1.0 is a perl script which looks up hostnames for a range of IP addresses. Good for doing low profile network reconnaissance. Requires NET::DNS perl module.
8ec26f5c8d81342f7b0b163a761ae8c07e21c96033d3c3937f3b27cbed37ebd5Microsoft Security Bulletin (MS00-069) - Microsoft has released a patch that eliminates the "Simplified Chinese IME State Recognition" vulnerability in Windows 2000 which allows a malicious user with access to either a physical keyboard or a terminal server session to gain LocalSystem privilege, without logging onto the machine. Microsoft FAQ on this issue available here.
e6561dc5d442f32b4b2b9f66505a703d117d83ea92d5675bd658cd94ab2b12e3Sendmail is a very popular unix Mail Transfer Agent, a program that moves mail from one machine to another.
ae34096c24be271f4b2392de0b8671255ddbdfd32938193760530348d23d0325BFBTester is a utility for doing quick, proactive security checks of binary programs by performing checks of single and multiple argument command line overflows and environment variable overflows. It will also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting initial mistakes that can red flag dangerous software. Tested on FreeBSD and Solaris. Some overflows found with BFBtester are here.
352e56368cecec67fcf3f4d50db5519b0d27e2ca85fdeb5e38df1ce311dfdbf9Winsniffer is a packet sniffer for the Windows console designed to be effecient and flexible. Screenshot available here. This is a trial version.
2faa11fb3655d3a03324f268eb9e9a99c2ad0d94184b6968ee4ce8417fe1078dSpade stands for Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin to report and score unusual, possibly suspicious, packets. The anomaly score that is assigned is based on the observed history of the network. The fewer times that a particular kind of packet has occurred in the past, the higher its anomaly score will be. Based on the SPICE Whitepaper.
2d6fa9e406470ef908f831043f095d3795da1bdc0dcb001c6ef8411dfc6f8b38SPICE Whitepaper - The Stealthy Portscan and Intrusion Correlation Engine is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it. The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet it. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development but an implementation of the anomaly sensor called SPADE has been released.
c99f6f93498d742845e7c30fc7a248c8ed4aea75426f04e9ec5ace07517adf05SIDEN is a distributed network discovery tool which allows you to simulate coordinated/distributed network probes by a group of attackers against one or many target machines. It uses a client/agent architecture where the agents are installed on multiple hosts. Works well on OpenBSD and FreeBSD.
71edb23b755f7de1eaaf2e5199b905da4676113137ff32ee57c6c86680f60d80Filewatch is a perl script which watches the CTIME of your files and alerts you to any changes.
e9b0b9efd07c128e57f46f40b0b2e0a783de6b4293eef730676aacb551c53e92The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
e275ddc9295a2fddee1e45c565df3832e526ec7cb6b0c378c9aa85ebbb90e5b1Arping is an arp level ping utility which broadcasts a who-has ARP packet on the network and prints answers. Very useful when you are trying to pick an unused IP for a net that you don't yet have routing to.
976349baa74d7c9985fcc53b8c28077afa403438fcce93e278e32ae3198d6aa6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed