Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Black ICE
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Fri, 8 Sep 2000 12:59:35 -0700

BlackIce insecurities.
Note: I have not thoroughly tested these, so please forgive me
if they are inaccurate.

It appears the clients don't block ICMP traffic with a default
trusted mode installation.

It's also rumored that port 113 is not filtered either, so tcp/udp
attacks can sneak in their.

The older Icecap server (not sure about the new one) uses basic http
authentication. In a test on  (unamed for privacy) I managed to brute
force an account on the ICECAP server, then I logged in and switched
my UID to 1000 via a cgi vuln (ICEMAN admin) there for gaining total
access of the server.

I notified a member of NetworkIce and I imagine this will not be possible
again.


I reviewed several firewall clients for use, we decided on BlackIce.

The packet sniffing engine is ingenious!


  Riley Hassell
  Network Security
  Speakeasy Network
  Phone : 206-728-9770x151
  Email : riley () speakeasy net


On Fri, 8 Sep 2000, Talisker wrote:

Bill

I have info on BlackIce Defender, BlackIce Sentry on my web site below,
There are also plans to launch a network vulnerability scanner called
IceScanner, also worth a look is IceAgent which is the corporate version of
defender, I haven't put that up yet.

Andy


http://www.networkintrusion.co.uk/
 Listing all known commercial IDS
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "Bill Casti (System Admin)" <help () QUALITY ORG>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, September 07, 2000 10:18 PM
Subject: Re: [PEN-TEST] Black ICE


Anyone tell me more about Black ICE, what it is and where to get some
detailed information?

Thanks.
Bill


============================================================================
=
 Bill Casti, CQA                                     Email:
help () quality org
 - Domain Owner, QUALITY.ORG                         Pager: +1 800 604
6149
 - List Moderator, "TQM in Manufacturing and Service Industries"
--------------------------------------------------------------------------
---
 Self-service list subscription service at
www.quality.org/cgi-bin/majordomo
         See http://www.quality.org/lists/lists_at_quality.org.html
               for the List of Lists supported at QUALITY.ORG

============================================================================
=





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]