Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Defensive Countermeasures: Foundations for Becoming A Devious Defender: Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom Español


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


PaulDotCom Security Weekly - Episode 16 - Feb 24, 2006

By
Paul Asadoorian
on February 26, 2006 1:02 PM | | Comments (7)

Live from Paul's Dojo....

  • Sponsored by Core Security, listen for the discount code at the end of the show
  • Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
  • Last weeks winner was Steve Murawski, who is now a proud 0wner of "Penetration Testing Open Source Toolkit"
  • Please go update our frapper map!
  • Paul talks about 2 Security incidents, Dos from Japan, Smurfs
  • Larry did no work this week
  • Nick has interns
  • Listener Feedback, John Sawyer states that the Nmap option "-sV" is new since 3.4 only addition quality
  • Fred mentions the Washington Post article, "Invasion of the Computer Snatchers"
  • Almost Bricked a WRT54g, go HERE for all the processor types and flash matrix
  • Mason has is boss ping China
  • Paul plugs his company, Defensive Intuition, mentions that he can write policy, vulnerability assessments, penetration testing...
  • OS X Users should check out ClamxAV
  • Full Show Notes

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy", "The Mason"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download (Questionable this week, I will keep you posted)

(Bandwidth provided by OSHEAN, Ridin' the cool wave)

Video Feeds:

Audio Feeds:

Categories:

7 Comments

By wday on February 26, 2006 2:05 PM

Love the show!

Cisco command to stop smurf attacks eh? Asking the almighty oracle brought me to the following knowledge:

no ip directed-broadcast

just to be academic about it: http://www.cert.org/advisories/CA-1998-01.html

By Steven Murawski on February 26, 2006 2:34 PM

Just trying again... you guys don't have to count this towards the actual contest, I just like to compete.

The IOS command is "no ip directed-broadcast", which after IOS version 12 is the default.

By Cutaway on February 28, 2006 8:18 AM

Auditor and WHAX combined their efforts into a new collection called BackTrack. It can be found at http://www.remote-exploit.org/index.php/BackTrack.

Right now it is still in beta and I am sure that they could use some help identifying bugs and making corrections.

I have used the Auditor for a while because of the simplicity of setting up Kismet and wireless cards. Anybody who has fought with getting all of the proper drivers working with the latest kernel knows what I am talking about (it may be a great learning experience but it is something you don’t want to perform over and over). The folks at Remote-Exploit.org have really made this a mute point and they have carried this into their new collection of security tools.

I have also used the Auditor distribution during assessments and penetration testing and it proved to be invaluable. I think that the only drawback to this is that you cannot readily update the distribution and you are better off waiting for the maintainers to release a new distribution. Random updates have a tenancy to break the preconfigured scripts and kernel builds. But most of the time it is worth the wait.

I should also note that one of my blog entries (shameless plug, I am sorry) talks about how the Nessus plug-ins are broken in the older versions of Auditor. I should update this with the workaround which is to register Nessus on another system, copy the plug-ins to another form of media, and point the Auditor’s Nessus startup script to this directory. Fortunately this is not necessary in BackTrack. I am not sure how they got around the registration but it seems that all of the plug-ins are working (although I have not perform very much testing). It also appears to have a new client GUI and I can’t wait until I have more time to test it out.

I hope this helps,
Cutaway

By Tim on March 1, 2006 3:41 PM

In case you haven't had a chance to track it down yet, the other malware collection tool that merged with mwcollectd is called 'nepenthes'. The new homepage is at http://nepenthes.mwcollect.org/ . mwcollectd v3.0.4 is the last release of that tool, and the merged project is being carried forward as nepenthes.

BTW, for your frappr map, what are the official criteria for being considered a 'security ninja', as opposed to a mere 'ninja fan'? ;-)

By yomama on March 5, 2006 1:44 PM

The command is...

no ip directed-broadcast

By Perry B. Koob on March 5, 2006 6:57 PM

I am only a Ninja Fan so I had to crib off of a previous poster for this answer.

no ip directed-broadcast

By Jason Slagle on March 6, 2006 5:07 PM

Heh. no ip directed-broadcast stopped the Cisco from converting the layer 3 ICMP echo request to an ICMP echo request sent to the ethernet layer 2 broadcast address (ff:ff:ff:ff:ff:ff)