what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

win2k.0503

win2k.0503
Posted May 5, 2000
Authored by win2k | Site win2000mag.com

Windows 2000 Magazine Security UPDATE, May 3, 2000 - Peek Under the Hood of Distributed Denial of Service Attack Software, Cassandra NNTPServer Subject to Denial of Service Attacks, Cart32 Software Contains Backdoor, News: New Distributed Denial of Service Software Discovered, News: More Derogatory Netscape References, HowTo: Advanced Security in Exchange 2000, Part 1, and more.

tags | denial of service, magazine
systems | windows
SHA-256 | c56e05b025985897ac16ada81bfff5b5f3302bd044d64bd0f26a1a4939f5e4a6

win2k.0503

Change Mirror Download


**********************************************************
WINDOWS 2000 MAGAZINE SECURITY UPDATE
**Watching the Watchers**
The weekly Windows 2000 and Windows NT security update newsletter brought
to you by Windows 2000 Magazine and NTSecurity.net
http://www.win2000mag.com/update/
**********************************************************

This week's issue sponsored by

Trend Micro -- Your Internet VirusWall
http://www.antivirus.com/mayflowers.htm

FREE Managed Security Services WebCast
http://www.win2000mag.com/jump.cfm?ID=28
(Below SECURITY ROUNDUP)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
May 3, 2000 - In this issue:

1. IN FOCUS
- Peek Under the Hood of Distributed Denial of Service Attack
Software

2. SECURITY RISKS
- Cassandra NNTPServer Subject to Denial of Service Attacks
- Cart32 Software Contains Backdoor

3. ANNOUNCEMENTS
- Training & Certification UPDATE--Free Email Newsletter

4. SECURITY ROUNDUP
- News: New Distributed Denial of Service Software Discovered
- News: More Derogatory Netscape References
- HowTo: Advanced Security in Exchange 2000, Part 1
- Review: SFProtect 2.0

5. NEW AND IMPROVED
- Authentication Solution for Windows 2000
- New Standards Will Aid in Underwriting Internet Risks

6. HOT RELEASE (ADVERTISEMENT)
- WebTrends Security Analyzer 3.5 - 1,000+ Tests

7. SECURITY TOOLKIT
- Book Highlight: IPSec: The New Security Standard for the Internet,
Intranets, and Virtual Private Networks
- Tip: Enable Auditing in Windows 2000
- Windows 2000 Security: New Rights in Win2K
- Ultimate Security Toolkit: CyberCop 5.5

