Penetration Testing mailing list archives
Re: [PEN-TEST] Black ICE
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Fri, 8 Sep 2000 12:59:35 -0700
BlackIce insecurities. Note: I have not thoroughly tested these, so please forgive me if they are inaccurate. It appears the clients don't block ICMP traffic with a default trusted mode installation. It's also rumored that port 113 is not filtered either, so tcp/udp attacks can sneak in their. The older Icecap server (not sure about the new one) uses basic http authentication. In a test on (unamed for privacy) I managed to brute force an account on the ICECAP server, then I logged in and switched my UID to 1000 via a cgi vuln (ICEMAN admin) there for gaining total access of the server. I notified a member of NetworkIce and I imagine this will not be possible again. I reviewed several firewall clients for use, we decided on BlackIce. The packet sniffing engine is ingenious! Riley Hassell Network Security Speakeasy Network Phone : 206-728-9770x151 Email : riley () speakeasy net On Fri, 8 Sep 2000, Talisker wrote:
Bill I have info on BlackIce Defender, BlackIce Sentry on my web site below, There are also plans to launch a network vulnerability scanner called IceScanner, also worth a look is IceAgent which is the corporate version of defender, I haven't put that up yet. Andy http://www.networkintrusion.co.uk/ Listing all known commercial IDS ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. ----- Original Message ----- From: "Bill Casti (System Admin)" <help () QUALITY ORG> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Thursday, September 07, 2000 10:18 PM Subject: Re: [PEN-TEST] Black ICEAnyone tell me more about Black ICE, what it is and where to get some detailed information? Thanks. Bill============================================================================ =Bill Casti, CQA Email:help () quality org- Domain Owner, QUALITY.ORG Pager: +1 800 6046149- List Moderator, "TQM in Manufacturing and Service Industries" -----------------------------------------------------------------------------Self-service list subscription service atwww.quality.org/cgi-bin/majordomoSee http://www.quality.org/lists/lists_at_quality.org.html for the List of Lists supported at QUALITY.ORG============================================================================ =
Current thread:
- Re: [PEN-TEST] Black ICE Bill Casti (System Admin) (Sep 07)
- Re: [PEN-TEST] Black ICE Talisker (Sep 08)
- Re: [PEN-TEST] Black ICE Riley Hassell (Sep 08)
- Re: [PEN-TEST] Black ICE Riley Hassell (Sep 08)
- Re: [PEN-TEST] Black ICE Sean Boran (Sep 08)
- Re: [PEN-TEST] Black ICE Erik Tayler (Sep 08)
- Re: [PEN-TEST] Black ICE Talisker (Sep 08)
- Re: [PEN-TEST] Black ICE Teicher, Mark (Sep 08)
- Re: [PEN-TEST] Black ICE Talisker (Sep 08)
- Re: [PEN-TEST] Black ICE pwbit (Sep 08)
- Re: [PEN-TEST] Black ICE pwbit (Sep 09)
- <Possible follow-ups>
- Re: [PEN-TEST] Black ICE Lashley, Bryan (Sep 08)
- Re: [PEN-TEST] Black ICE Ryan Meglathery (Sep 08)
- [PEN-TEST] Network Access Device Scanning Teicher, Mark (Sep 08)
- Re: [PEN-TEST] Black ICE Talisker (Sep 08)