different protocols thru double firewall

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Bios Serial Number - unique system identifiers Can I trust on ( Bios Serial Number + MAC ) to identify a machine? (I want to use it as my hashvalue in a public/private key mechanism) I know that it is possible to disable the processor serial number, so I can´t use it. Idon´t know if it is possible to disable the Bios Serial Number. Thanks Gaby Tag: different protocols thru double firewall Tag: 64143
  - 2
    - question on computer access I don`t know if this can be done....I would like to be able to tell if anyone has accessed my PC at home in my absence, I am not looking for key loggers just a basic something or other that lets me know someone has used it or that they may have installed a programme. I currently use Spybot and AVG for antivirus stuff and have a firewall and run ocassional `other` virus checks. I am sure computer is being used as some settings have changed and a couple of things haven`t worked when I have returned, when I ask no one used it. I don`t want to stop them using it but if I can prove they have then maybe they will be more careful and stop mucking around with it. My next step would be do deny them access which I am reluctant to do,I just want to get it under control. any help appreciated. thanks Tag: different protocols thru double firewall Tag: 64140
  - 3
    - Cumulative Patch Listings? Is there a place on Microsoft's site or any other location that is a good resource to find what MSxx-xxx number covers for other MS numbers? In other words: MS04-004 is a cumulative patch, I can see it covers MS03-048 but can't find a list of all prior patches it would cover... I hope this makes sense... Thanks! Tag: different protocols thru double firewall Tag: 64136
  - 4
    - need hardware based spyware blocker Does anyone know of a piece of hardware that I can use to put on networks to block all incomming spyware from reaching my computers. I have serveral dicconnected neteworks in verious locations that I want to use it on. Tag: different protocols thru double firewall Tag: 64134
  - 5
    - spyware problem, please help Hi, I have ran ad aware and spybot s&d and both have found some spyware on my pc (win xp). i had these programs fix the selected problems. after i did that i connect(dial up) to the internet ok, but internet explorer wont load any webpage or allow me to send/recieve email via Microsoft Outlook. so i restored the spyware and I.E. and my email worked. i have it now narrowed down that if i remove the SAH spyware on my pc I.E. or email wont work. WHY?? and How do i fix this? Tag: different protocols thru double firewall Tag: 64126
  - 6
    - Kernel32.dll causing shutdown I am running Win98 and I occasionally get the familiar message 'illegal operation - windows will be shutdown etc..' when I look at the details, it shows me the problem file as 'Kernel32.dll'. I recently downloaded Spybot, Ad-Aware, ETrust (I have been trying to clean my pc of malware). Does anyone know what this dll is? Any comments would be greatly appreciated. Bryan Tag: different protocols thru double firewall Tag: 64122
  - 7
    - Password history Hi, I want to have strong password restriction in AD but i don't know how to prevent changing a password like this: old: Asdfg_01 new: Asdfg_02 I remember that somewhere (AS400 or UNIX) there is additional restriction - number on characters which could be repeated during password change - is there something like this in AD? Regards, Radek Tag: different protocols thru double firewall Tag: 64117
  - 8
    - what is a DSO exploit? As Above Tag: different protocols thru double firewall Tag: 64116
  - 9
    - how do I remove cookies completely I use adaware and everytime I run it there are about 10 cookies that keep appearing, I check them and have them removed but when I run adaware again, they are back. How do I get rid of cookies completely, never having them return again? Tag: different protocols thru double firewall Tag: 64112
  - 10
    - Hardware box to block spy programs on entire network Does anyone know of a piece of hardware I can put on the network that will block spy programs from being down loaded onto my network. Thanks jess Tag: different protocols thru double firewall Tag: 64091
  - 11
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: different protocols thru double firewall Tag: 64081
  - 12
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: different protocols thru double firewall Tag: 64080
  - 13
    - Certificate for non-windows machines I am trying to generate certificates for some apache servers running on linux. After the OpenSSL request generation, when I attempt to validate the certificate in the CA tool, it complains saying that it failed because the certificate doesn't have a template. How do I fix this? Or, how do you sign certificates made on non-windows machines? Tag: different protocols thru double firewall Tag: 64079
  - 14
    - OH BOY - NEED SOME INPUT 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: different protocols thru double firewall Tag: 64077