8. HOT THREADS
- Windows 2000 Magazine Online Forums
VPN Token Security
- Win2KSecAdvice Mailing List
NewDSN.EXE DoS Attack--Low Risk
Windows 2000 NUL Bug
- HowTo Mailing List
Recover a Hard Disk After FDISK
One-way Trust Fails

~~~~ SPONSOR: TREND MICRO -- YOUR INTERNET VIRUSWALL ~~~~
April showers brought May flowers, and you can keep your network servers in
bloom with Trend Micro's reliable antivirus software. A world leader in
antivirus and content security technologies, Trend Micro's centrally
web-managed Internet gateway, Notes and Exchange email server, desktop
machine and network server protection--forms a protective, content security
VirusWall around your entire enterprise network.
http://www.antivirus.com/mayflowers.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to sponsor Windows 2000 Magazine Security UPDATE? Contact Jim Langone
(Western Advertising Sales Manager) at 800-593-8268 or jim@win2000mag.com,
OR Tanya T. TateWik (Eastern and International Advertising Sales Manager)
at 877-217-1823 or ttatewik@win2000mag.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. ========== IN FOCUS ==========

Hello everyone,

Last week was quiet on the Windows security front. There was little
excitement, unless you consider yet another piece of Distributed Denial of
Service (DDoS) attack software to be a form of excitement.
The new code, "mstream," was found on a compromised computer at a major
university. The discovery means that now a total of seven well-known DDoS
tools are available on the Internet. Those seven packages include two
versions of Tribal Flood Network (TFN), trinoo, two versions of
stacheldraht, shaft, and the newly discovered mstream software.
When some of these DDoS tools surfaced late last year, consultant David
Dittrich (who currently works at the University of Washington) performed
detailed analyses of the tools and published his findings on the Internet.
His findings helped everyone quickly learn how the attacks work, which is
paramount for learning how to shut them down. In more recent efforts,
Dittrich led a team that analyzed the mstream software and found that the
code, although effective at disrupting a network, is still in an early
development stage. We can expect that with the source code now published,
mstream will be further developed and even morphed into similar attack
tools.
It's relevant to point out that developing simple client/server
applications is no longer beyond the reach of even novice programmers. With
development platforms that come with sample client/server code and snap-in
component packages that can perform almost any function imaginable, anyone
vaguely familiar with socket-based development can create DDoS attack
software. We can expect to discover more DDoS attack-oriented packages down
the road, and we can expect more code analysis once those packages are
discovered.
Analysis of these code sets helps us understand how a particular attack
works overall, helps us identify the attack in the future, and might even
help us recognize other vulnerabilities before someone exploits them. So in
the future when a router starts rebooting or a server becomes very
sluggish, an intrusion-detection system might be able to recognize an
attack against those systems and minimize any possible effects.
If you haven't read the recently published mstream analysis, perhaps you
should peek under the hood of this DDoS attack software (see the news item
"New Distributed Denial of Service Software Discovered" in this issue of
the newsletter). The information will help you understand what you're up
against when trying to defend against DDoS attacks and trying to prevent
your systems from becoming agents of a DDoS attack against a remote
network. Until next time, have a great week.

Sincerely,
Mark Joseph Edwards, News Editor
mark@ntsecurity.net

2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, mark@ntsecurity.net)

* CASSANDRA NNTPSERVER SUBJECT TO DENIAL OF SERVICE ATTACKS
The Network News Transfer Protocol (NNTP) service, which listens on port
119, contains an unchecked buffer that can let an attacker crash the
service. By sending a large buffer of approximately 10,000 characters in
conjunction with the AUTHINFO command, the NNTP service can be made to
crash.
http://www.ntsecurity.net/go/load.asp?iD=/security/cassandra-1.htm

* CART32 SOFTWARE CONTAINS A BACKDOOR
Cerberus Information Security discovered a backdoor in McMurtrey/Whitaker &
Associates' Cart32 software. An intruder can use the backdoor to gain
access to sensitive information such as passwords and credit card
information. In addition, the intruder can run arbitrary commands on a
remote server and change the administrative password without knowing the
current administrative password.
http://www.ntsecurity.net/go/load.asp?iD=/security/cart32-1.htm

3. ========== ANNOUNCEMENTS ==========

* TRAINING & CERTIFICATION UPDATE--FREE EMAIL NEWSLETTER
If you're preparing for a certification exam, it's important to get advice
and tips from the people who've been there. Sign up for our latest email
newsletter at our Training & Certification site and start getting hints to
help you pass your exams on the first try:
http://www.win2000mag.net/training/index.html

4. ========== SECURITY ROUNDUP ==========

* NEWS: NEW DISTRIBUTED DENIAL OF SERVICE SOFTWARE DISCOVERED
Researchers discovered a new Distributed Denial of Service (DDoS) attack
software on a compromised server recently. Shortly thereafter, the source
code was published at several well-known security information outlets. Soon
after the code was published, David Dittrich, who had previously analyzed
other DDoS software (such as trin00, TFN, stacheldraht, and shaft) analyzed
the code and published his findings.
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=127&TB=news

* NEWS: MORE DEROGATORY NETSCAPE REFERENCES
The "Netscape engineers are weenies" reference found in Microsoft Visual
InterDev 1.0 earlier this month might not be an isolated incident. In
Microsoft Security Bulletin MS00-025, Microsoft mentions only Visual
InterDev 1.0 and the associated file dvwssr.dll as containing the
now-famous phrase. However, a reader’s sharp eye has discovered that the
reference appears in two other DLLs that install with Visual InterDev 6.0,
Visual Studio (VS) 6.0, and VS 97.
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=126&TB=news

* HOWTO: ADVANCED SECURITY IN EXCHANGE 2000, PART 1
Microsoft Exchange Server has always provided the Advanced Security
subsystem to let users secure their mail messages. Advanced Security
guarantees confidentiality and message content integrity and verifies the
sender’s authenticity. Advanced Security provides end-to-end message
security from the moment the sender signs and encrypts the message until
the receiver reads it.
http://www.ntsecurity.net/go/2c.asp?f=/howto.asp?IDF=103&TB=h

* REVIEW: SFPROTECT 2.0
Scanning your systems for security vulnerabilities is a crucial task, so
selecting an appropriate security scanner for your network is important. If
you're looking for an agent-based system security scanner, SFProtect 2.0
might be your solution. To find out, read the product review on our Web
site.
http://www.ntsecurity.net/go/2c.asp?f=/reviews.asp?IDF=103&TB=r

~~~~ SPONSOR: FREE MANAGED SECURITY SERVICES WEBCAST ~~~~
AXENT, with its subsidiary SNCi, presents its "Everything You Need to Know
About Managed Security Services" WebCast. The WebCast teaches you what to
look for from your security services provider, to help effectively protect
your e-business infrastructure.
Space is limited - register today at
http://www.win2000mag.com/jump.cfm?ID=28 to reserve your spot.
AXENT* is the leading provider of e-security solutions for your business,
delivering integrated products and expert services to 45 of the Fortune 50
companies.

