Live from the PaulDotCom Security Weekly Studio....
This episode was also broadcast over SkypeCast, so look for us each week when we record. It will also be announced in our IRC chatroom #pauldotcom on Freenode (irc.freenode.net).
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
- Please go update our frapper map!
- Full Show Notes
Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com
53/DNS
445/MSDS
ISAKMP (RFC2408 sec 2.5.1)
http://www.ietf.org/rfc/rfc2408.txt
syslog (recommended in RFC3164 sec 2.)
http://www.ietf.org/rfc/rfc3164.txt
2 ports on Security Now
Ports 445 and 53 - SMB & DNS
2 Protocols that use same src/dst ports
NTP (udp/123) and IKE (udp/ 500)
ftp://ftp.rfc-editor.org/in-notes/rfc2030.txt
Section 4
ftp://ftp.rfc-editor.org/in-notes/rfc3947.txt
Section 3
First, I love the show! I listen to many technology and security related podcasts and always enjoy your new episodes the most.
Here's my stab at the Syngress question of the week for episode 32.
The ports you corrected Security Now on were:
UDP 53 (DNS)
TCP 445 (MS directory svc)
As you correctly pointed out these are sourced from ephemeral ports to the destiation port.
Two protocols that do use the same source and destination ports relate to IPSec.
UDP 500 (ISAKMP)
UDP 4500 (ISAKMP for NAT-T)
See RFCS:
3948
http://www.ietf.org/rfc/rfc3948.txt
2408
http://www.ietf.org/rfc/rfc2408.txt
Thank you for all you do with the Podcast, video, blog(s), etc. It's a great service to the security community.
Doug Hitchen
That's episode 31, not 32...
Doug
the zip crack urls are http://sourceforge.net/projects/zipcracker and http://www.goof.com/pcg/marc/fcrackzip.html
Couldn't edit your show notes and they weren't on there (neither was www.insecuremag.com)
[Thanks Andy! - Larry]
Gotta agree with you guys about Steve Gibson and the inaccuracies on Security Now! I just mentioned this on my blog a day or two ago and decided to quit listening to SN (before I listened to your episode #31).
"I WROTE A WEB SERVER IN X86 ASM!!!!!111" -- gibson.
Dipshit.
If it wasn't after midnight, I'd write about another inaccuracy in that episode of SN... they were talking about using a third-party so that two hosts, both behind firewalls, could establish a connection with each other. It had to do with a firewall recognizing a connection as "established" and therefore allowing return traffic on that port back into the internal network. Problem is, any stateful firewall worth a damn bases that off of the combination of source IP, source port, destination IP, and destination port.
Therefore, establishing a connection from PC1 to PC2 across the internet doesn't do jack with regards to allowing traffic from PC3 to traverse my firewall and make it back into PC1 on that same port number.
Hopefully I made sense there. It's late and I'm tired.
Good work on the podcasts, guys, I really enjoy them. It's nice listening to them in the background in the office to keep me awake. =)
Jeremy
www.jeremygaddis.com