Patch to use port lists in Snort rules
Posted by creining | Filed under Security
port-list-hack.diff is a patch to Snort that provides the ability to use port lists in rules, it does not work with negation.
alert tcp any [1024,2000] -> any [1,20,12345] (msg:"foo"; sid: 12345678;)
IP transaction tracker SANCP
Posted by creining | Filed under Security
sancp is the Security Analyst Network Connection Profiler. We at sguil are looking to integrate this component in order to replace or complement the current patch to spp_stream4 that provides session data. Another similar program to sancp is argus, the network Audit
Record Generation and Utilization System. We will be looking into the feasibility of supporting this tool as well.
Widescreen vs Pan and Scan
Posted by creining | Filed under Uncategorized
Upon receiving a DVD as a present during the holidays that was full screen (opposed to widescreen) I had to explain the difference. I found a great webpage comparing widescreen and pan and scan versions of the same movie at the Letterbox and Widescreen Advocacy Page website.
Legal implications of port scanning
Posted by creining | Filed under Security
I read a post by Fyodor on the Nmap mailing list mentioning two papers on the legality of port scanning, Port Scanning and its Legal Implications and Finding
Fences in Cyberspace: Privacy and Open Access on the Internet. The author of the latter paper, Ethan Preston, also wrote another paper entitled Computer Security Publications:
Information Economics, Shifting Liability and the First Amendment which covers the legality of publishing sensitive security information, particularly exploit code. This paper is lengthy but worth a read.
Free e-book on hackers
Posted by creining | Filed under Security
Free e-book about real life hack(er)s – Underground – Tales of hacking, madness and obsession on the electronic frontier.
Increased loss of privacy with mobile phones
Posted by creining | Filed under Security
Whoa, if you’re on the Nextel network and the mark…err friend/family member/coworker has a compatible phone, you can track their movement with http://www.ulocate.com. So I know that the “reason” this functionality (specifically GPS) was placed in mobile phones by their makers was due to assisting emergency response personnel (911, etc) in finding callers due to US federal mandate. The larger implication should be obvious, the ability for big brother to track people and place them at certain locations and times. Hopefully, this technology/data will be adequately secured, responsibly used, and not abused by big brother like GM’s OnStar. However, the only way to truly protect privacy is to not collect this information in the first place.
Snort named best open source product of 2003
Posted by creining | Filed under Security
I was alerted to the fact from http://www.snort.org that Snort was named by Information Security Magazine as the best open source product of 2003. The Snort website also states that there were 70,000 downloads of Snort just last month. IDS is certainly dead Gartner.
List of unpatched IE bugs
Posted by creining | Filed under Security
The recently pulled list of unpatched IE bugs at PivX has been recreated at http://continue.to/trie.
Nessus and Nmap frontend
Posted by creining | Filed under Security
I saw a post to the pen-test list about a PHP, Perl and MySql based web interface for Nessus and Nmap called inprotect. Apparently it was one of the tools mentioned in the recent paper Managing Data Center Functions with Open Source Tools. I’ll have to check it out as I didn’t find any screen shots available, what ever happened to the obligatory screen shot?