0

Nessus 4.2.0 : Web Interface

-

Interestingly enough, I found last week that the new Nessus 4.2.0 works by default as a web interface. Gone are the days of using the NessusClient and connecting to TCP port 1241 and using it to connect to the nessusd. Connecting to local TCP port 8834 (https://localhost:8834) brings you to a web interface that you can use to connect to the new Nessus daemon. The nesssusd listener does not even listen on port 1241 by default.
I’ll shortly get used to it but I know the transition would be slow for me …. after it takes getting used to when you completely change the architecture after maintaining it for at least a good 7 years or so!

0

New Home

-

I finally got a new home for my blog.  www.rajatswarup.com will be my new homepage.   In the coming days, I’ll continue blogging while also improving the look & feel of my website.  Any suggestions would be appreciated.

0

Verizon FiOS and PS3 Media Server Streaming Issues

-

If you’re like me and recently upgraded to Verizon FiOS and you have your PS3 on the wired segment and the Media Server (such as PS3 Media Server, TVersity, etc.) on the wireless segment, you’re in for a ride with the configuration.
By default, you can’t route the traffic between the wired and wireless segments over UDP! You can send ICMP echo packets (i.e., ping) but the PS3 just won’t detect the Media server. You may disable the Host-based firewall (e.g., Norton, Kaspersky, McAfee, etc.) but it still won’t work.

If you happen to read posts like these, you will see that you have to disable “IGMP proxy”. IGMP Proxy basically reduces the traffic on the multicast addresses to a bare minimum. Unfortunately for you, this causes the traffic between PS3 Media Server and PS3 to drop.

So you log into your FiOS router’s administration console typically located at 192.168.1.1. Click on Advanced -> Yes -> Firmware Upgrade and check the firmware version. You will see that it is an ActionTec router (based on the Auto-update URL). But nowhere do you see the option to update the “IGMP Proxy” settings. That’s because that feature is “hidden” in the latest firmwares.

So you just need to copy/paste the following URL into the browser address bar and you will see the option to disable “IGMP proxy”.
http://192.168.1.1/index.cgi?active_page=6059
Disable it and Voila! The PS3 Media Server and PS3 can now talk to each other.

1

Kerberos/Samba/AD account lockouts

-

I kept getting the following errors on my AD domain in the event viewer and accounts kept locking out:
Pre-authentication failed:
User Name:      user1
User ID:                DOMAIN\user1
Service Name:   krbtgt/DOMAIN.COM
Pre-Authentication Type:        0x0
Failure Code:   0x12
Client Address: 192.168.246.134

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

In the Directory Service logs I see the following entry:
[snip]
Active Directory could not update the following object with changes
received from the domain controller at the following network address
because Active Directory was busy processing information.

Object:
CN=User 1,OU=Testing Services Team,OU=TESTER V,DC=domain,DC=com
Network address:
e5523049-53f1-4274-858b-

c68971599acf._msdcs.domain.com

This operation will be tried again later.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Turns out this happens if you have samba/winbind/AD type infrastructure. If someone has some processes running (Even if they us sudo) and happen to change their password while the process is running on unix (and using kerberos authentication), the accounts lockout because the kerberos ticket granting ticket (krbtgt) is not current and any object access is considered to be a failed login attempt. This locks out the accounts if you have account lockout implemented in your AD domain security policy.

2

SSL v2.0 on Internet Explorer

-
Now that Firefox 2.0 does not have option to enable SSL v2.0, there’s one way it can still be activated in Internet Explorer. Goto Tools -> Internet Options -> Advanced as shown in the screenshot and uncheck all other ciphers except SSL 2.0 and you should be able to check if a particular website supports SSL v2.0.

Activating SSL 2.0 in IE

0

Projects…interjects!

-

Come end of semester and the project deadlines start impending! The situation I am in is one of great thrill and rush! For the CS558L I’m doing this project in which I have to implement an automated worm fingerprinting mechanism but not only that combining it with ITrace I want to make Worm attacks and DDoS attacks a thing of past!
The scheme in plain English is to detect automatically if your network is being attacked by looking at the traffic and if so communicate this information to whoever you are forwarding this packet to! The ICMP messages that will be forwarded will carry information about who sent this traffic and other such information (including the signature of attack traffic). The receiver with all this information could gather the source of attacks. If all the routers followed this scheme then we will be able to reconstruct the entire path of the attack so the entry point of the attack could also be sealed….(hopefully leading to a Worm and DDoS attack-free internet)!!!
Really hopeful…aren’t I??? 😉
But again this technique has the same single flaw as the other techniques in that it needs co-operation between ISPs.
I am currently coding this scheme in the Linux Kernel 2.6.11.7 and this is my first tryst with linux kernel programming…let’s see what future holds for me!

10

List of Security Conferences

-

I wanted to have a list of all the security conferences around the world for a quick reference so I compiled together a list.

DefCon http://www.defcon.org
BlackHat http://www.blackhat.com/
shmoocon http://www.shmoocon.org/
ToorCon http://www.toorcon.org/
you sh0t the sheriff http://www.ysts.org/
Hack.lu http://hack.lu
WOOTCon http://www.usenix.org/event/woot08/
Source Conferences http://www.sourceconference.com/
InfoSecurity Europe http://www.infosec.co.uk/
SyScan http://www.syscan.org
CONFidence http://confidence.org.pl/
CEICConference http://www.ceicconference.com/
RSA Conference http://www.rsaconference.com/
CanSecWest http://cansecwest.com/
EUSecWest http://eusecwest.com/
PACSec http://pacsec.jp/
BA-Con http://ba-con.com.ar/
Hack in the box http://www.hackinthebox.org/
Clubhack http://clubhack.com/
Xcon http://xcon.xfocus.net/
T2 Conference http://www.t2.fi
LayerOne http://layerone.info/
Owasp Conference http://www.owasp.org
DeepSec Conference https://deepsec.net/
FrHack conference http://www.frhack.org/
Shakacon http://www.shakacon.org/
Secrypt conference http://www.secrypt.org/
HackerHalted Conference
SecTor Conference http://www.sector.ca/
Microsoft Bluehat http://www.microsoft.com/technet/security/bluehat/default.mspx
ReCon http://recon.cx/
Hacker space festival http://www.hackerspace.net
RAID Conference http://www.raid-symposium.org/
Sec-T Conference http://www.sec-t.org/
BruCon http://www.brucon.org
DIMVA Conference http://www.dimva.org
SeaCure Conference http://seacure.it/
ColSec http://www.univ-orleans.fr/lifo/Manifestations/COLSEC
Auscert http://conference.auscert.org.au
RuxCon http://www.ruxcon.org.au/
uCon http://www.ucon-conference.org/
Chaos Communications Congress http://www.ccc.de/
Bellua Cyber Security http://www.bellua.com/bcs/
CISIS Conference http://www.cisis-conference.eu/
ATC Conference http://www.ux.uis.no/
NDSS Conference http://www.isoc.org/isoc/conferences/
EkoParty Conference http://www.ekoparty.com.ar/
No Con Name http://www.noconname.org/
KiwiCon http://www.kiwicon.org/
VNSecon http://conf.vnsecurity.net
EC2nd Conference http://www.ec2nd.org/
IMF Conference http://www.imf-conference.org/
BugCon http://www.bugcon.org/
Cyber Warfare http://www.ccdcoe.org
POC Conference http://www.powerofcommunity.net/
QuahogCon http://quahogcon.org/
NotaCon http://www.notacon.org
PhreakNic http://www.phreaknic.info
PlumberCon http://plumbercon.org/
Internet Security Operations and Intelligence http://isotf.org/isoi7.html