  - 15
    - New MSSecure.XML Version 2004.11.09.0 Now Available MSSECURE.XML Data Version 2004.11.09.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, November 9, 2004, and is now available for all supported languages (English, French, German and Japanese). This XML contains necessary updates for the MS04-039 bulletin for ISA Server released today, although MBSA does NOTsupport this product for detection (see KB306460 for for information on supported MBSA products). This release also includes a number of minor bug fixes reported by customers and PSS to resolve 'invalid checksum' and 'greater than expected' warnings. Please post issues where MBSA reports errors or warnings for cases you may feel are incorrect. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: different protocols thru double firewall Tag: 64076
  - 16
    - VBS Security Vunrulbility Has anyone heard of thido you know if its true and weather to disable what it says? > Opening the wrong E-mail may soon be enough to empty your bank account. In an effort to woo security-conscious computer users, "phishers" have come up with a new technique to harvest online banking details without requiring users to click on a Web link and enter personal information on a submission form. This new form of attack, directed specifically at users of online banking, runs a script when a phishing E-mail message is opened, according to E-mail and virus security company MessageLabs Ltd. The script tries to rewrite the host files on the machine of the recipient. On subsequent attempts to access online banking services, victims will unknowingly be redirected to a fraudulent Web site designed to capture their log-in details. Alex Shipp, senior antivirus technologist at MessageLabs, says such developments only make it harder to defend against phishing. Traditional phishing attacks rely on tricking the user into following a Web link and then entering personal information. "This one is much more insidious," he says. Some 3% of those targeted by phishers reveal personal information, according to a study released in April by research firm Gartner. Shipp adds that this new technique, which has only been detected in Brazil, is probably being tested for wider deployment. That's what happened with first-generation phishing attacks that were tested in Australia before being directed at users in the United States. Only systems that have enabled Windows Script Host are vulnerable to this attack. WSH lets users run VBScript and JScript scripts within the Windows operating system. Sophos plc, an antivirus company, offers instructions on how to disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses these days probably have this disabled," Shipp says. "But home users are more vulnerable." Tag: different protocols thru double firewall Tag: 64074
  - 17
    - OH BOY - NEED SOME HELP! Can any one tell me what this looks like? Are you thinking what I am thinking? Any thoughts are appreciated? ENVIROMENT SERVER:NT 4.0 6A PROXY 2.0 Exhange 5.5 SP4 Antigen Virus Software Here is a snapshot from a PF proxy log. I have changed the internal and gateway ip addresses for security reasons. Just imaging tat 111.111.111.11 is the internal address of the NT server in question, and 100.100.100.10 is internet gateway address. I am seeing this occur periodically. Also, our proxy suddenly crashes, and brings down all the services, thus preventing any Internet Access. I have to start the services again. My servers have all MS Updates. 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: different protocols thru double firewall Tag: 64073
  - 18
    - OH BOY! Can anyone tell me what this looks like??? Is it perhaps what i think it is? 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:43, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 209.202.125.58, 209.202.125.63, Udp, 138, 138, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:02, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:03, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:06, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:38, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:43, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:44, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:03, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:04, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:07, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, Tag: different protocols thru double firewall Tag: 64072
  - 19
    - Microsoft Security Bulletin(s) for November 9, 2004 November 9, 2004 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: October Summary http://www.microsoft.com/technet/security/Bulletin/ms04-nov.mspx Important Bulletins: MS04-039 - Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) http://www.microsoft.com/technet/security/Bulletin/ms04-039.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: different protocols thru double firewall Tag: 64071
  - 20
