Security Incidents mailing list archives
RE: [unisog] Re: Port 109 Mystery
From: "Rob Shein" <shoten () starpower net>
Date: Sun, 16 Mar 2003 21:11:27 -0500
A lot of them do replace it, however, particularly when biometrics are implemented (BioLogon by Identix, for example, which replaces GINA to provide the option of mandating non-password authentication to the exclusion of specifying a user or password).
-----Original Message----- From: Patrick R. Sweeney [mailto:patsw () attbi com] Sent: Saturday, March 15, 2003 1:35 PM To: 'David Moisan'; incidents () securityfocus com Subject: RE: [unisog] Re: Port 109 Mystery For clarification, third-party GINAs don't normally replace MSGINA.DLL. They are usually a separate file referenced in the registry, e.g. NWGINA.DLL for netware's 32-bit client. -----Original Message----- From: David Moisan [mailto:dmoisan () davidmoisan org] Sent: Thursday, March 13, 2003 11:21 PM To: incidents () securityfocus com Subject: Re: [unisog] Re: Port 109 Mystery At 09:01 AM 3/13/2003 -0500, Buck Buchanan wrote:Since fport normally does not display the "\??\" prefix, Iam wonderingif this might be a clue to how winlogon.exe was run.Winlogon is a native process (as opposed to a Win32 process). It runs early in the boot process. As someone else noted, the path you saw is normal. It *does* have a DLL, MSGINA.DLL; this gets the logon info from the user for Winlogon. It's designed so that third-parties can use, say, a biometric MSGINA in place of the usual prompt. Next question is if it's possible for MSGINA to be co-opted? "Inside Windows 2000" is the best investment any Windows admin can make, next to the RK. Take care, Dave David Moisan, N1KGH ARES/SKYWARN dmoisan () davidmoisan org Invisible Disability: http://www1.shore.net/> ~dmoisan/invisible_disability.html ATS-909 FAQ: http://www1.shore.net/~dmoisan/faqs/sangean/ats909faq.html -------------------------------------------------------------- ---------- ---- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> -------------------------------------------------------------- -------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Re: [unisog] Re: Port 109 Mystery Buck Buchanan (Mar 13)
- Re: [unisog] Re: Port 109 Mystery Harlan Carvey (Mar 13)
- <Possible follow-ups>
- Re: [unisog] Re: Port 109 Mystery David Moisan (Mar 14)
- RE: [unisog] Re: Port 109 Mystery Patrick R. Sweeney (Mar 16)
- RE: [unisog] Re: Port 109 Mystery Rob Shein (Mar 16)
- RE: [unisog] Re: Port 109 Mystery Patrick R. Sweeney (Mar 16)