Exploit the possiblities
Showing 1 - 12 of 12 RSS Feed

Files from Lance Spitzner

Email addresslance at spitzner.net
First Active1999-08-17
Last Active2000-11-10
kye-worm.txt
Posted Nov 10, 2000
Authored by Lance Spitzner | Site enteract.com

Know Your Enemy: Worms at War - A Windows 98 honeypot machine was taken over by 2 different worms in a week. The worms spread via open file shares and installed the distributed.net RC5 client.

tags | paper, worm
systems | windows, 9x
MD5 | 1f23b9b0bef894b514c2ff7775caa093
firewall-1.fragment.txt
Posted Jun 7, 2000
Authored by Lance Spitzner | Site enteract.com

DoS attack for all platforms of Checkpoint Firewall-1 has been identified. Large numbers of fragmented packets cause the CPU to hit 100% utilization, and the system locks up. Some systems may also crash, depending on OS type. The rulebase can not be used to block the attack, and nothing is logged. More information on Firewall-1's state table available here.

tags | exploit
MD5 | 1a029dc5aa8df36b4c918d235b1af42b
scan.txt
Posted May 26, 2000
Authored by Lance Spitzner | Site enteract.com

Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.

tags | paper
MD5 | a87a4b4940160dc75d39ebcd278bcd54
forensics.kye.html
Posted May 22, 2000
Authored by Lance Spitzner | Site enteract.com

"Know Your Enemy: A Forensic Analysis". This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces.

tags | paper
MD5 | 3c7c4c7fa100ea900c03936d32c2ea4b
fingerprinting.txt
Posted May 16, 2000
Authored by Lance Spitzner | Site enteract.com

IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able to determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz.

tags | paper, remote, proof of concept
MD5 | 2aa7b3dc1c6b55b5165fe2debf6d98a4
finger.htm
Posted Apr 27, 2000
Authored by Lance Spitzner | Site enteract.com

Passive Fingerprinting is a method to learn more about the enemy, without them knowing it. Specifically, you can determine the operating system and other characteristics of the remote host using nothing more then sniffer traces. Though not 100% accurate, you can get surprisingly good results by looking at the TTL, TOS, Window Size, and DF bit. Includes information on changing your machines fingerprint on Linux and Solaris.

tags | paper, remote
systems | linux, unix, solaris
MD5 | 8bee07cbafbcbd2801a8aff717f7959d
rules.html
Posted Dec 10, 1999
Authored by Lance Spitzner | Site enteract.com

Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did).

tags | paper
MD5 | e4e67de0308f72fae3140eff9e739f6f
fwtable.pl
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

fwtable.pl (ver 1.0), used to convert your Checkpoint Firewall-1 connections table into human readable form. Documentation here.

tags | tool, firewall
systems | unix
MD5 | 32f14ce007e26fe83b60192c13591d08
alert_1.3.tar
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
MD5 | 59ead035a2a3d0d0079ebc74ec132664
enemy.html
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy: The Attack of the Script Kiddie.

tags | paper
MD5 | 25f5751357088891d3f7423d7022db70
enemy2.html
Posted Aug 17, 1999
Authored by Lance Spitzner

The follow-up article to "Know Your Enemy: The Attack of the Script Kiddie", "Know your Enemy II" focuses on intelligence gathering, specifically how to determine what the enemy is doing by analyzing your system log files. Includes examples based on two of the most commonly used scanning tools on the Internet, sscan and nmap.

tags | paper
MD5 | 63a28996068f3ef305971545067de11c
enemy3.html
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy III: They Gain Root - Third installment of the excellent "Know Your Enemy" series of security whitepapers by Lance Spitzner. This paper focuses on how systems are actually compromised, and what the "script kiddie" does to cover tracks and monitor your network. Includes system logs and keystroke history from an actual system compromise.

tags | paper, root
MD5 | ef4a7778516a4baf2beb3b4e7e3317f5
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close