Blue Team Tactics

[NSweaney at tulsacash.com (Nathan Sweaney)]

Better yet:

Route add <att.ack.ers.ip> mask 255.255.255.255 <att.ack.ers.ip>

Agent deployed.... oh wait...



--------------------------------------------------------------------------

Nathan Sweaney | Security Specialist - GPEN,GWAPT
Tulsa Cash Register / Bottom Line Solutions
918.294.1777 x 311 | 918.307.2071 | mailto:NSweaney at tulsacash.com
http://www.tulsacash.com/


 Serving Oklahoma for 51 years.

Main Number 24 Hour Customer Support Line: 918.294.1777 (Follow Prompts)

Notice: This E-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 
??2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby 
notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. 
Please reply to the sender that you have received the message in error, then delete it. Thank you.
Please consider the environment before printing this email.
 
-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Dave Hull
Sent: Wednesday, August 05, 2009 10:48 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Blue Team Tactics

On Sat, Aug 1, 2009 at 9:30 AM, John Strand<strandjs at gmail.com> wrote:
> [snip]
>
> Now I want you to focus on the CLI and the built-in tools you get with
a
> Windows or Linux system.

How about the route command for null routing the attackers IP
address(es)?

route add <att.ack.ers.ip> mask 255.255.255.255 127.0.0.1

I'm not a CTF player (yet), but off the top of my head for native
tools on Windows -- netstat, tasklist, route, net, wmic...
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com