Twenty Year Anniversary
Showing 1 - 12 of 12 RSS Feed

Files from Lance Spitzner

Email addresslance at
First Active1999-08-17
Last Active2000-11-10
Posted Nov 10, 2000
Authored by Lance Spitzner | Site

Know Your Enemy: Worms at War - A Windows 98 honeypot machine was taken over by 2 different worms in a week. The worms spread via open file shares and installed the RC5 client.

tags | paper, worm
systems | windows, 9x
MD5 | 1f23b9b0bef894b514c2ff7775caa093
Posted Jun 7, 2000
Authored by Lance Spitzner | Site

DoS attack for all platforms of Checkpoint Firewall-1 has been identified. Large numbers of fragmented packets cause the CPU to hit 100% utilization, and the system locks up. Some systems may also crash, depending on OS type. The rulebase can not be used to block the attack, and nothing is logged. More information on Firewall-1's state table available here.

tags | exploit
MD5 | 1a029dc5aa8df36b4c918d235b1af42b
Posted May 26, 2000
Authored by Lance Spitzner | Site

Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.

tags | paper
MD5 | a87a4b4940160dc75d39ebcd278bcd54
Posted May 22, 2000
Authored by Lance Spitzner | Site

"Know Your Enemy: A Forensic Analysis". This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces.

tags | paper
MD5 | 3c7c4c7fa100ea900c03936d32c2ea4b
Posted May 16, 2000
Authored by Lance Spitzner | Site

IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able to determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz.

tags | paper, remote, proof of concept
MD5 | 2aa7b3dc1c6b55b5165fe2debf6d98a4
Posted Apr 27, 2000
Authored by Lance Spitzner | Site

Passive Fingerprinting is a method to learn more about the enemy, without them knowing it. Specifically, you can determine the operating system and other characteristics of the remote host using nothing more then sniffer traces. Though not 100% accurate, you can get surprisingly good results by looking at the TTL, TOS, Window Size, and DF bit. Includes information on changing your machines fingerprint on Linux and Solaris.

tags | paper, remote
systems | linux, unix, solaris
MD5 | 8bee07cbafbcbd2801a8aff717f7959d
Posted Dec 10, 1999
Authored by Lance Spitzner | Site

Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did).

tags | paper
MD5 | e4e67de0308f72fae3140eff9e739f6f
Posted Nov 29, 1999
Authored by Lance Spitzner | Site (ver 1.0), used to convert your Checkpoint Firewall-1 connections table into human readable form. Documentation here.

tags | tool, firewall
systems | unix
MD5 | 32f14ce007e26fe83b60192c13591d08
Posted Nov 29, 1999
Authored by Lance Spitzner | Site

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
MD5 | 59ead035a2a3d0d0079ebc74ec132664
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy: The Attack of the Script Kiddie.

tags | paper
MD5 | 25f5751357088891d3f7423d7022db70
Posted Aug 17, 1999
Authored by Lance Spitzner

The follow-up article to "Know Your Enemy: The Attack of the Script Kiddie", "Know your Enemy II" focuses on intelligence gathering, specifically how to determine what the enemy is doing by analyzing your system log files. Includes examples based on two of the most commonly used scanning tools on the Internet, sscan and nmap.

tags | paper
MD5 | 63a28996068f3ef305971545067de11c
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy III: They Gain Root - Third installment of the excellent "Know Your Enemy" series of security whitepapers by Lance Spitzner. This paper focuses on how systems are actually compromised, and what the "script kiddie" does to cover tracks and monitor your network. Includes system logs and keystroke history from an actual system compromise.

tags | paper, root
MD5 | ef4a7778516a4baf2beb3b4e7e3317f5
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By