    - backup security event viewer I want backup my security event log on event viewer on a Dc (windows 2003). If I use a script I obtain a evt file. But If I open that evt file on a pc that isn't in domain, I see the SID no the Users name of the users. So if I want made a good backup on my dc how Have I do? Thanks Tag: different protocols thru double firewall Tag: 64070
  - 21
    - Deleting messenger How do I disable MSGR 4.7 from my system at work? I try to in the 'control panel' - delete 'windows programs'; however, it seems to not work. I try to delete the actual file program icon; but it won't let me delete the file there either? I have a feeling that it is connected to another program - possibly outlook? I'm not sure. My concern is this: I will be leaving from the office soon, and want to ensure that nobody will have access to msgr/my inbox. when I open messenger, someone can click '___@hotmail.com' - 'click here to sign in' and anyone can have access to my email. Tag: different protocols thru double firewall Tag: 64068
  - 22
    - Warning: flawed security on webhostin server ehosting.ca (same as mecca.ca) Hi NG, Anybody of users having a web site on ehosting.ca (mecca.ca) server can read anybody else's source code, asp files, connectionstrings and all. I could. I tried to warn the administration of this flaw but they not only don't understand their problem but belligerently defend their incompetence. No wonder they don't warn their customers about it. Because, first, they didn't even realize it and, when I told them about it, they blamed me for having tried to hack. They think security means only preventing script execution rights on user account folders and have been giving "Read" access to "Everyone" in order that their system could get directory listings!! Later on they said that they have made a typo, and that they're giving read rights not to "Everyone" but to "IIS-User" system user-account. It doesn't change the fact that the users can read each others' files. After my warnings, they might have improved the security level on the host, but from their record, you can't be very secure. So be warned. After all I felt forced to cancel my membership (on Nov 06, 2004 see below). When I created the FSO page back in 2000 the idea looked pretty new to me; you write down the virtual path to a dummy folder on my site and can read the directory listings. Then you double-click on a subfolder and get its listings. Double-click on a filename and (if ASCII) it opens in another page, where you can edit and save (in theory). And I put it on my free site at brinkster.com as a demo (www11.brinkster.cm/Nersessian/, registration is needed to see some files and their sources; only English part is more or less functional. I'm trying to set up a new site). Now this type of application is being used on many servers. Brinkster.com gives the warning that the free sites are insecure, so does 1asphost.com where the FSO doesn't exist at all on free sites. All is done to encourage paid membership. Here, on ehosting.ca, with paid membership, users have same or less security as on brinkster.com for free hosting. So when I uploaded this file, I was 100% sure it would not allow me to go above my own folder, but it did, successfully. Below I include my response to one of the administrator's message to me (after I also got a "Hello there" message from the biling@mecca.ca informing me that full refund in that company means less than 40% of the membership fee!!): //*********************************************************** What you're doing endangers your clients' and their users' private information. I suggest you to read Microsoft's public web server security guidelines again. Your interpretation of those guidelines is very peculiar, to say the least. 1. Absolutely non-important that other users cannot execute scripts in my account. If "Everyone" can read in my account, the real hackers will be "executing" my users' identities and their credit card numbers on their bank accounts, not scripts on my account. I hope you can figure out how they get that information, once they can read in your clients' files 2. Even if the system has to read in account folders, there is a user called SYSTEM. You could give it read rights. Not to Everyone. 3. I don't think that you even have a 'Clients' (or whatever) user group for clients, or know how and for what to apply it, if you give Everyone read rights. 