OT: Redmond

Lisa Kachold lisakachold at obnosis.com
Wed Jan 14 02:25:42 MST 2009 

Have you turned off Remote Registry Editing?  

How about ICS?  Are you allowing Internet Connection Sharing?

Do you have ports 137-139, 445, ms-terminal and RDP closed or filtered on your router (or Firewall)?

Did you leave on Remote Debugging?  http://msdn.microsoft.com/en-us/library/bb385831.aspx

Have you watched all the UnPN packets?  http://www.vistax64.com/vista-general/24766-upnp-questions.html

Are you open to IPv6 tunnel exploits?  https://forums.symantec.com/t5/Vulnerabilities-Exploits/Who-Left-the-Tunnel-Door-Open-in-Windows-Firewall-for-Vista/ba-p/305520;jsessionid=B5FB50587CD207566675CB33A2056B63#A105

Did you see all the other information that is created and sent to Microsoft and Akamai's federal government information cache constantly blogging up the network?   or... "What IS ALL THIS TRAFFIC to AKAMAI and Microsoft with nothing open and running!"  http://whitepapers.silicon.com/0,39024759,60117863p,00.htm

Have you configured the new outbound firewall rules (under Group Policy Editing) or are you using an add-on security product like Symantec [In Microsoft a Virus Checker and firewall configuration is NOT OPTIONAL]?  http://www.vistahunt.com/windows-vista-two-way-firewall.html 

What about MS Connection Inspection Engine issues?  http://msmvps.com/blogs/alunj/archive/2008/01/24/1479415.aspx

Do you use Cygwin?  Any Redmond Cyg-X installation issues?

Do you use plugins for script based monitoring like Nagios?  Any UAC issues?

Are you able to use Wireshark with UAC ACL's in Vista/Redmond?

Have you booted BackTrack on another network machine and run some of the very basic Metasploit tools against it?
Examples:  
http://forums.remote-exploit.org/archive/index.php/t-18548.html
http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1333816,00.html

How about SMB4k browser?  
SMB/CIF share browser will display that you are sharing more than is disclosed with Windows Firewall or Network Share tools!
http://backtrack.offensive-security.com/index.php/Tools

Just some basic tester questions!

www.Obnosis.com |  http://wiki.obnosis.com | http://hackfest.obnosis.com (503)754-4452
PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM

> Subject: Re: OT: Redmond
> From: craigwhite at azapple.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Date: Tue, 13 Jan 2009 22:07:58 -0700
> 
> On Tue, 2009-01-13 at 21:42 -0700, James Finstrom wrote:
> > I like to imagine it is because I am important or that its because I
> > went to church with many Microsoft cube gnomes when I lived in
> > Washington but none of these things are true simply because I am on a
> > Microsoft Spam list I got an invitation and license to download and
> > play with Windows 7 beta. So let me share the expierience and overview
> > so far I like things with the word free even if it is only as in beer
> > and only for a short time, Anyhow with fear and the smell of danger
> > that acompanies all things that say Microsoft and Beta in the same
> > typography I clicked the shiny banner answered a few questions and got
> > a key + link.  the minimum requirements say 1Gig ram and 128M video
> > and blah blah something something okay whatever click.... Anyhow the
> > download comes up says this could take several days depending on your
> > provider and the download size is...... 2.44 GIG holy redhat batman I
> > need to go buy a dvd to burn this down to, well so much for free.
> > Anyhow it is chewing up some bandwith that can be better allocated but
> > I am going to grab it if for nothing else just to see if
> > http://xkcd.com/528/  is true...
> ----
> I always felt that if you really are inclined to do Microsoft beta
> testing, that you were best off to wait for the official release because
> that's when they actually start to make features work.
> 
> It's absurd to think that you can run the latest/greatest without the
> bandwidth and hardware to support it.
> 
> Craig
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t1_hm_justgotbetter_howitworks_012009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090114/612dbc0b/attachment.htm

More information about the PLUG-discuss mailing list