Re: Hack / take down new WindowsXP beta server

From: Chris Tobkin (tobkinat_private)
Date: Mon Apr 16 2001 - 15:00:41 PDT

Next message: Pavel Kankovsky: "Re: Looking for exploits [command line exploits]"

Previous message: Attonbitus Deus: "Re: Security Issues ... NT vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI, www.isaserver.org isn't owned or run by Microsoft.


   Organization:
      GFI
      Nick Galea
      Triq il mediterran
      San Gwann, MT SGN07
      MT
      Phone: 356382418
      Fax..: 356382419
      Email: ngaleaat_private

   Registrar Name....: Register.com
   Registrar Whois...: whois.register.com
   Registrar Homepage: http://www.register.com

   Domain Name: ISASERVER.ORG

      Created on..............: Mon, Jun 12, 2000
      Expires on..............: Tue, Jun 12, 2001
      Record last updated on..: Mon, Dec 04, 2000

   Administrative Contact:
      GFI
      Nick Galea
      Triq il mediterran
      San Gwann, MT SGN07
      MT
      Phone: 356382418
      Fax..: 356382419
      Email: ngaleaat_private

   Technical Contact, Zone Contact:
      Register.Com
      Domain Registrar
      575 8th Avenue - 11th Floor
      New York, NY 10018
      US
      Phone: 212-798-9200
      Fax..: 212-629-9305
      Email: domain-registrarat_private

   Domain servers in listed order:

   SERVER1.GFI.COM                                   216.110.36.49
   GFIFAX.DE                                         195.185.223.226

Checking this should have been a no-brainer.. H.D., you're slipping!  

// Chris
tobkinat_private


-----Original Message-----
From: H D Moore [mailto:hdmat_private]
Sent: Sunday, April 15, 2001 1:45 AM
To: VULN-DEVat_private
Subject: Re: Hack / take down new WindowsXP beta server


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First things first. www.isaserver.org is run on Apache, a somewhat old
version with some serious security issues. You would think that
Microsoft
would trust thier own products to run thier web sites, maybe they know
better.  Next, the server is running the Ultimate Bulletin Board
software,
which provides multiple entry points for an attacker to gain access to
the
system. Please note that I found all of this just by browsing the web
site
and did not attempt to gain access or even probe the system.

The hammer dropped all right, I think it hit your toe.

- -HD



On Saturday 14 April 2001 07:37 pm, Peter Meister wrote:
> And the HAMMER IS DROPPED...Very good response, Enterprise Edition
holds
> the ICSA Cache Firewall # 1 status as of today...And is being used by
> many large Fortune 100's as a frontline Enterprise Firewall...XP uses
a
> slimmed but no less effective version of ISA for its
Firewall....enabled
> at the NIC it can protect a home user or Corporate user connecting
> outside of corporate Infrastructure from most types of
> infiltration....Now if we go into the ISS module in ISA which focuses
on
> IDS and all the plugins and corporate 3rd party vendors support behind
> it I would say ISA has quite a good chance at succeeding and competing
> heavily against the other Tier 1 Firewall in the Industry today...
>
> You should checkout http://www.isaserver.org and READ UP MY FRIED..
>
> Also... http://www.microsoft.com/isa/
>
> Don't pop off until you've done your Homework!!!

Or used a spell checker...

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOtlDYDwRvqMPEDLhEQJxTQCfT8nqsDvRBgegpgbniO48+OdfpMQAoMY+
JhKQCdoJWihwq9hDa9NTwBIp
=lKwZ
-----END PGP SIGNATURE-----

Next message: Pavel Kankovsky: "Re: Looking for exploits [command line exploits]"
Previous message: Attonbitus Deus: "Re: Security Issues ... NT vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 00:43:21 PDT