4. You are not warning your clients about the security hazards their and their users subject themselves accepting your hosting services. Although this email will efficiently help you improve security on your hosting server, I don't expect to receive apologies or gratitude from you. But I will think it over, if I will warn your clients about your incompetence regarding their accounts' security and if to take further action. Regards, AN Mecca Administration <admin@mecca.ca> wrote: Hello, Well "Everyone" write access is disabled on c:\clients folder and you cannot use a web based script to write data to other clients' folders. We must enable "Everyone" read access so that other server components can read the directories and files listng. Keep in mind that we had followed Microsoft's public web server security guideline closely when we implemented the security structure few years ago. If you want to have a very secured server environement, please consider our dedicated server hosting. Also keep in mind that according to TOS, no subscribers are not allowed to hack into our systems: 3.1 The Subscriber will not hack, break into, access or use or attempt to hack, break into, access or use any part of the Services, its content and/or any data areas on Mecca's server(s) for which the Subscriber has not been authorized by Mecca. However, should you decide to call off our hosting service, please confirm your decision before November 08, 2004 (Note that you can only request the refund within 14 days of purchase). Cancellation request submitted after this day will not be counted within our 14 day money back guarantee period and thus, no full refund MINUS $15 administration fee (plus any applicable cheque handling charge) will be issued. Best regards, Systems Operations /*************************************************************************** ***** Tag: different protocols thru double firewall Tag: 64067
  - 23
    - US - CERT Vulnerability Note VU#842160 Microsoft has not responded to this potential issue. Does anyone know the status or if Microsoft has responded in any way. TIA Tag: different protocols thru double firewall Tag: 64064
  - 24
    - Twain Tech removal I finally got rid of one instance of Twain Tech on an XP machine after days of fighting it. 1. I deleted everything in \documents & settings\*username*\local settings\temp folder. 2. I deleted the key: HKLM\software\microsoft\windows NT\currentversion\winlogon\notify\WPAEvents. It was pointing to the "2ldsrch.dll" file in system32 folder that kept coming back. 3. I ran the Giant software that finds and deletes the "2dlsrch.dll" file that shows up as 'TwainTech'. 4. Reboot If you update to Windows XP service pack 2 and run the "critical updates" for XP, you can prevent programs like this one from coming back. I just wanted to see if I could get rid of this one manually before updating to SP2. Hope this helps someone! - Jim http://www.wwwdothttpdotdotcom.com Tag: different protocols thru double firewall Tag: 64062
  - 25
    - spyweeper keeps popping up asking to keep/remove startup items Hi On my windows XP Professional PC I have spysweeper installed. While I am working away it keeps popping up asking to keep or remove various startup items. Its a different startup item name each time. These are the details of the item: Startup Item: egFHY9Ex (This name changes each time) inetkw CommonName Location: C:\PROGRA~1\vowpuqt\qpwostw.exe Registry or startup Folder: HKLM:Run Any ideas of what it can be? Ive turned off spysweeper for the monent. Tag: different protocols thru double firewall Tag: 64060
- Next
  - 1
    - svhost.exe and bgthye.exe I had had problems with a users notebook using up all the bandwith when it was connected to the LAN in the office. Ending Process "bgthye.exe" in Task Manager fixed the problem. After installing XP SP2 on the machine, Windows asked me if I wanted to block svhost.exe and bgthye.exe from accessing the Internet. I found some user group chats that highlighted svhost.exe as a virus and described how to get rid of it. Fine! My problem is that I can find nothing about "bgthye.exe". Does anyone know if this is a virus too? And should I be following the same sort of process to getrid of it as I did with svhost? Tag: different protocols thru double firewall Tag: 64059
  - 2
    - XP doesn't recognize VCOM virus protection Is this common? It's definitely in there... The computer in question had a virus, so put in a larger hard drive, reloaded everything and installed VCOM Fix-It Utilities. After doing all that, a little cartoon bubble popped up that said it didn't see any virus protection software. I figured out how to stop it from continually asking about it and sent the computer on its way. *that is the question I have* NOW for a little background and longer story... Here it is, one week later, and they've got a virus again. They have MSN and have many attachments in their hotmail email inboxes. I am thinking that there is a virus in one of them, and when launched it infects the PC. I have the same VCOM Fix-It Utilities on my PC with Windows98 and use Outlook Express for email. If I am sent a virus, I get an alert as soon as it shows up in the inbox. Using MSN Hotmail, it seems to me that the virus wouldn't be detected by VCOM Fix-It Utilities until it was too late - AFTER the infected file has been launched. Am I thinking wrong? I read that MSN Hotmail accounts are supposed to protected by McAfee, but if I find my theory about this to be true (I'm picking up the diseased PC tomorrow to check it out), Hotmail's going to be hearing from me. Thanks for listening, and if you have any ideas or random thoughts feel free to reply, Bill Tag: different protocols thru double firewall Tag: 64055
  - 3
