Snarf those CDP packets….

April 30, 2008

Once again I find a nifty tool via Darknet. CDPSnarf lets you passively capture CDP packets and see the yummy goodness inside.

For those who don’t know, CDP stands for Cisco Discovery Protocol.  It can be used to discover information about neighboring devices.  For example, if I am on a Cisco router that has several interfaces and I want to know what is connected on each interface, I can execute ‘show cdp neighbors detail.’ This lovely command will tell me all about those neighboring devices with the following caveats:

  1. The devices are Cisco devices.
  2. CDP is enabled

Here is a good overview of CDP.

As the saying goes, “Knowledge is power.” The more we know about the target network, the easier it is to get past the crunchy outer shell and snack on the chewy center.

Kevin

Advertisements

Interesting Bits – April 30th, 2008

April 30, 2008

Howdy everybody. Once again we have some really good stuff that has been put out on the Intarweb in the last 24 hours or so. So here we go:

Pricing Consulting Services > davidmaister.com > Passion, People and Principles

Seed Racing « Neohapsis Labs

CERT on Securing your web browser | tssci security

An update on Protocol hopping covert channels | tssci security

IT Security: The view from here: nihaorr1 attack explained

Up or Out: Solving the IT Turnover Crisis – The Daily WTF

Best Practices For DLP Content Discovery: Part 4 | securosis.com

Best Practices for DLP Content Discovery: Part 5 | securosis.com

Security Thoughts: Because Hackers Don’t Care… (Why Metrics Don’t Work)

Matasano Chargen » Retsaot is Toaster, Reversed: Quick ‘n Dirty Firmware Reversing

Rational Survivability: Clouding the Issue: Separating “Securing Virtualization” from “Virtualizing Security”

Security Is Simple: Only Use Perfect Software : UAC: Desert Topping, or Floor Wax?

Rational Survivability: All Your Virtualized PCI Compliance Are Belong To Us…

Wireless modem considerations – Malta Info Security

Thoughts of a Technocrat: Humor: CIA Coffee Mug

There ya go. Have fun and have a great day!

Kevin


High School IT-Adventures Cyber Defense Competition

April 29, 2008

A few weeks ago I wrote about participating in Cyber Defense Competitions as a Red Team member. This weekend I had the opportunity to do so again. This time with a bunch of High School students.High School

This weekend was the annual IT Olympics event that is put on by Iowa State. The event is an opportunity for the High School students who participate in the IT-Adventures program to get together and compete. There are three competitions:

  1. Robotics
  2. Game Design
  3. Cyber Defense Competition

While the robotics and game design competitions were very interesting, I was there for the CDC.  The Red Team didn’t actually get to start attacking until Saturday morning, so I volunteered to show up on Friday and help the students with anything they might need during the setup period.  These kids are amazing.

Twenty-fourish teams showed up and we had about 20 Red Team members. In my previous post I mentioned three ways in which you can provide value to the students when participating in this type of event:

  1. Keep good notes
  2. Write down remedies
  3. Attend the debrief

I am happy to say that we accomplished all three goals.  Probably the best decision made was to setup a Wiki with pages for each team where we could all keep notes as the contest progressed.  These notes then became the outline for our talks with the teams in the debrief.

If you have never had the opportunity to work with kids that are interested in IT, I highly recommend you find a way to do so.  It is truly a rewarding experience.

Kevin


Interesting Bits – April 29th, 2008

April 29, 2008

Good morning. Another busy day in the blogosphere. We have another good batch of interesting missives today.

