Exploit the possiblities
Showing 1 - 12 of 12 RSS Feed

Files from Lance Spitzner

Email addresslance at spitzner.net
First Active1999-08-17
Last Active2000-11-10
Posted Nov 10, 2000
Authored by Lance Spitzner | Site enteract.com

Know Your Enemy: Worms at War - A Windows 98 honeypot machine was taken over by 2 different worms in a week. The worms spread via open file shares and installed the distributed.net RC5 client.

tags | paper, worm
systems | windows, 9x
MD5 | 1f23b9b0bef894b514c2ff7775caa093
Posted Jun 7, 2000
Authored by Lance Spitzner | Site enteract.com

DoS attack for all platforms of Checkpoint Firewall-1 has been identified. Large numbers of fragmented packets cause the CPU to hit 100% utilization, and the system locks up. Some systems may also crash, depending on OS type. The rulebase can not be used to block the attack, and nothing is logged. More information on Firewall-1's state table available here.

tags | exploit
MD5 | 1a029dc5aa8df36b4c918d235b1af42b
Posted May 26, 2000
Authored by Lance Spitzner | Site enteract.com

Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.

tags | paper
MD5 | a87a4b4940160dc75d39ebcd278bcd54
Posted May 22, 2000
Authored by Lance Spitzner | Site enteract.com

"Know Your Enemy: A Forensic Analysis". This paper is a continuation of the Know Your Enemy series. The first three papers covered the tools and tactics of the black-hat community. This paper, the fourth of the series, studies step by step a successful attack of a system. However, instead of focusing on the tools and tactics used, we will focus on how we learned what happened and pieced the information together. The purpose is to give you the forensic skills necessary to analyze and learn on your own the threats your organization faces.

tags | paper
MD5 | 3c7c4c7fa100ea900c03936d32c2ea4b
Posted May 16, 2000
Authored by Lance Spitzner | Site enteract.com

IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies. By analyzing sniffer traces and identifying these differences, you may be able to determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz.

tags | paper, remote, proof of concept
MD5 | 2aa7b3dc1c6b55b5165fe2debf6d98a4
Posted Apr 27, 2000
Authored by Lance Spitzner | Site enteract.com

Passive Fingerprinting is a method to learn more about the enemy, without them knowing it. Specifically, you can determine the operating system and other characteristics of the remote host using nothing more then sniffer traces. Though not 100% accurate, you can get surprisingly good results by looking at the TTL, TOS, Window Size, and DF bit. Includes information on changing your machines fingerprint on Linux and Solaris.

tags | paper, remote
systems | linux, unix, solaris
MD5 | 8bee07cbafbcbd2801a8aff717f7959d
Posted Dec 10, 1999
Authored by Lance Spitzner | Site enteract.com

Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did).

tags | paper
MD5 | e4e67de0308f72fae3140eff9e739f6f
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

fwtable.pl (ver 1.0), used to convert your Checkpoint Firewall-1 connections table into human readable form. Documentation here.

tags | tool, firewall
systems | unix
MD5 | 32f14ce007e26fe83b60192c13591d08
Posted Nov 29, 1999
Authored by Lance Spitzner | Site enteract.com

IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.

tags | tool, remote, intrusion detection
systems | unix
MD5 | 59ead035a2a3d0d0079ebc74ec132664
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy: The Attack of the Script Kiddie.

tags | paper
MD5 | 25f5751357088891d3f7423d7022db70
Posted Aug 17, 1999
Authored by Lance Spitzner

The follow-up article to "Know Your Enemy: The Attack of the Script Kiddie", "Know your Enemy II" focuses on intelligence gathering, specifically how to determine what the enemy is doing by analyzing your system log files. Includes examples based on two of the most commonly used scanning tools on the Internet, sscan and nmap.

tags | paper
MD5 | 63a28996068f3ef305971545067de11c
Posted Aug 17, 1999
Authored by Lance Spitzner

Know Your Enemy III: They Gain Root - Third installment of the excellent "Know Your Enemy" series of security whitepapers by Lance Spitzner. This paper focuses on how systems are actually compromised, and what the "script kiddie" does to cover tracks and monitor your network. Includes system logs and keystroke history from an actual system compromise.

tags | paper, root
MD5 | ef4a7778516a4baf2beb3b4e7e3317f5
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

March 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    14 Files
  • 2
    Mar 2nd
    12 Files
  • 3
    Mar 3rd
    1 Files
  • 4
    Mar 4th
    3 Files
  • 5
    Mar 5th
    15 Files
  • 6
    Mar 6th
    23 Files
  • 7
    Mar 7th
    15 Files
  • 8
    Mar 8th
    15 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    2 Files
  • 11
    Mar 11th
    1 Files
  • 12
    Mar 12th
    16 Files
  • 13
    Mar 13th
    20 Files
  • 14
    Mar 14th
    12 Files
  • 15
    Mar 15th
    10 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By