RE: [unisog] Re: Port 109 Mystery

From: Rob Shein (shotenat_private)
Date: Sun Mar 16 2003 - 18:11:27 PST

Next message: Jon Nelson: "Re: IRC DDoS bots"

Previous message: Andrew Bates: "Re: CodeRed Observations."
In reply to: Patrick R. Sweeney: "RE: [unisog] Re: Port 109 Mystery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A lot of them do replace it, however, particularly when biometrics are
implemented (BioLogon by Identix, for example, which replaces GINA to
provide the option of mandating non-password authentication to the exclusion
of specifying a user or password).

> -----Original Message-----
> From: Patrick R. Sweeney [mailto:patswat_private] 
> Sent: Saturday, March 15, 2003 1:35 PM
> To: 'David Moisan'; incidentsat_private
> Subject: RE: [unisog] Re: Port 109 Mystery
> 
> 
> For clarification, third-party GINAs don't normally replace 
> MSGINA.DLL. They are usually a separate file referenced in 
> the registry, e.g. NWGINA.DLL for netware's 32-bit client.
> 
> -----Original Message-----
> From: David Moisan [mailto:dmoisanat_private] 
> Sent: Thursday, March 13, 2003 11:21 PM
> To: incidentsat_private
> Subject: Re: [unisog] Re: Port 109 Mystery
> 
> 
> At 09:01 AM 3/13/2003 -0500, Buck Buchanan wrote:
> 
> >Since fport normally does not display the "\??\" prefix, I 
> am wondering
> 
> >if this might be a clue to how winlogon.exe was run.
> 
> Winlogon is a native process (as opposed to a Win32 process). 
>  It runs 
> early in the boot process.  As someone else noted, the path 
> you saw is normal.
> 
> It *does* have a DLL, MSGINA.DLL;  this gets the logon info 
> from the user 
> for Winlogon.  It's designed so that third-parties can use, say, a 
> biometric MSGINA in place of the usual prompt.
> 
> Next question is if it's possible for MSGINA to be co-opted?
> 
> "Inside Windows 2000" is the best investment any Windows 
> admin can make,
> 
> next to the RK.
> 
> Take care,
> 
> Dave
> 
> David Moisan, N1KGH   ARES/SKYWARN             dmoisanat_private
> Invisible Disability: 
> http://www1.shore.net/> ~dmoisan/invisible_disability.html
> 
> ATS-909 FAQ:  
> http://www1.shore.net/~dmoisan/faqs/sangean/ats909faq.html
> 
> 
> --------------------------------------------------------------
> ----------
> ----
> 
> <Pre>Lose another weekend managing your IDS?
> Take back your personal time.
> 15-day free trial of StillSecure Border Guard.</Pre>
> <A href="http://www.securityfocus.com/stillsecure">
> http://www.securityfocus.com/stillsecure </A>
> 
> 
> 
> --------------------------------------------------------------
> --------------
> 
> <Pre>Lose another weekend managing your IDS?
> Take back your personal time.
> 15-day free trial of StillSecure Border Guard.</Pre>
> <A href="http://www.securityfocus.com/stillsecure"> 
> http://www.securityfocus.com/stillsecure </A>
> 
> 


----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Jon Nelson: "Re: IRC DDoS bots"
Previous message: Andrew Bates: "Re: CodeRed Observations."
In reply to: Patrick R. Sweeney: "RE: [unisog] Re: Port 109 Mystery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 16 2003 - 21:53:11 PST