Scans of the Half-Life 2 Source Theft Raid! - Page 2 - PlanetSide Universe
PSU Social Facebook Twitter Twitter YouTube Steam TwitchTV
PlanetSide Universe
PSU: if at first you dont succeed...Whine!
Home Forum Chat Wiki Social AGN PS2 Stats
Notices
Go Back   PlanetSide Universe > General Forums > The Lounge

Reply
 
Thread Tools Search this Thread Display Modes
Old 2004-03-10, 11:20 AM   [Ignore Me] #16
Phaelon
Master Sergeant
 
Phaelon's Avatar
 


"I would love know which keylogger he was using too... If it called back on it's own port it should have been blocked. If it called back using a port like 80 or 21 then the firewall should be running stateful application-level proxies, which would easily be able to detect that the packet is not a real packet. The only thing I could see is if it established a valid SSL tunnel back to the host, a firewall is unable to see what is in a SSL encrypted tunnel, so as long as it is a valid tunnel it is let through. But jeeze, that is a pretty specific requirement for a keylogger, I doubt your average script kiddie would have any clue how a keylogger works at all!"

While you bring to light a very good point, Stateful application-level proxies are generally not turned on by default. I have no doubt thier network personal did this, however there are ways to get around this, and I can easily attest to spoofing myself onto other ports to play a game while at work, when I clearly set up the PIX to block that traffic.

The second you plug in, your are no longer secure, When you build the network, the routers, the firewalls and switches, you learn exactly where your holes will be, some can be stopped, some can't. Your network security goes from 100% to 50% that secondd you plug in.
__________________
Phaelon is offline  
Reply With Quote
Old 2004-03-10, 11:21 AM   [Ignore Me] #17
Hamma
PSU Admin
 
Hamma's Avatar
 


Very nice
__________________

PlanetSide Universe - Administrator / Site Owner - Contact @ PSU
Hamma Time - Evil Ranting Admin - DragonWolves - Commanding Officer
Hamma is offline  
Reply With Quote
Old 2004-03-10, 01:07 PM   [Ignore Me] #18
ZeusCali
Major
 


Originally Posted by Phaelon
Interesting ideas Squick. For a company that is running dual DS3 lines, do you have any freaking idea how much traffic would be generated by examining every header to every file? Seriously dude, just because you do it on your home network does not mean it is feasible for most businesses.

If I go to a clients, and security is to notch priority, then I recommend things like this, however 99% of companys out there do not do this. Why? because it costs sooooooo . . soooooo . . much money to have great security.

Security today is NOT so good, it is horrible. Security on the internet is awful and wretched. If you think that for one second businesses are secured, you are wrong buddyo.

Lets take for instance my home network. I house a SPam proxy server, that pushes email to an exchange server. I run Linux as a webserver. I have 2 routers that run ACLs. If it gets through that, it hits my IPCop firewall. I have IDS turned on on it, it is a pentium III 500 with 256 megs of ram. With IDS Monitoring my network It uses anywhere from 20 to 50% of its CPU and about 200 megs of its memory. It writes enough entries that it filles a 22 meg log file in 2 days. It then pushes that to my Linux webserver who runs a cron job to automatically post it to a Website PHP generates.

in 8 days I have 88 Megs of log file. This is for a network with 500 KB/s down and around 100 KB/s up.

At a clients, I use Dual DS3 lines, I have 15 Linux Snort machines setup running IDS and checking everything. I have 2 people responsible for nothing but monitoring those machines and thier logs. I am going to need a third person come May.

Valve was hacked solely because thier IT department did not keep thier patch level up to date. The majority of Windows bugs are found after a patch is released. From a network standpoint, There is only so much I can do.

I cannot sit down and examine every header, are you insane? Futhermore if you understand how the internet works, then most headers don't matter any more because of CIDR. A header will get you to point A, however the path that packet will now take is dictated by the router to which CIDR resides.
Squick vbmenu_register("postmenu_311171", true); got owned didn't he?

Thank You Phaelon that is the 3rd time squick has posted that statement and each time he does the same thing "my super cool network would pwn haxors i r l33t theiyd nvr pass mi"

All Hail the Foriegn IT man!!!!
__________________
Long Time Gone, joined in 2003. Coming back to get ready for PS 2.
Learning the Ropes and looking for a good European Outfit,
Otherwise am with the VS Azure Twilights
ZeusCali is offline  
Reply With Quote
Old 2004-03-10, 01:55 PM   [Ignore Me] #19
1024
Contributor
Banned for no reason
 
1024's Avatar
 
Misc Info


o f n
__________________


.
1024 is offline  
Reply With Quote
Old 2004-03-10, 05:40 PM   [Ignore Me] #20
Biohazzard56
Contributor
Major General
 


Originally Posted by 1024
o f n
I made this thread over a month ago, i just bumped it
Biohazzard56 is offline  
Reply With Quote
Reply
  PlanetSide Universe > General Forums > The Lounge

Bookmarks

Discord

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 01:45 AM.

Content © 2002-2013, PlanetSide-Universe.com, All rights reserved.
PlanetSide and the SOE logo are registered trademarks of Sony Online Entertainment Inc. © 2004 Sony Online Entertainment Inc. All rights reserved.
All other trademarks or tradenames are properties of their respective owners.
Powered by vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.