RE: [MLUG] scanning for vulnerbilities

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: RE: [MLUG] scanning for vulnerbilities
From: Mike Pepper <EMAIL:PROTECTED>
Date: 01 Aug 2003 10:39:00 -0500
In-reply-to: <EMAIL:PROTECTED>
List-archive: <http://mlug.missouri.edu/pipermail/members>
List-help: <mailto:EMAIL:PROTECTED>
List-id: MLUG Members <members.mlug.missouri.edu>
List-post: <mailto:EMAIL:PROTECTED>
List-subscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
List-unsubscribe: <http://mlug.missouri.edu/mailman/listinfo/members>,<mailto:EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-to: EMAIL:PROTECTED, MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

Greg with the latest CERT warning, can we can the machines today?
128.206.211.237
128.206.211.240

I would like to be on hand when these are run so that I can restart if
need be. I would certainly like to take a peek at the logs so that I
know where I need to get busy hammering things down.

Both machines are running web servers. I have Firestarter running on
them as well, so I'd like to see it's reaction as well.

Thanks

Mike

882-5052

On Mon, 2003-07-28 at 15:25, Johnson, Greg wrote:
> Mike & all,
> If you care to identify an MU IP address, I'll give it a moderate Nessus
> external scan. This tries as many as 1,800 or so stimulus response tests
> over the network.  There's about a 1 in 600 chance of locking up a
> service or crashing the OS.  If that matters, let's negotiate a time
> when you could be on hand to reboot or restart.  If you want, I can
> throw in a second, no holds barred scan which includes Denial of Service
> attacks.  These have a nearly 1 in 1 chance of freezing a service or
> system, and certainly can make it slow for a few minutes.  To get an
> overview of Nessus, see http://www.nessus.org.  You could download
> Nessus and test yourself, but for one shot it's not worth the effort.
> 
> There are a number of things one can configure, such as iptables and
> portsentry, that frustrate such scans, e.g. slowing down a 10 minute
> scan to 30 hours, or yelling when some kind of scanning is detected.
> These defenses are easy to set.  However, one should take care to have
> some way to automatically reset them after say an hour, or else they
> become another vulnerability to exploit.
> 
> --
> Greg Johnson
> Information Security and Access Management
> 615 Locust Street #204
> University of Missouri
> Columbia, MO 65211
> 573-882-5008
> 
> > -----Original Message-----
> > From: Pepper, Mike 
> > Sent: Monday, July 28, 2003 10:49 AM
> > To: EMAIL:PROTECTED
> > I am wishing to scan my own machine for vulnerabilities.
> > Is there a good tool out that can help me with this?
> > I am on campus so I need to be able to isolate it down to 
> > just my machine.
> 
> _______________________________________________
> members mailing list
> EMAIL:PROTECTED
> http://mlug.missouri.edu/mailman/listinfo/members
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

Prev by Date: Re: [MLUG] RSS/RDF Feed Aggregators (Review)
Next by Date: Re: [MLUG] repartitioning in Linux
Previous by thread: Re: [MLUG] RSS/RDF Feed Aggregators (Review)
Next by thread: [MLUG] Administrator
Index(es):
- Date
- Thread