PaulDotCom Security Weekly - Episode 36 - July 14, 2006
Live from the PaulDotCom Security Weekly Studio....
This episode was also broadcast over our Icecast server. Details will be announced in our IRC chatroom #pauldotcom on Freenode (irc.freenode.net) and on the PaulDotcom blog.
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- Sponsored by The SANS Institute, listen to the discount code for SANSFIRE this summer for 5% off this conference
- Please go update our frapper map!
- Full Show Notes
Hosts: Larry Pesce, Paul Asadoorian
Email: psw@pauldotcom.com
Direct Audio Download
No Video This Week, we are working on the next episode, hoping for a July release.
Comments
Answer to the syngres question:
Use host(1) or dig(1)
With dig, you request a record of type AXFR or IXFR for full or incremental transfer. For host, you use the -l option to perform the AXFR query. Results with each tool below (yes, I configured bind for the first time so I could get this example):
[ithilien:~] durin% dig @localhost example.org AXFR [07/16/06 3:13PM]
;; Connection to ::1#53(::1) for example.org failed: connection refused.
; > DiG 9.3.2 > @localhost example.org AXFR
; (2 servers found)
;; global options: printcmd
example.org. 3600 IN SOA ns1.example.org. admin.example.org. 2006051501 10800 3600 604800 86400
example.org. 3600 IN NS ns1.example.org.
example.org. 3600 IN NS ns2.example.org.
example.org. 3600 IN MX 10 mx.example.org.
example.org. 3600 IN MX 20 mail.example.org.
example.org. 3600 IN A 192.168.1.1
localhost.example.org. 3600 IN A 127.0.0.1
mail.example.org. 3600 IN A 192.168.1.5
mx.example.org. 3600 IN A 192.168.1.4
ns1.example.org. 3600 IN A 192.168.1.2
ns2.example.org. 3600 IN A 192.168.1.3
www.example.org. 3600 IN CNAME example.org.
example.org. 3600 IN SOA ns1.example.org. admin.example.org. 2006051501 10800 3600 604800 86400
;; Query time: 20 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 16 15:13:23 2006
;; XFR size: 13 records (messages 1)
[ithilien:~] durin% host -l example.org localhost [07/16/06 3:13PM]
;; Connection to ::1#53(::1) for example.org failed: connection refused.
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
example.org name server ns1.example.org.
example.org name server ns2.example.org.
example.org has address 192.168.1.1
localhost.example.org has address 127.0.0.1
mail.example.org has address 192.168.1.5
mx.example.org has address 192.168.1.4
ns1.example.org has address 192.168.1.2
ns2.example.org has address 192.168.1.3
Posted by: Augie Fackler | July 16, 2006 03:29 PM
FYI, EAP-TLS doesn't require a client under windows XP to connect. I used the following article to configure my laptop to work w/my home EAP-TLS setup when it's running windows:
http://www.linuxjournal.com/article/8151
-j
Posted by: j | July 17, 2006 10:51 AM
Richard Bejtlich is right when saying that the internal threat is lower than the external threat, in terms of the amount of attacks. However, the current Risk from internal threats is perhaps bigger than external, because we still have too few countermeasures against these attacks and they can bring much more impact.
[PaulDotCom - Couldn't agree more.]
Posted by: Augusto Paes de Barros | July 18, 2006 09:03 AM
The configureable appliances that you could not remember the name of is Soekris with OpenBSD:
http://www.soekris.com/
http://www.openbsd.org
Axton
Posted by: Axton Grams | July 29, 2006 10:13 AM