5. ========== NEW AND IMPROVED ==========
(contributed by Judy Drennen, products@win2000mag.com)

* AUTHENTICATION SOLUTION FOR WINDOWS 2000
RSA Security released its two-factor user-authentication solution for
controlling access to Windows 2000 networks, IIS Web servers, and desktops.
The free RSA ACE/Agent 1.0 for Windows 2000 is included on the Win2K CD-ROM
and is designed to reduce risks associated with conducting e-business. RSA
Security extends the native security in Win2K with RSA SecurID
authenticators.
RSA ACE/Agent 1.0 for Windows 2000 is a free, value-added component of
the RSA SecurID solution. The RSA ACE/Agent is shipping with the US English
version of Win2K. The Agent is also available for free download on RSA
Security's Web site.
http://www.rsasecurity.com/downloads.

* NEW STANDARDS WILL AID IN UNDERWRITING INTERNET RISKS
Marsh, Internet Security Systems, and Protegrity are working to establish
new security assessment standards for e-business designed to protect
crucial information of firms using the Internet. The new standards will
affect businesses seeking to purchase insurance to cover e-business
exposures. You can find more information and a white paper on e-business
insurance at
http://www.iss.net.

6. ========== HOT RELEASE (ADVERTISEMENT) ==========

* WEBTRENDS SECURITY ANALYZER 3.5 - 1,000+ TESTS
WebTrends Security Analyzer 3.5 provides complete security vulnerability
analysis with over 1,000 tests for Windows 95, 98, NT, 2000, Red Hat and VA
Linux, and Solaris systems. Get the FREE 10 System Edition for immediate
download.
http://www.webtrends.com/redirect/securityupdate1.htm

7. ========== SECURITY TOOLKIT ==========

BOOK HIGHLIGHT: IPSEC: THE NEW SECURITY STANDARD FOR THE INTERNET,
INTRANETS, AND VIRTUAL PRIVATE NETWORKS
By Naganand Doraswamy and Dan Harkins
Online Price: $44.99
Hardcover; 300 Pages
Published by Prentice Hall, July 1999
ISBN 0130118982

Here's a guide to IPSec, straight from two leading authorities in IPSec
standardization and implementation. "The New Security Standard for The
Internet, Intranets, and Virtual Private Networks" reviews the fundamentals
of computer and network security and the tradeoffs associated with
implementing security at each layer of the IP stack. Then it walks through
IPSec's architecture and components.

For Windows 2000 Magazine Security UPDATE readers only--Receive an
additional 10 percent off the online price by typing WIN2000MAG in the
discount field on the Shopping Basket Checkout page. To order this book, go
to

http://www.fatbrain.com/shop/info/0130118982?from=win2000mag

Or visit the Windows 2000 Magazine Network Bookstore at

http://www1.fatbrain.com/store.cl?p=win2000mag&s=97772

* TIP: ENABLE AUDITING IN WINDOWS 2000
(contributed by http://www.jsiinc.com/reghack.htm)

To track security-related events, you must enable auditing on the system to
be monitored. To enable auditing on Windows 2000 systems, open Control
Panel, select Administrative Tools, Local Security Policy, then Audit
Policy. In the right window of the dialog box, double-click each policy to
ensure it reflects your tracking preference. Select the Success item to
write an event log entry for successful events, and select Fail to write an
event log entry for failed events.

* WINDOWS 2000 SECURITY: NEW RIGHTS IN WIN2K
Although Windows 2000 has most of the same user rights as Windows NT 4.0,
several new rights can help you control some of Win2K’s new functions and
handle logon restrictions. In his Web column this week, Randy Franklin
Smith introduces you to these new rights and shows you why they are
important to security.
http://www.ntsecurity.net/go/win2ksec.asp

* ULTIMATE SECURITY TOOLKIT: CYBERCOP 5.5
Out of the box, Network Associates' (NAI) CyberCop Scanner scans for 732
different security vulnerabilities, and you can use the software’s Auto
Update feature to increase the number of vulnerabilities it scans for. NAI
releases program updates monthly. In addition to vulnerability assessment,
CyberCop Scanner also audits your security policy settings and tests for
Intrusion Detection Systems.
Be sure to read Steve Manzuik's review on our Web site.
http://www.ntsecurity.net/go/ultimate.asp

8. ========== HOT THREADS ==========

* WINDOWS 2000 MAGAZINE ONLINE FORUMS

The following text is from a recent threaded discussion on the Windows
2000 Magazine online forums (http://www.win2000mag.com/support).

