Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 18, 2002 (Vol. 7, #14 - Issue #345)
Do You Deserve To Be Hacked?
This issue of W2Knews contains:
- EDITORS CORNER
- Now Here's A Question For You!
- TECH BRIEFING
- More On Rdesktop - Conclusion
- NT/2000 RELATED NEWS
- Two Tools To Combat The Latest SNMP Holes
- IE Flaw Exploited For MSN Messenger Worm
- The State Of W2K: Windows 2000 At Two Years
- NT/2000 THIRD PARTY NEWS
- "You Deserve To Be Hacked, And By The Way, You Will Be"
- Need To Perform Penetration Tests On Your Own Networks?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows 2000 Admin Black Book - Second Edition
SPONSOR: Microsoft Management Summit / Altiris
Looking for the latest on Microsoft SMS, MOM and App. Center, and
third-party tools like Altiris and NetIQ to effectively manage your
Windows environment? The 5th annual Microsoft Management Summit is
the place to be April 29 - May 3, 2002 in Las Vegas. Sign-up before
March 15 and enter to win a Microsoft Xbox to be given away. This is
THE management event of the year. Sponsored by Microsoft, Altiris
and NetIQ, presented by myITforum.com. Labs sponsored by Compaq.
Visit Microsoft Management Summit / Altiris for more information.
Now Here's A Question For You!
But to begin with, here is our new XBOX winner: Debbie Berg from
San Antonio, TX. Congrats Deb! To get a chance to win your own XBOX,
fill out your profile and invite up to three friends to subscribe:
Next, we're considering a paid version of W2Knews. For 10 bucks a year
(20 cents per issue) you would get more news, less commercials, and
in-depth technical solutions and product reviews. Would you plunk
down 10 bucks for that?
Please vote here:
- Naah, I'm already getting enough stuff.
- Welllll, maybe.
- Could be pretty useful if the content is relevant.
- I would definitely sign up for that!
And here are the results of the last SunPoll: "How much time do you
have per month to evaluate new soft- and/or hardware?"
Now, the last item of the editor's corner. How are we doing? I need your
opinion. Time to let me know what I can do to improve. This is a
confidential survey to help me know a bit more about you, and what
kinds of articles you are looking for. You can win one of 5 XBOX-games or one of 5 $50 Amazon Gift Certificates. Please fill out this survey now at:
- I have no time at all for that kind of stuff [grumble]: 15.45%
- I usually download stuff but 80% of the time it does not get installed: 48.81%
- I'm able to play/test new stuff once a month for a couple of hours: 24.78%
- We have a day or two scheduled in, and it's part and parcel of our normal routine to keep up-to-date with the market: 10.94%
PS, We found a new KILLER ad for the XBOX. It's from the European
XBOX site, they are announcing it in a couple of weeks. Forward this
link to your friends. You want to watch this one a few times, it's
5MB but worth it.
(email me with feedback: [email protected])
"A NETWORK ADMINISTRATORS TOOL KIT"
OpalisRobot automates a broad range of admin tasks
including system monitoring, corrective action and job
scheduling. It detects and corrects system errors &
automates jobs, enabling proactive management of
business-critical servers. Download & test-drive today!
Visit OPALIS for more information.
More On Rdesktop - Conclusion
Jacco de Leeuw from Holland sent me this email that I thought was
a great conclusion of the rdesktop story. Here goes:
"I hadn't heard of W2Knews before (shame on me) but I'm glad you
brought rdesktop to the attention of Windows admins. If you don't
mind, I have a couple of additions to your article.
As you wrote, rdesktop was made by Matt Chapman. You might be
interested to know that Matt is also a Samba team member. Samba
is an implementation of the SMB/CIFS file and print protocol used
by Windows. Recent versions can now also run as a PDC and authenticating users against Samba could really save a bundle in client licenses.
Matt is apparently a busy man, going for his PhD as well, and so
far he has released just two versions of rdesktop, 1.0.0 and 1.1.0.
But since rdesktop is released under the GNU Public License, anyone
can add extensions to the program. And that's exactly what has
Several patches have been submitted by rdesktop users from all over
the globe, and they have been bundled by a Swedish guy called Peter
Bystroem. Because of these efforts, rdesktop now not only runs on
Linux but also on several other flavors of Unix, MacOS X, Acorn and
You mentioned the -l parameter, "do not request license". Unfortunately,
that does not always work. I don't know the details (depends on the TS
settings apparently) but in Peter's patch there's an even more
interesting parameter: --built-in-license. When specified, rdesktop
emulates a Windows 2000 Professional TS CAL!
