[Dshield] Vunet, browser crashes

Susan pobox2 at pinn.net
Wed Mar 27 14:43:56 GMT 2002


I like to use the Konquerer browser with the xwindows setup on RH 
because of the incredibly fast download speeds it gives me and the good 
choice of blocking of cookies etc. Konquerer has crashed so many times 
at Vunet I don't bother going there any more. I think what happens is 
they send up so many cookie prompts etc at one time the browser can't 
handle it. Likewise if some sort of (worm) code as was previously 
described is being sent also, I would prefer to take the crash than 
absorb the nasties. This won't neccessarily happen with IE or Netscape. 
Not completely sure, but blocking cookies, disabling active scripting 
and (all) downloads should effectively do what most spyware tackling 
stuff does. Konquerer has no effective method of blocking downloads that 
I've found so far soo...

I found this little off the shelf FREE item called Firestarter here: 
http://firestarter.sourceforge.net (hope that's right, let me know if 
it's not) that does a wonderful job of setting ipcahins and tables in a 
matter of minuets along with full ICMP blocking, that when fully enabled 
will block downloads. Been testing it 2 days now, looks good and simple 
enough to install quickly for a linux newbie like me who has way to much 
to do and not hardly enough time to do it. Now, intending to use John 
Hardin's labrea/portsentry combo, it may come off later, depending on 
possible conflicts. But Firestarter looks excellent right off the shelf 
and blocking of scanning ips on your home base eth is just a right click 
away. Real time stats... since we don't experience any scanning of the 
interior network directly from the outside, the soho takes care of that 
a full 100%,  but we do experience attempted taps directly to eth1 via 
browsers and email clients etc (our own software and vulnerabilities 
therein) firestarter as a quick fix works real well for me. Be careful 
though, if you set it too hard some of your own progs may not open, it's 
that tight. But that's great while surfing the net or just reading email 
etc.

Originally Mike, I installed Labrea via rpm that I found at rpm.find or 
someplace like that. It had all the neccessary libraries that labrea 
needed since it was complied for RH. But on uninstalling it I may have 
done more harm than good in respect to Labrea. Something about libnet.h, 
libcap, but it's in the rpm, I just have to start with that as a base 
probably in order to use the new beta. But since John Hardin's combo 
looks so promisingly excellent, then again, I may not need the new beta. 
  We need to trap only specific ips tapping eth1 directly, no random 
scans happening in here at all. Labrea picked up a couple oddball 
requests within a week and was otherwise silent here.

Susan

--__--__-- Message: 6 From: "mbshafer" <ms at mbshafer.com> To: 
<list at dshield.org> Subject: RE: [Dshield] So my computer is a danger and 
you are a genius? Date: Tue, 26 Mar 2002 10:25:59 -0500 Reply-To: 
list at dshield.org

 >>Vunet crashes my browser if I try to use the site with downloads,
 >>cookies, and active scripting blocked. Best to go elsewhere...

Real curious as to the settings here as I run a cookie manager that
blocks all but the approved list. Said list  is very small and doesn't
include vnunet. I have all java and js turned off for internet zone
(ie5.5) as that's only approved in the trusted zone of which vnunet is
not a member.  In other words I have the the same settings for vnunet
with nary a hitch. I'm curious as I've been working on making security
my specialty for almost two years now and I actually go looking for
trouble on the net. i.e. going to sites known to be certified cracker
hangouts etc.

<<----snip---->>

In sum my experience is most of the activity out there (at least in my
cable block) is unfocused, opportunistic type stuff and not serious,
focused hack attempts. By all means please do direct me to certified
sources of nefarious activity.

 >>Mike, the beta Labrea (*.4) does not do make install, it says so right
 >>in the readme. Locate, find, whereis, slocate, etc. really couldn't
 >>locate.

I gather I wasn't clear here. I got the impression you couldn't find
where the various package files were on the box. The locate & find will
solve that problem as I trust you're aware from reading the man pages.


Regards,

Mike Shafer
Pittsburgh, PA, USA

Why can't I just say PLONK!? ;)





More information about the list mailing list