Re: PLEASE HELP - USENET/Proxy Security Question

From: Thunder$truck (nealbailey_at_hotmail.com)
Date: 05/19/03 

Date: 19 May 2003 06:23:13 -0500

 All,

 I am starting to regret ever bringing this discussion to this group. Since
when did seeking legitimate info for technical assistance make me a "troll"?
For all
you self-righteous administrators out there you can promptly exit this
discussion for it was not intended for you. And those others whom feel
compelled to inject your moral commentaries into this dialog, you can also
exit promptly.
 This group is called alt.privacy and this is why I solicited it's members
for this question.

 For those interested in providing assistance or interested in how this
story plays out I will continue with the most recent events.

 On friday, I spent my lunch hour learning SMS and ether-peek with one of
our system admins. I've discovered when it is used and how/why.
 And it appears, for the most part, that the MS Proxy is really the only
barrier between me and the outside world. SMS is being utilized
 primarily to push packages the SMS server realizes a clients box does not
have. The idea of connecting to a remote host via an encrypted SSH
 tunnel won't work for me because the proxy blocks VPN connections. The
boundaries/sensors are no longer being monitored by the the
 network security folks anymore since they've all been transistioned to the
new network.

 I needed to gain access to the administrator account on my box so I set the
BIOS to boot from floppy and used LINUX boot disk to crack the SAM
 and "null" the admin passwd. Then I used the admin account to build a bogus
local account (free from the domain). This local acount is the same account
 name as someone who works on the other side of the building. Logged onto
this local account, I pointed everything to the proxy and it worked.

 What is different (regarding proxy log reports) when reporting connections
from a domain account and a local account? The other weak point I see
 is the switch, I'm sure the machine can be located based on the location on
the switch facilitating the connection

T/S

"Thunderstruck" <santyclaws@northpole.net> wrote in message
news:3ec2ae2a$0$49169$45beb828@newscene.com...
> Question: (excuse my ignorance) How does MS Proxy (the WinSock Variety)
log
> or monitor
> Usenet activity? My network at work has amazing bandwidth (800KBPS+) and
> I've begun using
> it to connect to a third party Usenet provider from my work machine to
> download mp3's, pictures,
> and short video clips. My biggest concerns are, While connected to this
> third party Usenet server
> is the name of the group I'm connected to being broadcast anywhere? I've
run
> a netstat on my local
> machine and the only info it seems to reveal is the server's IP. Secondly,
> does MSP cache any graphics
> files I download from the Usenet or does it simply forward the data to my
> machine? Suppossing it
> caches, am I safe still since the files are encoded with YENC or MIME? If
an
> administrator attempted
> to open any of these cached files wouldn't they simply see code? And
> finally, does Agent cache any
> downloaded files to the hard drive that can possibly come back to bite me?
>
> I'm on a small LAN (50 or so clients) running W2K, standard DFS, PDC,
BDC,
> 2 proxy servers. The
> only remote control software being utilized is SMS, which I've disabled on
> my machine.
>
> TIA,
> I really appreciate it!
>
> Thunder$truck
>
>

Relevant Pages

  • Re: Backup to external drive on another computer
    ... Problem setting up Permissions, as follows: ... Under Incoming connections, in Devices, click the check boxes next to the ... this new account will be greatly appreciated. ...
    (microsoft.public.windowsxp.general)
  • Re: rename AD user account creates problem with autocomplete in Ou
    ... I dont really see the point to changing the RDN portion as this really affects the login account name and will break mailflow. ... With any proxy changes you need to make sure that the mail attribute and the primary proxy address are the same as the below example ... object from both domain controllers to ensure that it is the same on both ... > for the account that was in the AutoComplete as dpritchard ...
    (microsoft.public.exchange.admin)
  • RE: Issue with user profile folders and outlook
    ... I have received the Event Log and had a look at it. ... the SID should be resolved to the account name. ... Try to log onto the client with that account and check how it works. ... Connections, ...
    (microsoft.public.windows.server.sbs)
  • Re: cannot connect to Cox news server
    ... have reproduced the error message that OE is getting. ... just the news server will not let me on. ... 502 Maximum number of connections reached. ... Account: news.east.cox.net ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • RE: auto dial up
    ... Switch to the Connections tab. ... Click the "Create a new account" link. ... Microsoft Online Partner Support ... This posting is provided "AS IS" with no warranties, ...
    (microsoft.public.windowsxp.general)
Loading