Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-06-01 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Quiet Day; U.S. CERT Summary; Scott's Toolkit for Windows

Published: 2005-06-01
Last Updated: 2005-06-02 02:10:18 UTC
by Deborah Hale (Version: 1)
0 comment(s)
Quiet Day

This has been a really quiet day on the Net. Probably just as well, it has given this Handler some time to reflect on what I see going on out in the black hole we call the World Wide Web and think about how things have changed in the last 12 months or so. It never ceases to amaze me how incredibly intuitive our own Dr J. (Johannes U.) is. About a year ago I had a "discussion" with Johannes via email. I was in the process of developing a PowerPoint presentation for a workshop that I was giving on the Internet and its perils. One of the questions that I presented to Johannes was ? If you could look to the future what do you think will be the biggest problem facing the Net in the next year or two. His answer to me at the time was ?Botnets?. At the time I was surprised because I really hadn?t talked to anyone or worked with any computers that had been affected by ?bots?. Ironically ? just a few months later I now fully agree with the good ?Dr. J?. I have dealt with so many computers in the last 9 months that are riddled with the little devils that I am beginning now to wonder if any computers exist that don?t have ?bots?.

I haven?t had a chance to ask Johannes to answer that question again. I wonder if his answer will change. Humm!

Now how about you? What do you think will be the big problems in the summer of 2006? Maybe I will compile your replies and post them on June 1 of 2006. What do you think?
U.S. CERT Summary of Security Items from May 25 through May 31, 2005

U.S. CERT has released their summary. I find it quite interesting the number of new vulnerabilities and updated old vulnerabilities are identified. Make sure that you get your systems patched, plugged or whatever it is that the manufacturer recommends. We don't want any of you our faithful readers to fall to the devious hackers lurking out on the WWW.

http://www.us-cert.gov/cas/bulletins/SB05-152.html
Scott's Toolkit for Windows

A big thank you to one of our Handlers - Scott F - for providing us with his toolkit recommendations. This toolkit looks like it will provide you with everything you will need to monitor, troubleshoot and maintain you network.

If you have other windows based tools that you keep in your personal toolkit, please let us know through our .


Antivirus Tools
|-- McAfee Stinger (updated routinely)
|-- Symantec AV Corporate Edition v9 (soon to be v10)
|-- Microsoft Malware Removal Tool (released monthly)
|-- Current Symantec AV Intelligent Updater

ResponseKit
|-- NetCat (available now at SecurityFocus)
|-- SysInternals AccessEnum
|-- SysInternals AutoRuns
|-- SysInternals Contig
|-- SysInternals DiskView
|-- SysInternals FileMon
|-- SysInternals ListDLLs
|-- SysInternals Page Defrag
|-- SysInternals ProcessExplorer
|-- SysInternals PS Tools
|-- SysInternals RegMon
|-- SysInternals Rootkit Revealer
|-- SysInternals Sdelete
|-- SysInternals ShareEnum
|-- SysInternals Sync
|-- SysInternals TCPView
|-- SysInternals Miscellaneous tools
|-- Heysoft LADS
|-- myNetWatchman SecCheck
|-- Inetcat.org NBTScan
|-- FoundStone BinText
|-- FoundStone Forensic Toolkit
|-- FoundStone Fport
|-- FoundStone Galleta
|-- FoundStone Pasco
|-- FoundStone Rifuti
|-- FoundStone Vision
|-- FoundStone ShoWin
|-- FoundStone SuperScan
|-- WinDump
|-- Nmap
|-- Tigerteam.se SBD (encrypted netcat)
|-- GNU based unxutils (from unixutils.sourceforge.net)
|-- Good copies of windows binaries (netstat, cmd, ipconfig, nbtstat)

Spyware Tools
|-- AdAware (updated defs in same directory)
|-- CWShredder
|-- Hijack This
|-- MS AntiSpyWare Beta
|-- Spybot Search and Destroy (updated defs in same directory)
|-- BHO Demon

Security Tools (this is my usual place to dump the .zip or .exe installers)
|-- Heysoft LADS (list alternate data streams)
|-- Inetcat.org NBTScan
|-- MS Baseline Security Analyzer
|-- MS IIS Lockdown tool
|-- Sam Spade
|-- SSH Client (SSH.com or Putty)
|-- SysInternals Tools
|-- Foundstone Tools
|-- BlackIce PC Protection
|-- Kerio Personal Firewall
|-- Zone Alarm Personal Firewall
|-- WinPcap
|-- WinDump
|-- Ethereal Installer
|-- Nmap for windows (cli version)

Utilities
|-- Adobe Acrobat Reader Installer
|-- CPU-Z
|-- FireFox Installer
|-- Macromedia Flash and ShockWave Installers
|-- Quicktime Standalone Installer
|-- VNC Installer
|-- Winzip Installer
|-- ISCAlert

Service Packs ( on a 2nd CD )
|-- Windows XP SP2
|-- Windows 2000 SP4 (+rpc/lsass critical patches or SRP when released)
|-- Windows 2003 Server SP1


(Some additional CDs I keep around for the Unix geek in me)

Knoppix CD

Helix CD

Note: Any commercial software above that is not freeware/shareware in the list above should be replaced in your toolkit with your company or campus licensed software.

Here is wishing all of you a Good Night.

Deb Hale

Handler On Duty

haled@pionet.net
Keywords:
0 comment(s)
Diary Archives