Tuesday, February 26, 2013

IPtables: drop some silly portscan techniques




To prevent some common portscan techniques (FIN, XMAS,NULL, etc) you can extend your iptables firewall by these rules at top of your incoming interface (replace “venet0″ by your interface e.g “eth0″)



# from iptables-save, for iptables-restore
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -i venet0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -i venet0 -m state --state INVALID -j DROP









Posted by



at





No comments:
  

















Labels:
,
,
,
,

























Securing Windows with EMET












The enhanced Mitigation Experience Toolkit (EMET) is designed to
 help prevent hackers from gaining access to your system. 

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc. 

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:










Posted by



at





No comments:
  

















Labels:
,
,
,

























USA: Copyright Alert System "Six Strikes"  starts












After some delay, the "Copyright Alert System," which will provide notices to consumers if their ISP suspects illegal downloading, is now ready to go live.
The Center for Copyright Information (CCI), which is overseeing the effort, said in a Monday blog post that "today marks the beginning of the implementation phase of the Copyright Alert System (CAS)."
"The CAS marks a new way to reach consumers who may be engaging in peer-to-peer (P2P) piracy," the group said.




Read the full article








Posted by



at





No comments:
  

















Labels:
,
,
















          

        

          

        

Thursday, February 21, 2013


          

        










Skype runs hardened Linux on 10.000 supernodes












Microsoft has drastically overhauled the network running its Skype voice-over-IP service, replacing peer-to-peer client machines with thousands of Linux boxes that have been hardened against the most common types of hack attacks, a security researcher said.
The change, which Immunity Security's Kostya Kortchinsky said occurred about two months ago, represents a major departure from the design that has powered Skype for the past decade. Since its introduction in 2003, the network has consisted of "supernodes" made up of regular users who had sufficient bandwidth, processing power, and other system requirements to qualify. These supernodes then transferred data with other supernodes in a peer-to-peer fashion. At any given time, there were typically a little more than 48,000 clients that operated this way.










Posted by



at





No comments:
  

















Labels:
,
,
,
,
















          

        

          

        

Wednesday, February 20, 2013


          

        










VMware DLL Injection













VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen.
VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library into the VMWare process to gain access to the mapped resources. The DLL library works by parsing memory space owned by the VMware process and locating the memory-mapped RAM file, which corresponds to the guest’s RAM image. By manipulating the allocated RAM file and patching the function in charge of the authentication, an attacker gains unauthorised access to the underlying virtual host.
VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems. The in-memory patching is non-persistent, and rebooting the guest virtual machine will restore the normal password functionality











Posted by



at





No comments:
  

















Labels:
,
,
,
















          

        

          

        

Tuesday, February 19, 2013


          

        










Windows ASLR Analysis













Abstract: Address space layout randomization (ASLR) is a prophylactic security technology aimed at reducing the effectiveness of exploit attempts. With the advent of the Microsoft® Windows Vista operating system, ASLR has been integrated into the default configuration of the Windows® operating system for the first time. We measure the behavior of the ASLR implementation in the Windows Vista RTM release. Our analysis of the results uncovers predictability in the implementation that reduces its effectiveness.

Written by Ollie Whitehouse, Architect,
Symantec Advanced Threat Research

Download as PDF









Posted by



at





No comments:
  

















Labels:
,
,
,
,
,
















        

      









Subscribe to:
Posts (Atom)