SNMP, or Simple Network Management Protocol, has been the go-to management protocol of choice for years. As its name declares, it is a simple and efficient way to monitor hosts. Most everything is SNMP capable these days, from servers to switches, and from firewalls to routers. Even most UPS’s and A/C units have it built in. Most installs of SNMP default to SNMPv2, which is dated technology. In 2004, SNMPv3 was introduced as a replacement for v2, touting increased security … →
DoS, or Denial of Service attacks, are nothing new. The main idea behind a DoS attack is to exhaust a devices resources (be it HTTP, some database backend, or any other form of ‘service’) until it can’t respond to legitimate requests anymore. Typically, this is done from an application or link-saturation aspect, although it can be much more than that. Taking a sledgehammer to the A/C unit that serves a data center is pretty messy – but technically it is … →
Here is an interesting article on tracking down the source of spam: It is very normal that more than 1/3rd of the domain names we see each day in spam messages come from China. When one also considers the many “.com” and “.ru” domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China … →
I’ve been thinking about honeytokens a lot lately. While I’ve always been fascinated by honeypots, honeytokens are a little different spin on the same idea. A honeypot usually functions as a machine or device just begging to get hacked. It usually emulates a machine that is missing a few patches and is very poorly configured. It can even be packed with services and data to make it look like a goldmine of sensitive information. The only catch is: none of … →
If you are anything like us, you can spend hours tracking down Firefox add-ons. Recently, Mozilla announced the release of ‘Collections‘, which allows you to create and store all of your favorite add-ons and customizations in one central place. If you need your add-ons installed in a new browser – just visit your Mozilla Collections account and one click will re-install all your plugins. In true Redspin spirit, I’ve made a Collections account chock full of add-ons that we use … →
I’m a huge fan of the Nessus vulnerability scanner. It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks). While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network. A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s. Here is … →
It’s a very interesting time in the security community. While things in the security space usually move at a very rapid pace, the happenings as of late have been downright frantic. Just recently we have witnessed the birth of MS08-067 and the resulting Conficker worm that’s infected millions of computers to create the largest botnet ever. We have seen customer data loss on an epic scale with the U.S. Department of Veterans Affairs, T.J. Maxx, and Heartland Payment Systems, along … →
