Scans of the Half-Life 2 Source Theft Raid!

[Phaelon]

"I would love know which keylogger he was using too... If it called back on it's own port it should have been blocked. If it called back using a port like 80 or 21 then the firewall should be running stateful application-level proxies, which would easily be able to detect that the packet is not a real packet. The only thing I could see is if it established a valid SSL tunnel back to the host, a firewall is unable to see what is in a SSL encrypted tunnel, so as long as it is a valid tunnel it is let through. But jeeze, that is a pretty specific requirement for a keylogger, I doubt your average script kiddie would have any clue how a keylogger works at all!"

While you bring to light a very good point, Stateful application-level proxies are generally not turned on by default. I have no doubt thier network personal did this, however there are ways to get around this, and I can easily attest to spoofing myself onto other ports to play a game while at work, when I clearly set up the PIX to block that traffic.

The second you plug in, your are no longer secure, When you build the network, the routers, the firewalls and switches, you learn exactly where your holes will be, some can be stopped, some can't. Your network security goes from 100% to 50% that secondd you plug in.

[Hamma]

Very nice

[ZeusCali]

Originally Posted by Phaelon

Interesting ideas Squick. For a company that is running dual DS3 lines, do you have any freaking idea how much traffic would be generated by examining every header to every file? Seriously dude, just because you do it on your home network does not mean it is feasible for most businesses.

If I go to a clients, and security is to notch priority, then I recommend things like this, however 99% of companys out there do not do this. Why? because it costs sooooooo . . soooooo . . much money to have great security.

Security today is NOT so good, it is horrible. Security on the internet is awful and wretched. If you think that for one second businesses are secured, you are wrong buddyo.

Lets take for instance my home network. I house a SPam proxy server, that pushes email to an exchange server. I run Linux as a webserver. I have 2 routers that run ACLs. If it gets through that, it hits my IPCop firewall. I have IDS turned on on it, it is a pentium III 500 with 256 megs of ram. With IDS Monitoring my network It uses anywhere from 20 to 50% of its CPU and about 200 megs of its memory. It writes enough entries that it filles a 22 meg log file in 2 days. It then pushes that to my Linux webserver who runs a cron job to automatically post it to a Website PHP generates.

in 8 days I have 88 Megs of log file. This is for a network with 500 KB/s down and around 100 KB/s up.

At a clients, I use Dual DS3 lines, I have 15 Linux Snort machines setup running IDS and checking everything. I have 2 people responsible for nothing but monitoring those machines and thier logs. I am going to need a third person come May.

Valve was hacked solely because thier IT department did not keep thier patch level up to date. The majority of Windows bugs are found after a patch is released. From a network standpoint, There is only so much I can do.

I cannot sit down and examine every header, are you insane? Futhermore if you understand how the internet works, then most headers don't matter any more because of CIDR. A header will get you to point A, however the path that packet will now take is dictated by the router to which CIDR resides.

Squick vbmenu_register("postmenu_311171", true); got owned didn't he?

Thank You Phaelon that is the 3rd time squick has posted that statement and each time he does the same thing "my super cool network would pwn haxors i r l33t theiyd nvr pass mi"

All Hail the Foriegn IT man!!!!

[1024]

o f n

[Biohazzard56]

Originally Posted by 1024

o f n

I made this thread over a month ago, i just bumped it