If it’s about security, you heard it here first
tunneling through hotspot firewall
Posted by Daniel Gultsch on Apr 22
Hey guys,
this is my first posting on this mailling list. I kinda hope this is the right place. However lets get to the point.
Suppose I’d have an unencrypted wireless lan with an dhcp server and a router integreted [...]
Twitter Packet Challenge Solution, (Sat, Apr 18th)
Yesterday, I posted the packet below as my twitter feed to see how the packet skills are among my followers (my twitter feed is also replicated to Facebook). Anyway. Here the solution. I came across this packet while playing with scapy6 being bored on a plane. I was doing [...]
RE: Securing RDP – Is it possible?
Posted by Craig S. Wright on Apr 15
Changing the default port adds obscurity and not security.
Next, SSL will help with TLS fully enabled – this is client side certificates, but these are rarely used.
Otherwise, SSL is just a dark tunnel, it helps [...]
Watch your Internet routers!, (Mon, Mar 30th)
ISC reader Nick contacted us to share information about an Internet router at his workplace that got hacked this weekend. There’s several nuggets to learn from in this story, so here goes. 3/28/2009 8:34:02 Authen OK test
[...]
CVE-2009-0635 (ios)
Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0635
CVE-2009-0629 (ios, ios_s, ios_t, ios_xr)
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), [...]
Cisco IOS cTCP Denial of Service Vulnerability
A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released free software updates that address this vulnerability. No workarounds are available; however, the [...]
[tool] Webtunnel 0.0.5
Posted by Janos Szatmary on Mar 17
I’d like to announce the release of Webtunnel 0.0.5, available at sourceforge.net/projects/webtunnel .
WHAT’S NEW
2009/03/17
Added support for proxy auto-configuration Fixed a bug that would cause a keep-alive timeout to…
URL: http://seclists.org/pen-test/2009/Mar/0099.html
Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
URL: http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml
Threat Expert