For those of you using Yahoo Widgets there are several that monitor ISC.  I prefer the one I developed  which you can find at http://widgets.yahoo.com/gallery/view.php?widget=40554. 

Although the default skin is rather large the circle skin can be minimized very small. 

Enjoy,
Cutaway

Kevan,
   I was in a mentoring presentation the other day.  One idea that the presenter touched on was delayed satisfaction.  What that means is this:  noticeable results are going to take a while.  Instantaneous satisfaction is only going to happen in a few things and then it is generally limited.  Be patient, keep plugging away, follow the advice that people give you, and explore (test the boundaries) of everything you touch.  Just be conscious of the legal and ethical lines that our society has drawn.  You don't want to go to jail but you do want to push the limits because that is how we grow as individuals and as a society.

Read the advice here.  Seek advice in other places.  Run things so that you make your own mistakes.  And you will find that with time you, and others, will be satisfied with your progress.

Probably a little too deep for here.  But I'll offer it up anyway.
Cutaway

I have been thinking about this a lot (you will find out more later ).

As usual it all depends on what you are trying to do.  If you are worried about your connection to the Internet then consider a DSL/Cable Router/Firewall some new versions even have VPN so you can remote into your home network and have secure, trusted, Internet access (great for travel).  If you are thinking a bit more robust then you might consider Gentoo http://www.gentoo.org/doc/en/home-router-howto.xml which is Linux or pfSense http://www.pfsense.com/index.php?id=17 which is BSD.  With the Gentoo you will be doing a lot of command line configuring.  pfSense has console configure and a web interface and a lot of great looking services.  I have just started looking into deploying this but I hear it is great and easy to use.

As to host based you should look at the information provided in this leak test: http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php to help you make your decision.

I hope that helps,
Cutaway

I have several suggestions.

Although I am not sure if he will do it again but Ed Skoudis taught a two day version of the GCIH course at RSA.  This might be an alternative if you cannot book a full GCIH.  But I am here to tell you, the full course has a lot more detail and content.  I think the two day is good for management types or people with very little time for training.

You should look at some Immunity training for writing exploits.  They have their full course: http://www.immunitysec.com/education-unethicalhacking.shtml and their cut down course http://www.immunitysec.com/education-windowsoverflow.shtml
I have not taken these but I am sure that anything from these guys will be worth it.  Plus, an exposure to CANVAS would be great for all.

Some of the Metasploit developers also teach courses on writing exploits.  They were also at the RSA tutorials but I am not sure how their courses went over.

You may want to look at the other GIAC auditing courses as well.  These really provide detail for report writing and communicating with management.

I hope that helps,
Cutaway

I recently did a little research on ike-scan version 1.8 and posted it to my blog.  ike-scan version 1.8 is included in the BackTrack 2 beta release but the new version of ike-scan, which is strangely enough version 1.9, is a part of BackTrack 2 Final.  You should either update to the new version of BackTrack or recompile your ike-scan version 1.8 if you cannot update.  Check out my post to see why:

http://www.cutawaysecurity.com/blog/archives/125

Please post any questions or comments here and I'll respond.
Go forth and do good things,
Cutaway

Kevan
   I know that you are new and you are getting some great feedback here but I am going to suggest that you utilize the resources available to you through your Linux distribution's forums.  Not only will you get more timely and helpful responses but also they will be more accurate to your distribution's packages.  You should check here: http://www.centos.org/modules/newbb/index.php?cat=3
You should search these forums before you post your questions as somebody may have already had the same problem and a solution may already be posted.

That said, of course I am going to leave you with some advice.

First, you are obviously missing some dependencies and need to install the appropriate packages.  I like to search for RPMs or the files contained in the RPM at: http://rpmfind.net/linux/rpm2html/search.php

Second, when you are installing RPMs I suggest you use the command "rpm -Uvh" as these options will update, be verbose, and print hash marks as to the install progress.  Update will properly handle updates to software and if it is not installed then it will just install it, verbose gives you more detailed output of the install process, and hashs show you the progress of the install so you know when something is done or has stalled.

Hope that helps.
Cutaway

I think you missed the actual error in your post.  Look further up in your error messages. 

You should also try one of these commands.  One of these is usually a part of the Makefile but not all the time.  If it is then it will give you an idea of what is happening.

That is actually a very good point.  If this is the case then either the VNC connection was exploited or, more probably, brute forced.  The cracker apparently had a VNC connection to the system.  This system then could have been used to compromise another system using 823.exe or to escalate privileges on the local host.

If your brother-in-law is like most people he might be using this password or something like it on multiple places.  He may want to change ALL of his passwords to something completely different.

ChrisG,

   Thanks for taking the time out to keep us informed.  I am looking forward to the videos and your reviews are going to help be prioritize my time.

Thanks again,
Cutaway

Not sure if you have identified how the system was compromised or how privileges were escalated.  Milw0rm has an exploit for 823.c but it is for "Dream FTP" and it does not appear to be a local exploit.  You can find the source: http://www.milw0rm.org/exploits/823

Once you have cleaned the system you are going to want to identify how the system was compromised before you put it back online.  You will want to also check any systems that are located on the same network as they might have been the source of the intrusion or may have fallen victim to attacks from this system.  If the other systems are rooted then you may need to resort to monitoring network traffic.