IANAL (I am not a lawyer) but I don't necessarily think this will
mean a saving on TS CALs. There was some discussion on the rdesktop
mailing list and the consensus is that admins still have to obtain
the correct number of CALs. The plus side is that you won't have
the hassle of dealing with (temporary) licenses, license servers
etc. Apparently these are a bit flaky on TS...
However, there are savings in license costs for the *client* OS.
Until rdesktop, the only TS clients were made by Microsoft and they
run on Windows platforms: Windows CE (WBT), Win3.x, Win32 and
PocketPC. That means you always had to pay for the underlying OS.
Except if you run rdesktop on a free platform.
rdesktop is at: http://www.rdesktop.org
Peter Bystroem's patch is at:
RedHat and Mandrake RPM packages (make installation a breeze) were
made by me and can be found at:
Chris Scott wrote this: "The version you mirrored was 1.0.0. Version
1.1.0 worked much better for me. Actually, 1.0.0 didn't work at all.
The later version adds 16bpp color depth support and works well on
RedHat 7.2--actually it is faster than using the Terminal Services
client on a Windows box on the same LAN segment. Another thing that
isn't referenced on the rdesktop.org site but is in the mailing list
archives is that it requires the XFree86-devel library to compile on
And to end off, Frank Dragun sent this in:
"I read the article on the available Linux client in this issue. I
wanted to bring our product, WinConnect, to your attention. WinConnect
is a fairly new product that, similar to rdesktop, offers users access
to their Windows NT/2000/XP server via a Linux based machine. We fully
support RDP 5 (and derivatives). Besides supporting the ctrl-alt-del
key sequence, we will even deliver the MS theme music if the terminal
device has speakers, supports sound, and the user likes that catchy
"Yes, our product is commercial, but the low price ($50) provides more
features than Rdesktop, and includes technical support. Currently,
with one or two foreign language releases excepted, WinConnect works
with any release of Linux. We have tested the software on old 486
class machines as well as the newest P4s. In fact, we have the
software working on a Compaq iPaq palm computer that has an embedded
Linux OS installed." They are at: http://www.thincomputinginc.com
NT/2000 RELATED NEWS
Two Tools To Combat The Latest SNMP Holes
First of all, I had a "momentary lapse", and need to UNDO a remark I
made last issue. I combined SNMP and email in the same sentence. That
caused some feedback, and I have to admit that in the heat of the moment
I confused SNMP (Simple Network Management Protocol) with SMTP (Simple
Mail Transfer Protocol). Whoopsie. If you want to know more about SNMP
there is a link to a good little tutorial at the end of this article.
In regards to the CERT advisory references to Cisco SNMP on port 1993,
this has not been enabled in Cisco IOS software versions since 11.0,
and appears to be an erroneous report at this time. Port 1993 was
previously used for TCP-based SNMP.
But in the mean time we have a humongous amount of devices out there
that are SNMP enabled and could be an entry point for attacks. Here
are two tools that can help combat this hole. The first one scans for
devices that SNMP enabled and is free. The second one is Retina, which
has a lot more power in detecting SNMP related issue. And I was just
informed that the SANS institute also makes something available. Info
at this email address: [email protected] .
Professional Vulnerability Scanner that includes real full SNMP scanning:
- Foundstone announced SNScan, a freeware tool to detect SNMP- (Simple
Network Management Protocol) enabled devices on a network. SNScan gives
a way to determine some of your level of exposure to SNMP-related holes
across your network. Once these devices have been identified, you can
determine whether to fix the SNMP service, disable SNMP or implement
filters to restrict access. The recently detected SNMP vulnerabilities
range from allowing host administrative access to Denial of Service
I do not want you to get the feeling that you are going to be safe after
running it, as it does not specifically scan for the recently published
SNMP vulnerabilities. It searches for SNMP servers, and tries to "brute
force" some community names. Don't get confused thinking this freeware
will actually tell you if you truly have vulnerable SNMP servers or not,
but it IS free (!).
- eEye's Retina already has, and continues to have, extensive SNMP
auditing capabilities. If you want real full SNMP auditing, check out
Retina and if you are a current Retina user, you already have extensive
SNMP auditing at your disposal. Mark Maiffret at eEye said "We have
been researching the latest vulnerabilities found within SNMP and
Retina will currently detect if there are SNMP servers within your
network that are accessible from outside attackers. Retina has been
performing such functionality for many months now. As new SNMP holes
are researched or current ones are expanded on, we will continue to
update Retina to give you fullest protection for your network."
