Security Incidents mailing list archives

RE: [unisog] Re: Port 109 Mystery

From: "Rob Shein" <shoten () starpower net>
Date: Sun, 16 Mar 2003 21:11:27 -0500

A lot of them do replace it, however, particularly when biometrics are
implemented (BioLogon by Identix, for example, which replaces GINA to
provide the option of mandating non-password authentication to the exclusion
of specifying a user or password).

-----Original Message-----
From: Patrick R. Sweeney [mailto:patsw () attbi com] 
Sent: Saturday, March 15, 2003 1:35 PM
To: 'David Moisan'; incidents () securityfocus com
Subject: RE: [unisog] Re: Port 109 Mystery


For clarification, third-party GINAs don't normally replace 
MSGINA.DLL. They are usually a separate file referenced in 
the registry, e.g. NWGINA.DLL for netware's 32-bit client.

-----Original Message-----
From: David Moisan [mailto:dmoisan () davidmoisan org] 
Sent: Thursday, March 13, 2003 11:21 PM
To: incidents () securityfocus com
Subject: Re: [unisog] Re: Port 109 Mystery


At 09:01 AM 3/13/2003 -0500, Buck Buchanan wrote:

Since fport normally does not display the "\??\" prefix, I

am wondering

if this might be a clue to how winlogon.exe was run.


Winlogon is a native process (as opposed to a Win32 process). 
 It runs 
early in the boot process.  As someone else noted, the path 
you saw is normal.

It *does* have a DLL, MSGINA.DLL;  this gets the logon info 
from the user 
for Winlogon.  It's designed so that third-parties can use, say, a 
biometric MSGINA in place of the usual prompt.

Next question is if it's possible for MSGINA to be co-opted?

"Inside Windows 2000" is the best investment any Windows 
admin can make,

next to the RK.

Take care,

Dave

David Moisan, N1KGH   ARES/SKYWARN             dmoisan () davidmoisan org
Invisible Disability: 
http://www1.shore.net/> ~dmoisan/invisible_disability.html

ATS-909 FAQ:  
http://www1.shore.net/~dmoisan/faqs/sangean/ats909faq.html


--------------------------------------------------------------
----------
----

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";>
http://www.securityfocus.com/stillsecure </A>



--------------------------------------------------------------
--------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> 
http://www.securityfocus.com/stillsecure </A>



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

Current thread:

Re: [unisog] Re: Port 109 Mystery Buck Buchanan (Mar 13)
- Re: [unisog] Re: Port 109 Mystery Harlan Carvey (Mar 13)
- <Possible follow-ups>
- Re: [unisog] Re: Port 109 Mystery David Moisan (Mar 14)
  - RE: [unisog] Re: Port 109 Mystery Patrick R. Sweeney (Mar 16)
    - RE: [unisog] Re: Port 109 Mystery Rob Shein (Mar 16)