New ISC Feature: One Liner "event notes"
We are going to introduce a new feature this weekend: One liner "event notes". These notes are intended for cases in which we try to point out something briefly, which doesn't deserve or need a full diary. For example an outage, or a patch for some software.
Right now, the notifcations are not sent for these "one liners". In the future, I may add an option to send them.
Please use our comment form to report problems with these one liners. I am also interested in anybody who has issues using the OpenID login. Right now, I am aware with some providers having problems, but I need a few more samples. If you attempted to use an OpenID, but it failed, please let me know the Open ID you used and how it failed.
Thanks!
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Samba Security Information Disclosure and DoS
Samba released several updates to fix some security vulnerabilities. Anyone running Samba should take a look at each of the bulletin below and seriously consider upgrading which can be downloaded here.
References:
Information disclosure by setuid mount.cifs - affecting all versions
Remote DoS against smbd on authenticated connections - affecting all versions
Misconfigured /etc/passwd file may share folders unexpectedly - affecting version > 3.0.11
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Cyber Security Awareness Month - Day 4 - Port 20/21 - FTP-data/FTP
First proposed in April 1971, the File Transfer Protocol is one of the oldest protocols of the Internet. According to RFC 959, "The objectives of FTP are 1) to promote sharing of files (computer programs and/or data), 2) to encourage indirect or implicit (via programs) use of remote computers, 3) to shield a user from variations in file storage systems among hosts, and 4) to transfer data reliably and efficiently." The FTP protocol is somewhat complex and uses three methods to transfer files. The one thing to remember is the choice of connection method is initiated by the client and the server has the option to refuse to use it at which point the connection will fail.
Active FTP Method
In this method, the FTP client opens a dynamic port and the FTP server connects to the client (the server is the “active” participant) on a random port chosen by the client who waits for a connection from the FTP server. Since the client decides the method, it will send a “PORT” command containing the IP address and port where the server needs to connect.
When you examine a packet trace, you will notice the client sending the information to the server with the IP and Port like this (h1,h2,h3,h4,p1,p2) – where the client sends the server the IP address and the port. For example, the client sends IP and Port (192,168,1,102,4,2) indicating the client is listening on IP 192.168.1.102 using TCP port 1026 ((4 * 256) + 2)) after which the transfer will start using the new port.
Passive FTP Method
In this method, the FTP client connects to the server on a dynamic port chosen by the server. Again, since the client decides the method, it will send a “PASV” command to initiate the Passive transfer and the server respond with something like "227 Entering Passive Mode (192,168,60,11,192,52)"by sending a message containing the IP address and port (using the same syntax used in Active FTP).
Extended Passive Mode - IPv6 and NAT
With the release of RFC 2428 in September 1998, the Extended Passive Mode was added to IPv6 and NAT as another method for FTP transfer. In this mode, the FTP server operates exactly the same as passive mode. The only difference is that it only transmits the port number (not broken into high and low bytes) and the client is to assume it connects to the same IP address it was originally connected to.
The basic concepts of FTP transfer is where the client opens a control connection to the server on TCP port 21, and specifies a source port as the source to which the FTP server should respond (IP and Port information). The FTP server sends its response using port 21. At this point, the server and client negotiate the data transfer parameters. The FTP server opens a second connection for data on port 20 to the client. The client will then responds on the data port to complete the connection and data transfer begins.
This protocol is insecure for transferring files because everything is sent in the clear where user names, passwords, FTP commands and transferred files can be captured using a packet sniffer. An alternative is to use the Secure File Transfer Protocol (SFTP) to protect the information in transit.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago