From: "Carolyn Meinel" Date: Tue Jun 27, 2000 9:52 pm Subject: Happy Hacker Network Digest, June 27, 2000 Networking Edition __ __ __ __ __ / // /__ ____ ___ __ __ / // /__ _____/ /_____ ____ / _ / _ `/ _ \/ _ \/ // / / _ / _ `/ __/ '_/ -_) __/ /_//_/\_,_/ .__/ .__/\_, / /_//_/\_,_/\__/_/\_\\__/_/ /_/ /_/ /___/ ___ _ __ / _ \(_)__ ____ ___ / /_ / // / / _ `/ -_|_- To: neteditor@t... HeY, i WaS jUsT wOnDeRiNg If U kNeW hOw To UsE hExWoRks? If So CoUlD u PlZ tElL mE! tHaNk U FoRbIdDeN_sPy Neteditor replies: Hey, Maybe you should worry about your broken Caps Lock key..... ------------------------------------- Subject: grades hacking Date: Sat, 17 Jun 2000 20:09:42 EDT From: AminLucky@a... To: neteditor@t... mu question is how do u hack into a schools computer system and hack into the grades. Neteditor replies: Ah an easy question with an easy solution. You study hard enough so you won't have to. Quit watching "Wargames" and crack a book once in awhile....it'll do you some good. Subject: Re: grades hacking Date: Thu, 22 Jun 2000 16:31:38 EDT From: AminLucky@a... To: neteditor@t... thanx for your stinking advice sunshine which was of no use. chill out and learn to help people. Neteditor replies: Uh, you asked me to help you commit a criminal act, sunshine. Subject: Re: grades hacking Date: Thu, 22 Jun 2000 17:54:42 EDT From: AminLucky@a... To: neteditor@t... the info requested was for knowledge purposes, ive achieved a 2:1 degree already. im doing a masters at the moment. no need to change my grades. so stop jumping to conlusions sunshine. Neteditor replies: Then why ask the question? With your stated outstanding academic achievment you should be able to research the issue yourself. Or perhaps the education insititutions aren't very good these days.... Yours Truly, Sunshine -------------------------------------------------------------- And now on to intellegent people asking intellegent questions....these people make my day.... -------------------------------------------------------------- Subject: Firewalls Date: Tue, 13 Jun 2000 14:55:17 MDT From: "Brett Forsgren" To: neteditor@t... Sorry to bother you but i have a (small) home network and my parents sound really interested in either buying a cable modem or DSL. The problem that i see with that is whenever the (host) computer is on, (the one i connect to the internet through) we will be connected to the internet. I was wondering where would i get firewall software to protect my computers and how would I set it up? I have to comps running Windows98 SE. I also have a NetGear hub and NetGear Cards. Thanx for your time. Brett Neteditor replies: The 2 products I can recommend would be BlackIce Defender or Signal 9 PC Firewall, both are very easy right out of the box and provide adequate protection against script kiddies. --------------------------------------------------- Subject: Network Address Translation Date: Mon, 19 Jun 2000 09:04:25 -0500 From: Wayne Norrie To: "'neteditor@t...'" Hello, I have a question about NAT and its inherent security. My company recently installed a router/firewall that uses NAT. We are using this feature and want to know how open we are to intrusion. I contacted the manufacturer of the device and asked them this question and they informed me that using NAT will effectively keep out all intruders. After reading your web site I am not so sure. The router/firewall device has a public address, as you probably can figure, and all the machines behind it have a private addressing scheme. How vulnerable are we? I have run a portscan on it and there are only a couple of ports open on it. 23, 80 and 1723. We telnet into it via port 23, 80 is obvious and 1723 is for the VPN this device is supporting. Any advice would be helpful. We can install filter sets on this device also. I am planning on doing this as additional security. The telnet port will be limited to a single IP address only as will port 1723. Thanks for your site. I find the information quite useful as I learn about network and internet security. Wayne Norrie Wayne, Neteditor replies: While NAT is very useful, it isn't really a security tool. A few issues you may want to consider. 1. You've limited yourself to a single point of entry, that's good, an individual has to gain privilege on one specific box now instead of many. 2. Why use telnet at all? SSH is much more secure and can be configured with a few different encryption schemes. 3. What happens when you add mail servers, web servers, etc. that need a real IP address? Do you plan on implementing a DMZ segment? Or will you use NAT to give them external interfaces? 4. With the ease of spoofing IP addresses, limiting your VPN and telnet access to one IP really isn't that protective, and while it's better than nothing it won't stop someone who knows what they're doing. 5. I would suggest allowing NO traffic to hit the firewall itself, unless absolutely necessary. --------------------------------------------------------- Subject: Certificates Date: Thu, 21 Jun 2001 12:48:24 +0200 From: "Flame" To: I just installed a certificate from www.hotmail.com and I don't have a clue what it is...? Neteditor replies: It is a digital certificate, showing proof of who is sending data --------------------------------------------------------- That's all for now, keep on hacking in the free world...... Cheers, E _____________________________________ This is a list devoted to *legal* hacking! If anyone plans to use any information in this Digest or at our Web site http://happyhacker.org to commit crime, go away! We like to put computer criminals behind bars where they belong! Email addresses: Windows Editor Greggory Peck wineditor@h... Networking Editor neteditor@t... Unix Editor Mike Miller unixeditor@t... Mac Editor Pat. St. Arnaud maceditor@t... Clown Princess Carolyn Meinel cmeinel@t... Happy Hacker, Inc. is part of a 501 (c) (3) tax deductible organization