    - SUS Problem The SUS 2.0 SP1 administration screen on Windows 2003 Server comes up blank using http://<servername>/SUSAdmin I found no knowledgebase articles on this. What can I do to fix this? Thank you! Tag: different protocols thru double firewall Tag: 64054
  - 4
    - SUS problem The SUS SP1 administration screen on Windows 2003 server comes up blank using http://<servername>/SUSAdmin I found nothing in the Knowledgebase about this. What can I do to fix this? Thank you! Tag: different protocols thru double firewall Tag: 64053
  - 5
    - svchost and awm removal Please advise if you know how to remove svchost and awm .exe files from a server using win 2000 server Tag: different protocols thru double firewall Tag: 64051
  - 6
    - svchost and awm .exe file removal Please advise if you know how to remove svchost and awm from a server using win2000 server Tag: different protocols thru double firewall Tag: 64050
  - 7
    - W32/Mydoom.ag@MM - Heads Up! From: http://forums.mcafeehelp.com/viewtopic.php?t=34893 <quote> This brand new version of MyDoom is HTML based and does not contain attachments. It also exploits a critical IE vulnerability, so AV protection plus best practices are needed -- as this one has some potential. W32/Mydoom.ag@MM - Zero Day IE I-FRAME Attack http://secunia.com/virus_information/13213/mydoom.ag/ http://vil.nai.com/vil/content/v_129630.htm This W32/Mydoom@MM variant makes use of a zero day attack targeting a Microsoft Internet Explorer IFRAME buffer overflow vulnerability. The virus spreads by sending email messages to addresses found on the local system. The message appears as follows: From: Spoofed address Subject: may vary * funny photos :) * hello * hey! * blank There is no attachment to the message. The homepage hyperlink points to the infected system which sent the email message. Clicking on the link, accesses a web server running on the compromised system. The web server serves HTML that contains IFRAME buffer overflow code to automatically execute the virus. </quote> -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Tag: different protocols thru double firewall Tag: 64045
  - 8
    - Free adware removal products for Win95 Does anyone know of any free adware removal products for Win95? (I know, I know...but we are a non-profit agency, and every penny counts!) We have a computer that is badly infected, but I can only get Spyware Blaster to work in it. Adaware doesn't even load, and Spybot S&D states on the website that you need at least Win98. Thanks for any help! Tag: different protocols thru double firewall Tag: 64043
  - 9
    - IPSec experience in internal networks I have been reading documentation on enabling IPSec on AD environment via group policies (client-to-client, server-to-client, server-to-server). In general, for a 3,500+ PCs environment, with 120 Win2000/Win2003 servers, what would be the maintenance involved when enabling IPSec ? Do you think that encrypting data internally with IPSec is that something organizations are really doing successfully these days ? Tag: different protocols thru double firewall Tag: 64040
  - 10
    - Accessing resources on a Domain from a Workgroup on a different su Our PDC is an NT Server with an IP of x.x.x.* We have remote PC's not joined to this domain, but are just in their own peer to peer workgroup, and the have a different subnet of x.x.y.* Through the "search for computers" option, and entering the IP of the PDC, I can see all the shared resources within the domain from a PC in the workgroup, but cannot access any folders. All the remote PC's are Windows 2000. Is there ANY way to access the shares that exist within the domain from a non-domain PC without joining the domain and/or changing the subnet to match the PDC? Thanks. Tag: different protocols thru double firewall Tag: 64039
  - 11
    - problem with e-mail when i open my e-mail i want to open another window from my e-mail and nothing will open. this happens all the time and some e-mails are important to me.When i get personal mail i can open up pics and stuff, but when a group of mine mails me i cant even go to the home page from my mail. I hope you can help me with this. I have Norton 2004 firewall and antivirus Thxs -- randyman Tag: different protocols thru double firewall Tag: 64031
  - 12
    - hack tools detected I occasionaly use my laptop and only have AVG antivirus loaded. Everytime that I use the laptop I update the AV and then run a full scan. On my last scan nothing was detected, I used the laptop for a few hours and then shut it down. This morning I loaded Panda Titianium AV and then ran a full scan and it told me that it had found three Hacker tools which seemed to be installed in the system restore files. They had the word PSkill attached to them, Can anybody tell me what these are and how they could affect me. They are now deleted. I have run Adaware, Spybot and Panda and seem to have a clean system. Could any damage have been done. Tag: different protocols thru double firewall Tag: 64028
  - 13
