[unisog] hardware based patch check
Ryan Dorman
Ryan.Dorman at millersville.edu
Mon May 15 17:26:00 GMT 2006
Cisco dealt with the user agent issue by building in the TCP Fingerprinting
code from nmap. If it smells like Windows it gets treated like Windows.
Ryan Dorman
Millersville University
On 5/15/06 12:53 PM, "Reimer, Mark" <mark.reimer at prairie.edu> wrote:
> Are you thinking of Network Access Quarantine, part of Windows Server
> 2003? You also need RRAS set up.
>
> Put "implementing quarantine services" into Google, and it's the first
> link. I'm having issues with my surfing abilities at the moment.
>
> Mark
>
> -----Original Message-----
> From: unisog-bounces at lists.sans.org
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Nicholas Andre
> DePetrillo
> Sent: Monday, May 15, 2006 9:57 AM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] hardware based patch check
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I thought this could only be done (appropriately) via a client on the
> host. I know Bradford systems can do this via an ActiveX client you have
> to launch that checks your registry for the patch level (even virus scan
> dat file date), and it was user definable. I know other vendors can do
> this but I am not sure of the exact details.
>
> I do know that it is usually circumvented by kids using Firefox with
> user-agent switcher extension, making their systems look like a Mac or
> Linux machine and bradford systems just ignores them and lets them
> through.
>
> On Mon, May 15, 2006 at 09:37:36AM -0600, Wells, Cary wrote:
>
>> I seem to remember someone out there had a firewall type system that
>> checked the actual ms patch level of machines before they got onto the
>
>> net. Anyone know the name of said device or the company?
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.sans.org
>> http://www.dshield.org/mailman/listinfo/unisog
>
> - --
> Nick DePetrillo
> Network Security Engineer
> OSHEAN
> Office: 401.295.0550
> E-Mail: nick at oshean.org
> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x121245B5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQFEaKTX3hEBgxISRbURAjfpAJ0SGwNnsUzMFomIsTX3CA96ROUHdQCgvP6C
> VcGWUgn6QLHFtTI+V+jmCng=
> =v+U9
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>
>
>
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
More information about the unisog
mailing list