Re: How use of security tools.

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/28/05 

Date: Tue, 28 Jun 2005 08:20:44 -0700

I do not want to seem as discounting Steve's good, Windows specific
information and advise. However, I also feel you are asking a general
question in your post about how this is possible.

In general it is a service (of some type) that has bound to the network
interface (some protocol, some port, etc.) that is responsible for what
can be done when some client connects to the listener on that interface.

This has a couple of immediate implications, and is valid for all OSs.
First, it is the code that binds the listener that determines what will
happen - will it require authentication, some special handshake;
- what message formats will it expect, recognize; - what will it do
in response to accepted messages. Here control is expressed in
the configuration of the service.

Second, the network stack is usually between the service and the
raw network traffic, and this imposes a layer with which other parts
of the OS may impose blocking of the external network traffice so
that it is or is not delivered to the listener. At this level are things
like IPsec, the wrapper code (if any) that is hosting the service,
tcpwrapper, etc..

Third, of course if the traffic cannot get to / from the host where the
listener is running then the whole thing can not / does not happen.
This is such as an external (from the host with the service) firewall.

Fourth and finally, if all of the above allow the service to attempt to
do something (like look up a piece of information for return, or to
execute something, etc.) then the OS and its subsystems might impose
restrictions on what may be done for the context that is running the
service, causing the service to succeed or fail in that attempt. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
"TC" <travelclarkie@gmail.com> wrote in message
news:u3ktuL7eFHA.3280@TK2MSFTNGP09.phx.gbl...
> I am taking sec+ as well as a handful of other certs. Luckally I have a
2003
> Server to play with to learn things.
>
> I do have a question about some of the things I am learning.
>
> One thing that I'm a bit confused about.
>
>     While using tools like Cain on machine how is it able to grab all the
> data such as users, groups, services, etc on a remote system. Especally
when
> the credatials are either at the user level on the remote system or none
> exsistent (ie no account on the remote system).
>
>     I understand it will differ from OS to OS an general over veiw is all
i
> need and a being pointed in the right direction to learn for myself. (I've
> tried googling this and other similar questions but I'm sick of getting
porm
> and comprimising my test systems - at least they are VPC so gettings thing
> up and running is easier).
> -- 
> Thank you,
>
> TC
>
> Please reply to the newsgroup so we can all learn from others.
> Thanks.
>
>