    - Restricting Users from Installing Application I have been trying to figure out a way to keep users from installing applications from cd or through the web to a workstation. Everything I have tried restricts administrators as well. Most of the tips i have tried have come from winguides.com. It has some helpful informatio but not exactly what i am looking for. Tag: different protocols thru double firewall Tag: 64023
  - 14
    - MS Update incorrectly warns of virus My MS Update subscription is incorrectly telling me I probably have or have had a virus, offering me the Mydoom, Zindos, and Doomjuice Worm Removal Tool (KB836528) The only reason I can think it might flag the "virus" is that I have MS Taskmon.exe in the windows folder. NOT the one in the %system% folder that is a symptom of Mydoom. I don't have and have never had a virus. I currenlty run 98se, Zonealarm and Nod32, practise safe sex, wear sunglasses and manually check the registry, ini files, autoexec.bat, startup etc. I used the Syphos and McAfee descriptions of the infection and went through all the things the virus could have done, and none of them were on the PC. I'm not promiscuous with the PC (e-promiscuous??) so there's no real chance I've caught a virus recently. How can I stop MS offering me this update that I don't need? Thanks in advance Jon Tag: different protocols thru double firewall Tag: 64020
  - 15
    - XP Pro "search" feature seems to ignore file permissions Hi Guys, I'm messing with settings in my brand new machine, as was wondering why it seems that XP Pro's "search" feature ignores folder permissions. For example, I have a user named "user1." If I create a folder and give him full control of it and deny full control to all other users on the machine, I'm still able to "search" and see file names and directory structures that should be off limits. It just occured to me that maybe this is because I'm checking with my administrator account, but I explicitly denied administrator permissions as well. As a sidenote: I'm running Windows XP Professional, SP2 w/ the latest, greatest hotfixes (as of November 7th). Any ideas? Tag: different protocols thru double firewall Tag: 64018
  - 16
    - blocking ip address only one I use Windows XP Pro, and I have a stay-alive-connection, and some idiot keeps getting in to my computer he doesn't do anything to hurt my system but I'm tired of pulling the power cable to keep him out for a day or 2 . I know his Ip address only. I have contacted my Isp, but they suck and don't do anything. I can not unplug my network cable, I have people that I know downloading and uploading stuff to my computer/server for there backups and stuff like that, so that is an option i can not take. My question is: Is there a program that I can block his Ip from entering my computer, that is free? Please help me! Tag: different protocols thru double firewall Tag: 64001
  - 17
    - Blocking a domain from computer Is there ANY way that a specific domain can be blocked from accessing my computer? I have a firewall, but they still get thru. Right now they have 10 popunders that have invaded my computer, and the only way I can get rid of them is to shut down. They do not pop up when clicked. This is driving me CRAZY! HELP please. Tag: different protocols thru double firewall Tag: 63997
  - 18
    - Hotmail and Comcast - rejections? Hi, I should have received two payment notifications from Paypal sent to my Hotmail account, but neither have arrived. Payment notifications, although sent by Paypal, always have the email address of the person who made the payment in the From: field. Both of the ppl sending me money had @comcast.net email addresses...which leads me to believe that Hotmail is rejecting them without my knowledge... I know that the payments have been received - they are in my Paypal account.... Anyone have any knowledge of whether there's a problem with Hotmail and Comcast? Si. Tag: different protocols thru double firewall Tag: 63992
  - 19
    - spyware outcome my computer just messed up a couple of days ago and then as soon as i knew that it had spyware, i downloaded from AOL the spyware blocking thing but now is not letting me go into my documents, It says that "an error...bla,bla,bla" and the thing is that i cannot get rid of the folders that have all the spam, Why is this happening? Do i need to buy a program? and would my computer become normal again? what do i need to do in the first place? Tag: different protocols thru double firewall Tag: 63990
  - 20
    - Give user acces to regkeys Hello, Is there a way to give a user write access to a LOCAL_MACHINE regkey without making him local administrator? And if Yes, how could it be done? -- Jean Paul ------------------------------------------------------------------------------------- C# is Second finger high on the A Tag: different protocols thru double firewall Tag: 63988
  - 21