Free SNMP sniffer:
IE Flaw Exploited For MSN Messenger Worm
ComputerWorld just reported that a new worm that uses the MS instant
messenger to propagate has been spotted by several antivirus software
The worm arrives in an instant message that contains text telling
the recipient to go to one of several Web sites. The text says either
"URGENT -- go to (url) now" or "ATTeNT!oN -- go to (url) now."
Clicking on the link in the message opens a Web page with malicious
or other Web pages with the code, to all the MSN Messenger users on
the victim's contacts list, Symantec Corp. and F-Secure Corp. said
in advisories today.
Dubbed "JS.Menger.Worm" by Cupertino, Calif.-based Symantec and
"Coolnow" by Helsinki, Finland-based F-Secure, the worm sends instant
messages but does no damage to a user's system, the antivirus software
vendors said. F-Secure said that it's trying to shut down the sites
hosting the malicious code before it becomes very widespread. Full
Story at the ComputerWorld site. If you have MS IM users, better
The State Of W2K: Windows 2000 At Two Years
This is an article on the ENT site that I like. Gives you a good
overview. No use to repeat here what they are saying. [grin]
THIRD PARTY NEWS
"You Deserve To Be Hacked, And By The Way, You Will Be"
Strong words! They were uttered by Richard Clarke in Wired Magazine,
March 2002. Here is the full quote: "Most Fortune 500 companies spent
.0025 percent of revenue on IT security. Now if you spent .0025 percent,
you deserve to be hacked. And by the way, you will be."
Scott Kelly, the Director of Conference Enrollment of the free Security
Decisions sent me this invitation: "According to Richard Clarke, current
special advisor of cyberspace security for President Bush, "You can't
buy a security product and say you're done - you have to worry every
Clarke stated in the current article how most IT pros think that if they
have a firewall, an intrusion detection system, and antivirus software,
they are safe. But any serious security pro today knows that's a huge
misconception that could spell disaster for any organization."
He is right. These tools are pieces of the puzzle, but there is a lot
more to be done about security. Part of it is PEOPLE. And that means
training and awareness. So Kelly invites you to attend his conference
coming to Chicago June 19-21 at the Hilton Chicago Hotel where you'll
get unprecedented technical content delivered by the industry's best
independent security strategists, leading security analysts, and top
No hype. No golf outings. Just serious must-know techniques and insight
on how to make the smartest security decisions right now. Plus, how
to establish the most cost-effective security budget based on your
shop's requirements. You can apply for the conference here:
And if you are interested in a Top-Down, "People And Technology" high-end, strategic approach to wall-to-wall enterprise security, first have
a look at this page, and then fill out the form for a web-demo:
Need To Perform Penetration Tests On Your Own Networks?
If you need to prove to management, outside auditors or perhaps shareholders that (no) holes exist in your networks, you should do your very
own penetration tests. "Hacking your own networks from the outside in."
If you do this, you may suddenly find that your organization underestimates their exposure to crackers. If you can identify soft spots
in your own networks, this kind of penetration test gives you a baseline
for a project to fix the holes. Here is the tool you can do it with:
This Week's Links We Like. Tips, Hints And Fun Stuff
Bart's Network Boot Disk: a highly professional network boot disk.
Killer new XBOX ad on video. Really worth it. Forward to your friends!
The technical specs of the IBM Metapad. Pretty cool.
Is Your Home A TechHome? Here is a rating system for buyers and sellers:
Running XP at 60 mph:
PRODUCT OF THE WEEK
Windows 2000 Admin Black Book - Second Edition
I'm one of the authors of this one. The topics covered are: MS W2K,
explained mostly in a series of procedures, for installing, configuring,
and managing the operating system for a medium-to-large organization;
how to perform key work in disk management, Active Directory setup,
Registry management, and print services provision; migration from NT 4.0
to W2K, IntelliMirror, and the Microsoft Management Console (MMC).
Windows 2000 Systems Administrator's Black Book is a must-have reference
for system administrators and IS professionals who install, configure,
and support workstations and servers on Windows 2000 networks, and who
require a detailed guide to Windows 2000 security, start-up and shut-down,
disk and file systems management, networking, Internet Information Server,
and the Active Directory. Windows 2000 Systems Administrator's Black Book
provides details of the upgrade process from Windows NT 4.0. Amazon has a
special at the moment, where they offer this one together with an Active
Directory one for a special low price. Recommended! Link to Amazon: