--- Log opened Mon Apr 25 00:00:44 2011
03:39 -!- fie [~fie@adsl-75-31-163-47.dsl.frs2ca.sbcglobal.net] has quit [Quit: Leaving]
03:56 -!- fie [~fie@adsl-75-31-163-47.dsl.frs2ca.sbcglobal.net] has joined #se2600
05:00 -!- Falun [~richard@75-37-195-222.lightspeed.lsatca.sbcglobal.net] has quit [Quit: Leaving]
06:39 -!- NotLarry [~NotLarry@c-68-53-104-117.hsd1.tn.comcast.net] has joined #se2600
06:39 -!- mode/#se2600 [+o NotLarry] by ChanServ
06:41 <@NotLarry> Damn
06:41 <@NotLarry> http://5z8.info/56-DEPLOY-TROJAN-287.mw9----_r0l9mp_56-DEPLOY-TROJAN-287.mw9----
07:05 -!- ls3 [~fbar@71.15.26.216] has joined #se2600
07:22 <@Evilpig> NotLarry: what is that?
07:33 <@NotLarry> just an article about Brentwood fining the contributor vendors.
07:34 <@NotLarry> I guess we can assume Brentwood is not homeless friendly eh?
07:35 <@Evilpig> I really displike that link service you ran that through.  :P
07:55 <@Bahhumbug> What, you don't just automatically click on something that contains "DEPLOY-TROJAN" in the URL?
07:55 <@Evilpig> with notlarry's knack for finding trojans?  nope
07:57 <@Bahhumbug> :)
07:58  * Bahhumbug decides to take the day off
07:58 <@Bahhumbug> (and go back to bed for an hour or so.  see ya)
08:18 -!- Feltenix [~Tanstaafl@adsl-074-166-075-102.sip.asm.bellsouth.net] has quit [Ping timeout: 246 seconds]
08:20 -!- Feltenix [~Tanstaafl@adsl-074-166-075-102.sip.asm.bellsouth.net] has joined #se2600
09:41 -!- rattleXw [~rattle@dc-nf-1-snat1c.techprogress.org] has quit [Quit: Leaving]
09:49 -!- emwav [~emwav@173.226.92.195] has joined #se2600
09:51 -!- Venom_X [~pjacobs@66.54.185.131] has joined #se2600
09:51 -!- mode/#se2600 [+o Venom_X] by ChanServ
10:13 -!- rattleXw [~rattle@208.87.107.68] has joined #se2600
10:22 -!- rattleXw is now known as rattle
10:22 -!- rattle [~rattle@208.87.107.68] has quit [Changing host]
10:22 -!- rattle [~rattle@tor/regular/rattle] has joined #se2600
10:22 -!- mode/#se2600 [+o rattle] by ChanServ
10:46 -!- Feltenix [~Tanstaafl@adsl-074-166-075-102.sip.asm.bellsouth.net] has quit [Remote host closed the connection]
10:50 -!- Feltenix [~Tanstaafl@adsl-074-166-075-102.sip.asm.bellsouth.net] has joined #se2600
11:19 <@Dagmar> I wonder how long I can get away with taunting Sprint on their forums before they get mad about it
11:22 -!- Dickie [~dickie@unaffiliated/dickie] has quit [Quit: WeeChat 0.3.2]
11:22 -!- Dickie [~dickie@unaffiliated/dickie] has joined #se2600
11:22 -!- mode/#se2600 [+o Dickie] by ChanServ
12:31 -!- kd4zay [~chatzilla@mail.usaadmin.com] has joined #se2600
12:33 < kd4zay> anyone here from the nashville 2600 user group?
12:52 <@opticron> there are quite a few here, but you may have to wait a while for them to check this channel again
13:18 <@ware> kd4zay: #se2600 has a bunch of those weirdos
13:19 <@ware> err..
13:19 <@Sheath> er
13:26 <@Evilpig> I'm here
13:26 <@Evilpig> I was off at lunch with the wife
13:27 <@Evilpig> kd4zay: what would you like to know? hrmmmmm?
13:51 -!- dasunt [~dasunt@71.36.142.61] has joined #se2600
13:52 -!- dasunt [~dasunt@71.36.142.61] has quit [Changing host]
13:52 -!- dasunt [~dasunt@unaffiliated/dasunt] has joined #se2600
13:52 -!- mode/#se2600 [+o dasunt] by ChanServ
13:55 -!- dasunt [~dasunt@unaffiliated/dasunt] has left #se2600 []
13:57 -!- ls3 [~fbar@71.15.26.216] has quit [Quit: Leaving]
13:58 -!- ls3 [~fbar@71-15-26-216.dhcp.hlrg.nc.charter.com] has joined #se2600
14:41 < kd4zay> do guys have any events planed for the remainder of the year?