    - Solution to browsing to a Windows 2000 machine from a 98 machine I have found a workaround to that old age problem of browsing WIN2k from 98. I was running w2k as a ICS gateway with a 98 (first edition) client. Forget the internet, it is not important, the trouble I was having was getting Windows 98 to be able to browse through network beighbourhood. First I tried forcing 2k to be master browser through registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList (can be True, False or Auto) no joy then I started messing about with guest user, still no joy. Setting local security policy to allow enumeration without explicit access (or whatever it is called). This also did not help. I already had common users and passwords on both machines, so this also was not the problem. In the end I found that if you go on WIN98, networking properties, client for MS networks, and the advanced (or something) you can set Browse Master = True. I also went in to w2k above reg, and set it to FALSE. This way the 98 is master computer browser whatever and was able to browse! This also meant my gateway is not the master computer browser which is a bonus. Forget Stupid guest account. Lock down the enumeration setting in local security policy, and you can STILL browse and access your network HOOORAY! anyways, here is your basic checklist to this age old problem. 1 - Put common usernames and passwords for network access on both machines. 2 - Ensure that client for MS networks is there on both machines. (on Win98 make sure this is your default log on in the pull down list). (But please untick this on any connections that are directly on the internet like dial ups or Adsl Modems - you dont want to share out your files on the net (which is done by default on almost every connection I have ever seen - DUH MSFT)). 3 - On win98, go into the file and print sharing setting and tick both boxes to enable File and Print Sharing on that box, (this is not necessary to veiw shares on other pcs). 4 - On 98 machine go into advanced for client for MS networks and set Master Computer Broswer = True. 5 - Go onto w2k machine and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList = False. I think that is all you need. Any comments suggestions please post follow ups. Regards James Buttle ADDITIONAL NOTE *************** BTW for security... 1 always have a firewall on your internet connection 2 rename administrator account and have long passwords for all users 3 disable NetBIOS over IP under particular device in advanced, TCP/IP properties, advanced, WINS. 4 have an up to date antivirus package 5 run lavasoft adaware regularly 6 get all microsoft critical updates 7 Restrict anonymous access / enumeration under local policies, security options in local security policy. 8 Untick client for MSFT networks and File and print sharing for any internet connections such as ADSL modems, and dial ups. 9 Disable / kill / remove all guests and other useless accounts 10 If possible leave your computer off and sit in an underground bunker the rest of your days. Tag: different protocols thru double firewall Tag: 63986
  - 22
    - Can't use Exchange OWA form based authentication with Smartcard Hi, I run a pilot using Exchange OWA form based authentication and I have encountered the folowing problem; When I enable the "Require Smart card for interactive logon" setings for my domain users , I can no longer authenticate to Exchange OWA in form based authetication since ,obvoiusly, the password is now randomly set. The problem is that remote users may find themselves in Kiosks which do not have the option to use a smartcard. Please advice on workaround, solution , alternatives. TIA Gil Tag: different protocols thru double firewall Tag: 63985
  - 23
    - Certutil Hello Does anybody know if it is possible to list all user certificates of all user profiles who exists on an windows xp professional client machine? Is it possible with certutil.exe or does there exist an other tool or command? Does anybody know a complete documentation about certutil in one (1) document? I could imagine that there is no way to get all certificates because of security reasons --> private key configured exportable, e.g. But anyway, maybe someone knows a solution. Thanks a lot Christoph Tag: different protocols thru double firewall Tag: 63981
  - 24
    - Administering a microsoft enterprise ca 2003: filtering certificates Hello, Does anybody know a tool or a script to filter certificates on a issuing certification authority in a more comfortable way as the ca microsoft management console is able to? There is no way to fast and easy find all certificates of a certain user. Every time you want to know the certificates of a certain user you must manually add a new filter or search manually for the username. Thanks for every hint, Christoph Tag: different protocols thru double firewall Tag: 63980
  - 25
    - Spoof Billing From MSN I found two emails in my bulk mail inbox regarding my MSN account saying that my credit card number had been turned down and I could resolve the problem by contacting "MSN Suport" via the (spoof) link provided. I wanted to forward the two spoof billing emails to MSN as there are probably people out there who have received this and think it's legit, but does MSN care? Tag: different protocols thru double firewall Tag: 63977

