Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Black ICE
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Fri, 8 Sep 2000 12:59:35 -0700

BlackIce insecurities.
Note: I have not thoroughly tested these, so please forgive me
if they are inaccurate.

It appears the clients don't block ICMP traffic with a default
trusted mode installation.

It's also rumored that port 113 is not filtered either, so tcp/udp
attacks can sneak in their.

The older Icecap server (not sure about the new one) uses basic http
authentication. In a test on  (unamed for privacy) I managed to brute
force an account on the ICECAP server, then I logged in and switched
my UID to 1000 via a cgi vuln (ICEMAN admin) there for gaining total
access of the server.

I notified a member of NetworkIce and I imagine this will not be possible

I reviewed several firewall clients for use, we decided on BlackIce.

The packet sniffing engine is ingenious!

  Riley Hassell
  Network Security
  Speakeasy Network
  Phone : 206-728-9770x151
  Email : riley () speakeasy net

On Fri, 8 Sep 2000, Talisker wrote:


I have info on BlackIce Defender, BlackIce Sentry on my web site below,
There are also plans to launch a network vulnerability scanner called
IceScanner, also worth a look is IceAgent which is the corporate version of
defender, I haven't put that up yet.


 Listing all known commercial IDS
                 (0 0)
  | The geek shall        |
  |  Inherit the earth     |
                  || ||
              ooO Ooo

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

----- Original Message -----
From: "Bill Casti (System Admin)" <help () QUALITY ORG>
Sent: Thursday, September 07, 2000 10:18 PM
Subject: Re: [PEN-TEST] Black ICE

Anyone tell me more about Black ICE, what it is and where to get some
detailed information?


 Bill Casti, CQA                                     Email:
help () quality org
 - Domain Owner, QUALITY.ORG                         Pager: +1 800 604
 - List Moderator, "TQM in Manufacturing and Service Industries"
 Self-service list subscription service at
         See http://www.quality.org/lists/lists_at_quality.org.html
               for the List of Lists supported at QUALITY.ORG


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]