14:44 <@Dagmar> Well, we were thinking about trying to set up a lynching in late summer
14:44 < kd4zay> oh sounds fun
14:45 <@Dagmar> If you're talking about meetings we have those at the usual times and place
14:45 < kd4zay> i just moved here not long ago and am looking for a group with like minded
14:45 < kd4zay> first friday
14:45  * Dagmar checks
14:45 <@Dagmar> Yes!
14:46 <@Dagmar> So... next Friday
14:46 <@Dagmar> I tend to not watch the calendar much
14:47 < kd4zay> cool, has anyone heard of alienvault its a linux based ids suite
14:48 < kd4zay> i am looking for ids system to deploy at work
14:49 <@Dagmar> I think most of us mainly roll our own when it comes time to that
14:49 < kd4zay> any suggestions are welcome
15:06 < kd4zay> I was looking for something with a management console, event logging not that i don't enjoy the command line.
15:08 <@Dagmar> Yeah, that's going to be a problem
15:08 <@Dagmar> In particular, IDSes need to be customized rather specifically for the environment
15:09 <@Dagmar> ...unless of course you want to wait for criminals to actually follow that RFC that says to set the evil bit on intrusion attempt packets.
15:09 -!- sync [~sync@c-98-242-80-239.hsd1.ga.comcast.net] has quit [Quit: This computer has gone to sleep]
15:09 <@Dagmar> A management console is just about perfectly useless for something that's either going to be a big green checkmark, or a list of suspicious shit you have to look into
15:10 < kd4zay> lol
15:10 <@Dagmar> almost adding insult to injury, the larger and more prominent a host-based IDS is going to be, the more likely someone's got a canned tool to defeat it
15:12 < kd4zay> I now what youre saying im just trying to satisfy management and compliance note: not that either really deal with security really.
15:12 <@Dagmar> Yer gonna wanna start with something like http://www.ossec.net/.
15:12 <@Dagmar> Oh! In that case just get that AlienVault thing and call it a day then
15:13 <@Dagmar> Commercial packages tend to make you spend as much time culling out the crap as you do looking at things that matter
15:13 <@Dagmar> they also tend to trend toward "shitty and pointless monitors"
15:14 < kd4zay> yes, i just started noticing that today while looking at alienvault
15:14 <@Dagmar> Like, if an IDS does a goddamn thing about a nestea packet (DoS attack from teh Great Packet Wars of the 90s) other than just snicker and ignore it, it's a test that is just there for show and to take up disk space.
15:15 <@Dagmar> Equipment which is vulnerable to that attaack shoudln't be on anything even remotely resembling a modern network
15:15 < kd4zay> yep
15:15 <@Dagmar> Of course I say this and... let's see...
15:16 -!- Venom_X is now known as Venom_lnch
15:17 <@Dagmar> Bleh
15:17 <@Dagmar> [1;30m[[1;37m1[1;30m][0m ùíù #se2600 is desynced from anthony.freenode.net at 03:17pm[0m
15:17 < fall0ut> hrm
15:18 <@Dagmar> I don't know if that DCC crasher went out or not but if it did then THANK FUCKING GOD FOR FUCKING ONCE EVERYONE'S UPDATED
15:18 < fall0ut> IDS is usually useless
15:18 < fall0ut> from the types of data/networking I do
15:18 <@Dagmar> For two fuckin' years after word hit that certain home routers had a problem parsing DCC queries with certain arguments, it was knocking 1-3 people in here offline.
15:19 <@Dagmar> ...which is just freaking shameful.
15:19 < fall0ut> hahahahaha
15:19 < fall0ut> yes
15:19 < fall0ut> DCC SEND asdfasdf 0 0
15:19 < fall0ut> nobody :(
15:19 <@Dagmar> It requires the ^A's and I think ther'es a channel mode set stopping it
15:19 < fall0ut> some of them didn't even require that
15:20 <@Dagmar> Yeah the stopnethack thing, but that was a separate bit of stupid
15:20 <@Dagmar> Ah yes  I see
15:20 -!- mode/#se2600 [-C] by Dagmar
15:20 < kd4zay> fall0ut:well i wanted to be a bit more pro active at work and setup few honeypots but got shot down by management no surprise there.
