Sherlock 663 Posted August 18, 2020 With so many computers lying around, why is there no room for one with a correctly setup iptables and transparent squid(guard) with updating black lists? Better yet, IPCop + Squid? Windows is simply not safe to be directly connected to the Internet, no matter how much you fiddle around with its security settings. Seriously! Share this post Link to post
aehimself 396 Posted August 20, 2020 On 8/17/2020 at 9:12 AM, Kas Ob. said: there is no attack happen before a ping ! Sligthly offtopic. Really? Never heard of this "pattern" so far. Also seems a bit strange. Most of the network devices block ICMP requests by default, aborting all malicious attempt. Or am I missing something? P.s.: This question lacks sarcasm, irony and whatsoever. I am genuinely interested in this topic but my knowledge is limited, unfortunately. Share this post Link to post
aehimself 396 Posted August 20, 2020 On 8/17/2020 at 4:19 PM, Clément said: How this fellow managed to create a local user in my machine through RDP is beyond me. Sounds like a backdoor. If the code is already running on your system, it can do anything as most of us have UAC turned off I presume. This is one more thing very charming about Linux. To be honest, Delphi IDE and my VCL applications are the ones keeping me on Windows. No virtualbox, no home-devserver in my case would catch up with the speed I desire. I almost had Delphi 10.2 running with Wine. Basic "Memo1.Lines.Add" things worked, but anything more complicated made everything go boom 😞 Share this post Link to post
Guest Posted August 21, 2020 10 hours ago, aehimself said: Sligthly offtopic. Really? Never heard of this "pattern" so far. Also seems a bit strange. Most of the network devices block ICMP requests by default, aborting all malicious attempt. Or am I missing something? P.s.: This question lacks sarcasm, irony and whatsoever. I am genuinely interested in this topic but my knowledge is limited, unfortunately. ICMP, this is a debatable subject but you can read about it but here an example and it is nice https://blog.securityevaluators.com/icmp-the-good-the-bad-and-the-ugly-130413e56030 Notice in that article it all the advantage from blocking ICMP is useless when the same attacks initiated using different protocol, so what is the point of blocking ICMP when the attacker can achieve the same with TCP,UDP... ? I don't block ICMP, on contrary ICMP attacks ( flood , redirect ..) had the smallest impact in comparison to any other, and on other hand , i maintain a mechanism to detect servers sees each others and their problem, so TCP,UDP and ICMP is used between servers to check online status and report, TCP has Nagle algorithm which i do not disable for this particular usage, and UDP is used to compare with TCP ping time, but both are level 7 so if things went south, then something happening on OS or my software, then ICMP is been used to detect if something level 3 is went wrong. lower than that is not recommended as it might flag it for the host company security software and block it, (i learned my own lesson with that) For more information, as you look interested, i will give you few keywords to search and research. "Kali Linux" this one is very useful and i recommend to be familiar with, there is many resources about what it does take an example this https://www.youtube.com/c/DavidBombal/search?query=kali , that channel is nice and the guy does explain things slow and in details ( also not in much details as he have paid course) but it is fun to know using Kali and fun with friends in the same time. "Osi layers X attacks " It is imperative to understand the communications layers https://en.wikipedia.org/wiki/OSI_model most attacks happen on layer 7, 5 ,2 and the lower the worse. for a list of the protocols by layer https://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model) Why i use Ping to detect attacks and their origin, because most what call them hackers, are in fact just using scripts and tools built by real hackers, and many of those real hackers leave hints, like fingerprints and patterns deliberately in that script, those scripts and tools are not easy to modify or understand by non-expert, they in most time need to see if the target is still online, the easiest way to decide is ping it. "nmap scan host" Even smaller/lighter tools like https://nmap.org/ has many usages, can scan a completely blocked host by its firewall and report the OS type and may be even the version of the system without one open port, (try it for your self), most likely will detect the system with no open ports at all. https://nmap.org/book/man-os-detection.html The real deal is the following two, but those are depends mostly on what has been already discovered from security holes on almost every security hole on public domain, but still it is nice to be familiar with, but this is not easy to setup and run, used them in the past for long time, currently i don't use them, i do things my way.https://www.metasploit.com/ https://www.rapid7.com/products/nexpose/ So read and get familiar with the above stuff, stop when you thing that is enough knowledge to have, and if you feel that something is still unclear then read more, As for ICMP, i don't recommend to block it, but it is up to you. Share this post Link to post
Clément 148 Posted August 25, 2020 (edited) Hi, I'm still looking for the styles... I found this link, they are free, and yet nowhere to be found.. Shouldn't they be included in 10.4? I installed 10.2 and 10.3. The styles are not there ... They should be a free download in the getit manager... https://community.embarcadero.com/article/16642-getit-october-2018 Edited August 25, 2020 by Clément Share this post Link to post
aehimself 396 Posted August 27, 2020 On 8/21/2020 at 10:05 AM, Kas Ob. said: ICMP, this is a debatable subject but you can read about it but here an example and it is nice https://blog.securityevaluators.com/icmp-the-good-the-bad-and-the-ugly-130413e56030 Nice article, it's always good to learn something new! On 8/21/2020 at 10:05 AM, Kas Ob. said: Notice in that article it all the advantage from blocking ICMP is useless when the same attacks initiated using different protocol, so what is the point of blocking ICMP when the attacker can achieve the same with TCP,UDP... ? What I meant is that - according to what you said - "No attack happens before a ping". I translated that as - if there's no reply, most hackers won't even bother with other ports as they will consider the target unreachable. On 8/21/2020 at 10:05 AM, Kas Ob. said: "Kali Linux" this one is very useful and i recommend to be familiar with, there is many resources about what it does take an example this https://www.youtube.com/c/DavidBombal/search?query=kali , that channel is nice and the guy does explain things slow and in details ( also not in much details as he have paid course) but it is fun to know using Kali and fun with friends in the same time. Know about it but never got further than installing it. When I had some free time I really wanted to do a scan of my home network to see what can be improved from security perspective. On 8/21/2020 at 10:05 AM, Kas Ob. said: "nmap scan host" Even smaller/lighter tools like https://nmap.org/ has many usages, can scan a completely blocked host by its firewall and report the OS type and may be even the version of the system without one open port, (try it for your self), most likely will detect the system with no open ports at all. https://nmap.org/book/man-os-detection.html Now we are talking! This looks absolutely terrific and terrifying at the same time. Just like human presence on the Internet. People can always know more about you than you want them to, especially if they know where to look! On 8/21/2020 at 10:05 AM, Kas Ob. said: The real deal is the following two, but those are depends mostly on what has been already discovered from security holes on almost every security hole on public domain, but still it is nice to be familiar with, but this is not easy to setup and run, used them in the past for long time, currently i don't use them, i do things my way.https://www.metasploit.com/ https://www.rapid7.com/products/nexpose/ I am a bit afraid of these stuff. I mean, real hacks were performed with Metasploit, it just sounds too "dark web"-ish just to satisfy one's childish interest in the topic. Ethical hacking is still hacking and noone will know your purpose once you start collecting tools to fool around. I guess I'll have an other look on Kali Linux. That seems to be a more... ethical choice for someone like me 🙂 Anyway thank you for the resources. It's not only a hint on how to make our environment safer but what protection we can or should implement in the software we write! P.s.: it just hit me.... isn't metasploit a part of Kali...? Share this post Link to post