-
March 6th, 2006, 09:21 PM
#1
Hacking Norton's internet security suite
I was onsite today for a small company whose owner runs a 7 computer LAN. The two computers on his desk are the only XP machines, relatively new. There's four win98 machines and a linux-based camera system (Samsung).
On his XP machines, he's using Norton's security suite, including their firewall. Everything else is wide open but behind a Linksys. He wants to make sure no one on the LAN is getting into his desktops.
I boot up linux, ran "ettercap -C" to look for hosts, and it failed to see any at the two ip's. Then I ran "nmap -sS..." and it failed to see anything at those ip's. Both those programs run against a Windows XP firewall would've seen them.
For all my griping about this fat baby, it's a pretty good firewall, better than I thought. Are there other switches I could run against Norton's that would betray it?
Just curious, I like testing this stuff. Thanks.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
March 6th, 2006, 09:25 PM
#2
Re: Hacking Norton's internet security suite
Originally posted here by brokencrow
I was onsite today for a small company whose owner runs a 7 computer LAN. The two computers on his desk are the only XP machines, relatively new. There's four win98 machines and a linux-based camera system (Samsung).
On his XP machines, he's using Norton's security suite, including their firewall. Everything else is wide open but behind a Linksys. He wants to make sure no one on the LAN is getting into his desktops.
I boot up linux, ran "ettercap -C" to look for hosts, and it failed to see any at the two ip's. Then I ran "nmap -sS..." and it failed to see anything at those ip's. Both those programs run against a Windows XP firewall would've seen them.
For all my griping about this fat baby, it's a pretty good firewall, better than I thought. Are there other switches I could run against Norton's that would betray it?
Just curious, I like testing this stuff. Thanks.
Hmmm, good info. I've never paid attention to which firewalls would reply how ('cept the SP2 built in one, which we know is oken-bray).
You might consider a passive sniff on the network for awhile. If the Linksys is switched and won't give you data, you might try some arp poisoning to put the switch into a hub-like state, so you CAN see the traffic. However, this won't give you anymore info that a proper system scan would, I believe.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
March 6th, 2006, 09:40 PM
#3
Would a sniff of Ethereal give me a whiff of the ARP?
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
March 15th, 2006, 02:03 AM
#4
Junior Member
Yes, you would be able to see the ARP requests. Depending on how paranoid he has Norton setup, the desktops would drop the packets instead of replying "not here"
-
March 15th, 2006, 05:27 AM
#5
For all my griping about this fat baby, it's a pretty good firewall, better than I thought
This is the irony with Norton Security, you can't bypass the firewall ...
but you can bypass your expired subscription and
keep on getting those security updates for free.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|