Risk and Understanding All the Variables « Neohapsis Labs

spylogic.net – New versions of fgdump and pwdump released

Risk Management and Car Talk | securosis.com

iPhone Security Tip: Never Memorize Wireless Networks | securosis.com

Robert Penz Blog » Plausibility checks

Gin, Television, and Social Surplus – Here Comes Everybody

P2P Security Study Released – Realtime IT Compliance

TippingPoint | DVLabs | Owning Kraken Zombies, a Detailed Dissection

Napera Networks » 1st Pacific Rim Regional Collegiate Cyber Defense Competition

Hack in the Box: Dubai | Infosec Events

Black Hat Europe 2008 | Infosec Events

Random Thoughts from Joel’s World: Focus

PDF, Let Me Count the Ways… « Didier Stevens

Security Thoughts: Security Catalyst Forums

Service Level Automation in the Datacenter: Yahoo goes Social with Paas Offering

Security x.0 – 2FA is dead

Coding Horror: Programmers

Don’t Read Books — But You Should

Intentional Security Blindness | BlogInfoSec.com

Yup, a bunch of stuff. Happy reading and have a great day!

Kevin


Interesting Bits – April 28th, 2008

April 28, 2008

I was away for a couple days, so the list today is a bit longer. Some good stuff though:

Visit to the Workshop: A Do It Yourself Identity Management Solution (IdM)

Blunt Instruments

Web 2.0 and “Defense in Depth”

Whose Risk?

Was the LendingTree Insider Data Breach Avoidable?

Be careful with what you leave behind

5 Security Metrics That Matter

Cloud Stacks: Please Mind The Gap

Spear Phishing with Better Business Bureau complaints

What Was Your Epiphany?<

12 Signs that Your Company is Already in the Cloud

Wireless Scanning

Dissecting the Automatic Patch-Based Exploit Generator

10 Myths About Life As An IT Security Professional

My Webapplication Firewall.

Have a great day!

Kevin


Interesting Bits – April 24th, 2008

April 24, 2008

Good Morning/Afternoon/Evening depending on where you are or when you read this. Another day full on interesting bits on the intarwebs.

http://www.liquidmatrix.org/blog/2008/04/23/its-a-hump-day-miracle/ – Dave Lewis talks about the difference between the reality of work as a CISO compared to the work of the average 9-5er. He is interested in your feedback.

Vladuz goes down. A case study for corporate activism
– Richard Stiennon talks about cross jurisdictional cooperation between law enforcement agencies and companies.

My Information Security and Privacy Convergence Webcast Now Available – Realtime IT Compliance – Rebbecca Harold did a webcast for ISSA that is now available.

Security4all: The dangers of Web 2.0: information gathering tactics 101 – Benny Ketelslegers has a post up about the information we leave behind as we interact on the web. He points to a tool called maltego which can help you see what is out there.

Data Classification Is Dead – rmogull has put forth an interesting perspective on Data Classification.

Vulnerability notifications? – Keels Leune talks about customer notification when no verifiable breach has occurred and if it is warranted.

How to audit an Internet Facing Server with Nessus – The folks over at Tenable have some guidance on using Nessus to audit and Internet facing server.

Darknet points us to a nifty tool called Pash-the-Hash that allows us change our credentials in memory.

That’s it for now.  Have a great morning/afternoon/evening.

Kevin


Interesting Bits – April 23rd, 2008

April 23, 2008

Lot’s if interesting stuff today. So here we go:

CNN.Com, Politically Motivated DDoS, and Asymmetric Warfare – A very insightful look at cybercrime and asymmetrical warefare.

Navigating the PCI DSS Standards… – Rafal Los has a good overview of the PCI update to 6.6.

New Phishing Scam Targetting Economic Stimulus Payments – mxlogic has a post about a new phishing scam.

5 Reasons Why IT Security People Shouldn’t Ignore Cloud Computing – Craig Balding tells us 5 reasons we should be paying attention to cloud computing now.

A little judicial oversight please – Martin McKeay has a good post about privacy and the need for enforcement agencies to have access to information, but with appropriate judicial oversight.

Information Week’s Virtual NAC Tradeshow – Jennifer Jabbusch points out that there is an virtual trade show being delivered by Information Week. If she recommends it, you should go check it out.

Logs – A double-edged sword? Beating PCI Fines by bad security practices? -Declan Ingram gives and interesting and potentially worrisome issue with logs and PCI fines.

How to Make Security a Presence in Your Organization – Frank Cassano has some good tips on how to increase the impact of you security awareness program.