April 28, 2000, 02:06 A.M.
VPN Token Security

Does anyone have a good suggestion on what token system to use to allow for
an extra authentication (username+passwd+token) when establishing a VPN
connection to a RRAS server (NT4 SP6/W2000). All I want is to be sure that
only those certain users carrying the token generators will be allowed
access. I have tried RSA ACE/Server SecureID, but found this product to be
unsatisfactorily integrated into the NT (security) subsystems (double user
administration), and the system was not (yet) prepared to handle PPTP
tunnels.
I know Microsoft has made it easier in Win2K by implementing an IETF
extension to PPP called EAP (Extensible Authentication Protocol).
Preferably, I would like a system that runs both under NT4.0 and Win2K, but
I would settle for one of them.

Thread continues at
http://www.win2000mag.com/support/Forums/Application/Index.cfm?CFApp=69&Message_ID=100998.

* WIN2KSECADVICE MAILING LIST
Each week we offer a quick recap of some of the highlights from the
Win2KSecAdvice mailing list. The following threads are in the spotlight
this week:

1. NewDSN.EXE DoS Attack--Low Risk
Under certain conditions, Internet Information Server is vulnerable to a
Denial of Service attack. This is a low-risk, conditional attack that is
hard to exploit.
http://www.ntsecurity.net/go/w.asp?A2=IND0004E&L=WIN2KSECADVICE&P=748

2. Windows 2000 NUL Bug
If you open a DOS command window and type NUL at the command line, you get
a screen with a list of programs that can be used to open nul.pif and from
there you may be able to access other parts of the system.
http://www.ntsecurity.net/go/w.asp?A2=IND0004E&L=WIN2KSECADVICE&P=90

Follow this link to read all threads for April, Week 5:
http://www.ntsecurity.net/go/w.asp?A1=ind0004e&L=win2ksecadvice

* HOWTO MAILING LIST
Each week we offer a quick recap of some of the highlights from the
HowTo for Security mailing list. The following threads are in the
spotlight this week:

1. Recover a Hard Disk after FDISK
A user has formatted a hard disk (20GB Fat32) only with FDISK. Is it
possible to get back the lost data with a tool? Believe it or not, there is
a way to recover!
http://www.ntsecurity.net/go/L.asp?A2=IND0004e&L=HOWTO&P=81

2. One-way Trust Fails
I've set up a one-way trust between two NT 4.0 domains with Sp6a PDC's.
Domain A is a DMZ with IIS 4/Proxy 2.0 with SP1 on a PDC. Domain A is
configured to trust the LAN on Domain B, but the trust fails.
http://www.ntsecurity.net/go/L.asp?A2=IND0004e&L=HOWTO&P=848

Follow this link to read all threads for April, Week 5:
http://www.ntsecurity.net/go/l.asp?A1=ind0004e&L=howto

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

WINDOWS 2000 MAGAZINE SECURITY UPDATE STAFF
News Editor - Mark Joseph Edwards (mje@win2000mag.com)
Ad Sales Manager (Western) - Jim Langone (jim@win2000mag.com)
Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@win2000mag.com)
Associate Publisher/Network - Martha Schwartz (mschwartz@win2000mag.com)
Editor - Gayle Rodcay (gayle@win2000mag.com)
New and Improved – Judy Drennen (products@win2000mag.com)
Copy Editor – Judy Drennen (jdrennen@win2000mag.com)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

========== GET UPDATED! ==========
Receive the latest information about the Windows 2000 and Windows NT
topics of your choice, including Win2K Pro, Exchange Server, thin-client,
training and certification, SQL Server, IIS administration, XML,
application service providers, and more. Subscribe to our other FREE email
newsletters at
http://www.win2000mag.com/sub.cfm?code=up00inxwnf.




SUBSCRIBE/UNSUBSCRIBE/CHANGE ADDRESS

Thank you for reading Windows 2000 Magazine Security UPDATE.

You are currently subscribed to securityupdate as: packet@PACKETSTORM.SECURIFY.COM

To subscribe, go to the UPDATE home page at
http://www.win2000mag.com/update
or send a blank email to join-securityupdate@list.win2000mag.net.

To remove yourself from the list, send a blank email to
leave-securityupdate-120275L@list.win2000mag.net.

To change your email address, send a message with the sentence

set securityupdate email="new email address"

as the message text to lyris@list.win2000mag.net. Replace the words "new email address" with your new email address (include the quotes).

If you have questions or problems with your UPDATE subscription, please contact securityupdate@win2000mag.com. We will address your questions or problems as quickly as we can, but please allow 2 issues for resolution.

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|

Copyright 2000, Windows 2000 Magazine

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close