what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Lance Spitzner

Email addresslance at spitzner.net
First Active1999-08-17
Last Active2000-11-10
kye-worm.txt
Posted Nov 10, 2000
Authored by Lance Spitzner | Site enteract.com

Know Your Enemy: Worms at War - A Windows 98 honeypot machine was taken over by 2 different worms in a week. The worms spread via open file shares and installed the distributed.net RC5 client.

tags | paper, worm
systems | windows
SHA-256 | 001768ec7fe5c171df471386eb9d9fb74b95f1b5c2c1c2c6c56bd1aec4e5d473
firewall-1.fragment.txt
Posted Jun 7, 2000
Authored by Lance Spitzner | Site enteract.com

DoS attack for all platforms of Checkpoint Firewall-1 has been identified. Large numbers of fragmented packets cause the CPU to hit 100% utilization, and the system locks up. Some systems may also crash, depending on OS type. The rulebase can not be used to block the attack, and nothing is logged. More information on Firewall-1's state table available here.

tags | exploit
SHA-256 | 443e72af7463c692428baddc50b3b04477971f4a89888b58f9bd92548ef83428
scan.txt
Posted May 26, 2000
Authored by Lance Spitzner | Site enteract.com

Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.

tags | paper
SHA-256 | e72c12e1acb37e79161699a3b751dc1477a3d0997d232b544f067e7d9795cbb4
forensics.kye.html
Posted May 22, 2000
Authored by Lance Spitzner | Site enteract.com

"Know Your Enemy: A Forensic Analysis". This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces.

tags | paper
SHA-256 | 709a59fc782615e033bd0631bccf540ce8f53460a2e328ac4dd4649f8becea8f
fingerprinting.txt
Posted May 16, 2000
Authored by Lance Spitzner | Site enteract.com

IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able to determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz.

tags | paper, remote, proof of concept
SHA-256 | a1f307232d25c3c33667a984bcfb4fee678e8e8d1ba6ef3f1c97fe30acfec9b9
finger.htm
Posted Apr 27, 2000
Authored by Lance Spitzner | Site enteract.com

Passive Fingerprinting is a method to learn more about the enemy, without them knowing it. Specifically, you can determine the operating system and other characteristics of the remote host using nothing more then sniffer traces. Though not 100% accurate, you can get surprisingly good results by looking at the TTL, TOS, Window Size, and DF bit. Includes information on changing your machines fingerprint on Linux and Solaris.

tags | paper, remote
systems | linux, unix, solaris
SHA-256 | 3de3522a3961606ab4ff30b515bb3831552e13e90fd72c8718c7d15a4adf6301
rules.html
Posted Dec 10, 1999
Authored by Lance Spitzner | Site enteract.com

Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did).

tags | paper
SHA-256 | 9dde1b219909aac384fb5e8cfec30116ca44bb073137d65a24699e4dc861a70e
fwtable.pl
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

fwtable.pl (ver 1.0), used to convert your Checkpoint Firewall-1 connections table into human readable form. Documentation here.

tags | tool, firewall
systems | unix
SHA-256 | 93b2d75bb002c81f7bfb72a4deaa1af4ba6e4130e5a4b81bd73018ae34984d87
alert_1.3.tar
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
SHA-256 | 10f4b8a670367efd29cc6f1e2b1080b57abab5342acc80ce9ffe06156a3179e0
enemy.html
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy: The Attack of the Script Kiddie.

tags | paper
SHA-256 | 2de0c8fc61b6b8d355c54d853bd8752f9b629566b510e64d522afee7686c459d
enemy2.html
Posted Aug 17, 1999
Authored by Lance Spitzner

The follow-up article to "Know Your Enemy: The Attack of the Script Kiddie", "Know your Enemy II" focuses on intelligence gathering, specifically how to determine what the enemy is doing by analyzing your system log files. Includes examples based on two of the most commonly used scanning tools on the Internet, sscan and nmap.

tags | paper
SHA-256 | 800df1fbd42d90b7f02443d2f98f5e69be0e2443c0c7b7ad52207739ff603491
enemy3.html
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy III: They Gain Root - Third installment of the excellent "Know Your Enemy" series of security whitepapers by Lance Spitzner. This paper focuses on how systems are actually compromised, and what the "script kiddie" does to cover tracks and monitor your network. Includes system logs and keystroke history from an actual system compromise.

tags | paper, root
SHA-256 | 8b640e2a96d412ac5c7f6f2b4991c79cb30bccee19af997dc8741dac3e5d8cdf
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close