My client develops software in-house, and is using a double-firewall where
internet browsers talk to webserver 1 on port 80, which forwards the http
request to webserver 2 on a different port via a firewall. Webserver 2
contains the application logic (webserver 1 is essentially just a proxy).
Webserver 2 may talk to application servers on the "LAN" through another
firewall.

Both these web servers are in DMZ and not part of a domain.

There is a perception that it is less secure for webserver 2 to communicate
with an application server on the LAN via HTTP (e.g. a web service), as
opposed to a different protocol from the one that the original request comes
in from the browser.

Is there any justification for this concern, or is this just "security by
obscurity"?
There is a tendency to prefer e.g. .NET remoting between the web server and
the app server instead of a web service - and I would to hear some opinions
if that preference is justified.

Top

RE: different protocols thru double firewall by SPidgornyMVP

SPidgornyMVP
Wed Nov 10 16:49:15 CST 2004

Architecting perimeter infrastructure is largely a matter of perception, so
there is no ultimate answer. In my opinion, the proposed protocol change in
the application zone gives little security benefit:

* If the public-facing server is compromised and owned by the intruder, she
will have access to the application server
* If the public-facing server does more than basic SSL reverse proxy, the
intruder will potentially be able to intercept sensitive information
including credentials sent to the application server regardless of the
protocol used (by modifying the code of the login web page, for example).
From that perspective, the public-facing server must be absolutely protected
and requires much quicker exposure response and thorough security review
* If the perimeter server is basic reverse proxy, that's pretty much the
same as exposing your ap server directly
* If your system management procedures (incl. security configuration,
intrusion detection and access control) will allow for a situation when an
intruder breaks through two layers of security, you have a bigger problem
than perimeter design.

The only thing you want to avoid is running the same application talking the
same protocol at each layer. The reason is obvious: if it's possible to fully
compromise a server with a certain exploit, the same exploit will be used to
penetrate further into your infrastructure. However, you must make a decision
about certain set of trusted infrastructure components. In the end, it's cost
vs. risk vs. functionality trade-off: I know many single-server
infrastructures that are secure because they're well-managed.

Sorry for the vague answer, but as I said there is no single answer.

Regards

S.

"richlm" wrote:

> My client develops software in-house, and is using a double-firewall where
> internet browsers talk to webserver 1 on port 80, which forwards the http
> request to webserver 2 on a different port via a firewall. Webserver 2
> contains the application logic (webserver 1 is essentially just a proxy).
> Webserver 2 may talk to application servers on the "LAN" through another
> firewall.
>
> Both these web servers are in DMZ and not part of a domain.
>
> There is a perception that it is less secure for webserver 2 to communicate
> with an application server on the LAN via HTTP (e.g. a web service), as
> opposed to a different protocol from the one that the original request comes
> in from the browser.
>
> Is there any justification for this concern, or is this just "security by
> obscurity"?
> There is a tendency to prefer e.g. .NET remoting between the web server and
> the app server instead of a web service - and I would to hear some opinions
> if that preference is justified.
>
>
>

Top