Tuesday, November 13, 2007

firewall-wizards Digest, Vol 19, Issue 10

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: FYI: DDOS services for sale... (Anton Chuvakin)
2. Re: FYI: DDOS services for sale... (ArkanoiD)
3. Re: NAT order help (kevin horvath)


----------------------------------------------------------------------

Message: 1
Date: Mon, 12 Nov 2007 20:46:03 -0500
From: "Anton Chuvakin" <anton@chuvakin.org>
Subject: Re: [fw-wiz] FYI: DDOS services for sale...
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<b2591e2e0711121746j62b88dd7k96397e384977c850@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

> I can't comment on how common this kind of advertising is,
> only that this is the first time I've seen it...

I got that too: http://chuvakin.blogspot.com/2007/10/russian-ddos-spam.html

Fun indeed ...

--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA

http://www.chuvakin.org

http://chuvakin.blogspot.com

http://www.info-secure.org


------------------------------

Message: 2
Date: Mon, 12 Nov 2007 20:39:43 +0300
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] FYI: DDOS services for sale...
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20071112173943.GA32221@eltex.net>
Content-Type: text/plain; charset=koi8-r

Actually they do get away with it regardless of targets. Unless they
do some "real world" errors.

Same applies to law enforcement. Actually here in Russia if you want
"K department" to get an offending person you likely to do all the
investigation by yourself and present them with the proof ;-)

On Mon, Nov 12, 2007 at 08:29:57AM -0800, Dave Null wrote:
> Sadly, unless they attack 'high profile' targets they pretty much do
> get away with it. I would hope that various law enforcement agencies
> would be concerned about people operating botnets that can number into
> the 500k+ range, but a lot of them still view the whole thing as geeky
> teenager shenanigans. This topic came up at a quarterly meeting I
> attend and an FBI agent sitting near me said openly 'Well, why don't
> contact us when these things happen' and that person was slammed with
> a battery of 'because you don't do anything, nor do you care'. The
> agent didn't agree with this assessment, but at the same time couldn't
> think of any cases where DDoSers had gotten nailed for hitting the
> 'little guys'. As they said in the movie Mega Force, deeds..not words.
>
> I think the biggest problem overall is that the botnet operators keep
> their bots in countries that either don't understand or don't care
> (and in a few cases, I wouldn't be surprised to find that their
> botnets are state sponsored). At that same meeting I attended there
> was a great presentation on botnets and the presenter explained the
> challenges and frustration of trying to find relevant agencies and
> helpful people to listen to his issues. However, he did come up with
> two good points I'll pass along.
>
> 1. Look for regional CERT organizations. They, since they are in the
> region and are computer security folks, will have a clue and will
> probably be able to point you to the correct law enforcement agency.
>
> 2. If you are American*, call that country's US embassy and ask to
> speak to the Security Director. Its the SD's job to be in touch with
> various local law enforcement. The presenter said he had great results
> talking to the regional SD on an issue
>
> *Basing that off his experience, not sure how other countries set up
> their embassies, but may work for you too. YMMV
>
> -noid
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com

>
>

------------------------------

Message: 3
Date: Tue, 13 Nov 2007 01:09:42 -0500
From: "kevin horvath" <kevin.horvath@gmail.com>
Subject: Re: [fw-wiz] NAT order help
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<5c41be6e0711122209s389fa4bay8c70dbbd8468fafa@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

to clarify,

Traffic initiated from the inside (10 net) will map to itself
(identity nat), unless it is tcp traffic destined for 1.1.1.1 then it
will map to 1.1.1.2.

Traffic initiated from the outside to the inside will not matter since
this is where there is no overlapping as the above scenario. Here
traffic destined for 10.x will be translated to itself. The policy
nat in this scenario does not allow traffic initiated from a lower
security interface to a higher security interface as it can only be
done via nat exemption, identity nat, or static nat/pat. I think this
is where the confusion was. Only local traffic can be translated with
Policy NAT (thanks for catching my typo above) not global.

hope this clarifies things.

Kevin

> >
> > >
> > > On 11/6/07, sivakumar <siva_itech@yahoo.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > access-list rule1 permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1
> > > >
> > > > static(inside,ouside) 1.1.1.2 access-list rule1 0 0
> > > > static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
> > > >
> > > > Please tell me which statement will take precedence - policy NAT ot Static
> > > > NAT..
> > > >
> > > > --
> > > > View this message in context: http://www.nabble.com/NAT-order-help-tf4737610.html#a13548213
> > > > Sent from the Firewall Wizards mailing list archive at Nabble.com.
> > > >
> > > > _______________________________________________
> > > > firewall-wizards mailing list
> > > > firewall-wizards@listserv.icsalabs.com
> > > > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> > > >
> > >
> > >
> > > --
> > > Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
> > >

http://www.algosec.com
> > > ******* Firewall Management Made Smarter ******
> > > _______________________________________________
> > > firewall-wizards mailing list
> > > firewall-wizards@listserv.icsalabs.com
> > > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> > >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
>
>
> --
> Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
>

http://www.algosec.com
> ******* Firewall Management Made Smarter ******
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 19, Issue 10
************************************************

at

No comments:

Post a Comment