15:20 -!- Dickie [~dickie@unaffiliated/dickie] has quit [Read error: Connection reset by peer]
15:20 -!- oddball [~oddball@c-76-22-243-130.hsd1.tn.comcast.net] has quit [Read error: Connection reset by peer]
15:21 <@Dagmar> for fuck's sake.
15:21 -!- mode/#se2600 [+C] by Dagmar
15:21 -!- oddball [~oddball@c-76-22-243-130.hsd1.tn.comcast.net] has joined #se2600
15:21 < fall0ut> hahahahahaha
15:21 < fall0ut> kd4zay: out of boredom?
15:21 <@Dagmar> I think I'm just going to GIVE oddball my second fucking router
15:21 < fall0ut> or do you host critical applications?
15:21 -!- Dickie [~dickie@unaffiliated/dickie] has joined #se2600
15:21 -!- mode/#se2600 [+o Dickie] by ChanServ
15:21 < kd4zay> yep
15:21 < kd4zay> we do
15:22 <@brimstone> wait... what?
15:22 <@Dagmar> You're not monitoring people's heart rates using hosts on EC2 are ya?
15:22 < kd4zay> and i think it would be prudent to incorporate honeypot to slowdown any attacks
15:22 <@Dagmar> Doubtful.
15:22 < kd4zay> not that critical
15:23 <@Dagmar> A honeypot is only useful if you have a team of people ready to actually do osmething about that
15:23 <@Dagmar> Otherwise, it's basically just fappery.
15:23 < fall0ut> about the only thing we offer is a route-server to announce /32s up to
15:23 < fall0ut> that will trigger remote blackholes
15:23 <@Dagmar> So someone manages to break into a honeypot box.
15:24 <@Dagmar> At best, they're nice and contained in your network, will figure it out presently, and try something else
15:24 < kd4zay> there is a old project i was looking at called baitnswitch
15:24 <@Dagmar> Anything short of "best" tends to run straight to "...and now they have a marginal foothold on your network"
15:24 < kd4zay> yes but by then you would have time to react
15:25 <@Evilpig> kd4zay: yes we meet first friday of each month at J&J's Market
15:25 <@Dagmar> Best to just put everything into keeping fuckers out and monitoring for intrusions unless you have a team of people with too much free time whose job it is to produce counters for specific threats
15:25 <@Dagmar> kd4zay: There's no lead time a honeypot will get you that an IDS wouldn't also
15:25 <@Evilpig> and for big events we have CarolinaCon is next weekend, PhreakNIC is what nashville puts on and that is looking to be Nov 4-6 right now
15:26 -!- Dickie [~dickie@unaffiliated/dickie] has quit [Read error: Connection reset by peer]
15:26 < kd4zay> nice
15:26 <@Dagmar> brimstone: Were you referring to Dickie disconnecting?
15:26 <@brimstone> Dagmar: yes
15:26 <@Dagmar> Yeah, he needs to update the firmware on whetever the hell he's going through
15:26 -!- Dickie [~dickie@unaffiliated/dickie] has joined #se2600
15:26 -!- mode/#se2600 [+o Dickie] by ChanServ
15:26 <@brimstone> i'm gonna work with him to get it fixed
15:26 <@Dagmar> That issue was supposed to have been patched on everything for like five years now
15:27 <@Dagmar> If it's not, it's probably time to post to Bugtraq and make fun of some lazy fuckers
15:28 <@Evilpig> png... will it render if you only have hte first half of a file?
15:38 -!- emwav [~emwav@173.226.92.195] has left #se2600 []
15:53 <@Dagmar> evilpig: Maybe
17:08 <@Dagmar> Mainly it depends on how shitty the rendering lib is
17:08 <@Dagmar> ...and where the file ends, etc etc
17:16 -!- Venom_lnch is now known as Venom_X
18:03 -!- daswork_ [~dasunt@174-20-187-170.mpls.qwest.net] has quit [Ping timeout: 276 seconds]
18:19 -!- tcstool [~tcstool@173-85-102-77.dr02.ckvl.tn.frontiernet.net] has joined #se2600
18:19 -!- mode/#se2600 [+o tcstool] by ChanServ
19:05 -!- tcstool [~tcstool@173-85-102-77.dr02.ckvl.tn.frontiernet.net] has quit [Ping timeout: 252 seconds]
19:50 -!- Venom_X [~pjacobs@66.54.185.131] has quit [Quit: Venom_X]
22:54 -!- daswork [~dasunt@174-20-143-132.mpls.qwest.net] has joined #se2600
--- Log closed Tue Apr 26 00:00:44 2011