Don Parker

VPN’s and fragmentation

Well I would imagine most of you have Virtual Private Network’s (VPN) on your corporate network. That plus the use of an IDS can potentially give you problems, as often the use of VPN’s will result in fragmented traffic. Had that very problem occur to me a couple of years ago, and the end result was some really bizarre fragmented traffic. It took a while to figure out what the problem was but eventually we were able to trace it back to the VPN. Any of you guys ever experience the same scenario?
Technorati Tags: VPN, Packet, Fragmented packet, IDS

2007 e-Crime Survey

2007 e-Crime Watch Survey and the 5th Annual Global State of Information Security

Awareness of information security and identity theft issues is at an all-time high, but overall security isn’t improving. Even with increased IT spending, security specialists are recognizing that the amount they don’t know is rapidly growing. The explosion of stealthy threats from bots, Trojans and rootkits continues to out pace most IT staff capabilities.

Date:Nov. 27, 2007

Time:2:00 PM ET

1:00 PM CT

12:00 PM MT

11:00 AM PT

Register for this event

Join us for a look at two recent surveys of security professionals, the 2007 e-Crime Watch Survey and The Fifth Annual Global State of Information Security. These 2007 surveys have been compiled from CERT, CSO Magazine, U.S. Secret Service, CIO, CSO and PricewaterhouseCoopers. This presentation will focus on the results, analysis and potential solutions for SMB organizations.

Technorati Tags: E-crime, Trojans, Bots, Rootkits

More Microsoft patching

A good number of you are likely aware that Microsoft just issued another series of patches recently. I’m curious though to know if any of you have seen any activity that used these exploit vectors? Personally, I have not seen any such activity. It is always interesting to see just how widely exploited some of these vulnerabilities are prior to the actual patch announcements. Quite a few people have the skill to reverse engineer the patch, once released, and then find the problem. That is why things often pick up after a patch release.
Technorati Tags: Microsoft, Patch Tuesday, Exploit, Vulnerability

ISP Abuse departments

Well I have always known that ISP abuse departments are generally very lame. They never seem to bother returning any darn email that you send them. I recently had the need to try and find out what the heck an intermittent connection was doing. It was easily resolved the ISP but when I tried to surf to that IP address on port 80 there was nothing there. Strange. I thought my wife or son might have gotten me hacked . So I decided to send some packet logs to the ISP abuse department to investigate just why this IP addy with no web server was seeing SYN connect attempts by my computer.
07:52:41.875000 IP (tos 0x0, ttl 128, id 21722, offset 0, flags [DF], proto: TCP (6), length: 48) 192.168.111.2.1374 > 209.123.81.159.80: S, cksum 0x727f (correct), 3900559278:3900559278(0) win 65535 <mss 1460,nop,nop,sackOK> 0x0000: 4500 0030 54da 4000 8006 5328 c0a8 6f02 E..0T.@…S(..o. 0x0010: d17b 519f 055e 0050 e87d cfae 0000 0000 .{Q..^.P.}…… 0x0020: 7002 ffff 727f 0000 0204 05b4 0101 0402 p…r………..
Well the abuse department never bothered to get back to me of course. Job well done ya bunch of idiot sticks. Nice to see your sad level of committment! Anyhow, I decided to run tcpdump.exe on my computer to try and find out what the heck was going on for as mentioned there was no web server at the IP addy. Well, it turned out to be much ado about nothing. It was Symantec dialing out for a/v updates.
07:52:41.906250 IP (tos 0x0, ttl 128, id 21728, offset 0, flags [DF], proto: TCP (6), length: 126) 192.168.111.2.1375 > 209.123.81.159.80: P, cksum 0x5336 (incorrect (

Software baselines

As attackers continue to target software packages such as Quicktime, amongst others, it makes one wonder if more companies should not clamp down on their software baseline installs. While Microsoft has steadily improved the security of their operating systems it only makes sense then for hackers to shift their focus. This is where having a sane software baseline is very important for a corporate network. There is really little need to install Quicktime to list but one example. Too many employees expect their company to also act as an ISP while forgetting they are there to work. Having a software baseline is one way to deal with not only employee surfing but also to help secure the network itself. Any of you guys have such a policy in place at work?
Technorati Tags: Quicktime, Microsoft, Software baseline, ISP

Symantec purchases yet another company

If you ask me the trend of the last few years, which has seen a tremendous amount of consolidation in the computer security industry, is not really a good thing. Now Symantec has bought out another company in order to round out its product offerings. It is not often that you will see large companies being at the forefront of innovation. This is why it does not really bode well for us as a whole. Another example of this is IBM and others companies going on a recent buying spree. Its great news for the owners and or shareholders of the bought out companies, but not so great for the rest of us. Time will be the ultimate judge of this though.
Technorati Tags: IBM, Watchfire, Symantec

Scroll to Top