Re: Hacking sorted (OLD, Sorry)

From: Treker (treker@positron.net)
Date: 09/02/00


>
> I've been out of town vacationing in Florida for a while, so this reply
> is kinda long in coming...
>

> > a matter of time), As I'm sure of all here on the list will agree on,
> > "qwerty" is not a good password, neither is "barkerdog" or similar type
> > passwords. Make it a bit harder, switch some letters for digits, People
> > call this leet, but face it, what's fastest, breaking "barkerthedog" or
> > "b4r|<3R-|-h|)0g" ?
> >
>
> At work, we remotely grabbed the registry out of one of our NT
> servers, ran
> LophtCrack on it and in 30 minutes had 80% of the user's passwords.  The
> admin passwords were cracked within 18 hours.  Every password was cracked
> in 3 days.  And I did this from OUTSIDE our network with no knowledge of
> the admin passwords.  Of cource I am the network admin, so it was a test
> and not a hack :-) and can't be done anymore...

Well, you as the network admin should have disabled remote registry, gotten
the 128 bit encryption update, installed it, used SYSKEY, and then headed
over to NTBUGTRAQ.  But that's another story =P  I'm also an network admin,
although a young one, but that's the first thing I do on a new NT
workstation/server--secure it as best I can.

>
> > How to do this on a Windows machine? I have no idea :), though
> I've held a
> > Microsoft Certification, it has been invalidated with time, and much has
> > happend in that field (Or at least I hope something has :), so
> can't help
> > you there.
>
> Actually, Windows 2000 seems _somewhat_ secure when set up properly.  My
> solution was to put the MUD on a 192.168. address and have a port
> forwarding
> firewall that ONLY allows port 4000 to get to that machine.  You
> connect to
> the firewall on port 4000 and it transparently forwards the connection to
> the MUD machine on port 4000.  I use Linux kernel 4.2 with IPTables (not
> IPChains) to do this and it works beutifully.  I can also set up rules
> at the firewall to allow or block based on subnets and many other criteria
> to help keep DOS attacks from even reaching the MUD server.

Would it not be simpler to disallow connections on all ports through a
certain adapter except for port 4000?  Or to do it at the router?

>
> --
> "I didn't do it, nobody saw me do it, you can't prove a thing!"
>
>
>      +------------------------------------------------------------+
>      | Ensure that you have read the CircleMUD Mailing List FAQ:  |
>      |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
>      +------------------------------------------------------------+
>


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/11/01 PDT