One thing you might consider is backing up all of the business files and reloading the system.  Sometimes this is the best way to handle incidents involving rootkits.  By storing files to a separate media and then scanning them from a separate, protected, system you can be sure that there is no "detectable" malware in these files.  Then you can DBNuke the old hard drive and get rid of anything except for firmware related malware which is highly unlikely.

Just throwing options out there for you to consider as you help your friend with additional risk analysis.

Good luck,
Cutaway

Thanks to all.  That site has really been pushing to get into the blogging world.  They are taking guerrilla online marketing to the next level by passing out kudos and articles directly to the blogging world.  Unfortunately they have some inaccuracies throughout their article and they have left off some heavy hitters throughout the application field.  Check out the comments for some good input.  I don't think they care either way.  Good or bad publicity gets them links from other sites and that is what counts for sales and page ranks.  Check out Martin McKeay's post on this: http://www.mckeay.net/secure/2007/03/thomas_wins_funniest_im_on_the.html

Don't get me wrong, I'll take kudos where I can get them.  But as one lemur in "Madagascar" said, "They give me the heebie geebies."

Funny thing, that article has not driven any traffic to my site .  EHN has done more for me in that area.  Which is important to be because your articles and posts are accurate and helpful  .

Go forth and do good things,
Cutaway

After you read Don's writeup you should then go and check out what Richard Bejtlich wrote a month or so ago in a blog post http://taosecurity.blogspot.com/2006/12/starting-out-in-digital-security.html.

At 17 you are going to find that your tastes, opinions, and goals are going to change.  But if you are going to continue through to being a security professional then these points will help you get there.   As you are getting to know Linux I would continue to work with it.  Maybe, for your next project, you should think about setting up a Gentoo or BSD box.  These tend to take a little more technical skill and the tutorials really get detailed and can be a lot of fun.  Once you have worked with Linux for a while you should turn back to Windows.  A security professional cannot do his job without it.  By delving into Windows and teaching yourself to use it by itself without tools like Cygwin you will be truly expanding your knowledge.  For instance, are you aware of the Windows Management Instrumentation Command-line?  You should check out Ed Skoudis' post at the Internet Storm Center called Windows Command-Line Kung Fu with WMIC http://isc.sans.org/diary.html?storyid=1229.  In fact you might want to search on Ed's articles here because they are all very helpful.

As to your programming skills learning anything you can will be helpful.  Stick with something you think is fun and just get to know it.  If I have to make one suggestion I would learn how to compile C programs as this will help you with some of your security work down the road.

As to your friends, not giving into peer pressure to use your skillz for malicious purposes is very important.  If you know of problems with your schools network I would be very careful.  It is possible that they may think your poking around is an attempt to breach their environment.  My suggestion (if you want to help) is to approach the staff.  First, go to your parents and to your guidance counselor and tell them that you are going to talk to the computer people about some problems you have found.  Let them know that your intent is to be helpful and not malicious.  That way you have something to fall back on and people to help you if things turn nasty.  Then go to the computer people and tell them that you would like to help.  Explain to them that you are interested in becoming a security professional.  Once they are on board let them know what you have found.  If they are not then you might want to back off before sharing the information.  Go back to your counselor and give the information to that person and let them proceed with the information.  They might be willing to listen to an adult more.

I know this sounds convoluted but you want to protect yourself.  Unfortunately it is necessary.  But just flat out hacking the system might get you arrested.  I know that your friends are alot of fun but are they worth a night or two in jail?  I am here to tell you that you want to stay as far away from a jail cell or drunk tank as possible.

I hope this helps,
Go forth and do good things,
Cutaway

Thank you all very much.  I do appreciate it.  I am hoping that this will help round out my training and I can move onto more actual work.

Good job to everybody else as well.  Someone actually turned this down for me to get it.  To me that says two things:

1.  Some of you are working very hard to keep this forum alive and active.  Good job.

2.  Most of you are caring, appreciative, and giving.  Truly the sign of an Ethical Hacker.

Good luck to all of you in the coming months.
Cutaway

First of all, if you present information to somebody who uses it to exploit a vulnerability and do something illegal you are very likely to get sued or even go to jail.  This is not a very smart method to convince somebody or do business.  Tread carefully.

Next, they do not understand the implications because you are not providing them with enough information in a manner that they understand.  People have a hard time understanding risk and how vulnerabilities can lead to exploitation and what the impact of that exploitation could be.  Here are some tips:

• Point them to the services that you think are vulnerable.  Do not hack these unless you have written permission.
• Explain to them the information that could be obtained from their current configuration.
• Show them what the impact due to this exposure could be.  Be sure to include monetary cost, man hours to mitigate, expected down time, legal considerations.
• Point out if they are violating any regulations like SOX or PCI and what the personal freedom implications and business impact that goes along with violating these regulations.
• Finally, give them solutions to fix the problem.  Include how much it will cost and try to keep the cost as low as possible and definitely lower than the cost of an incident.

Hope that helps.  Don't worry about it too much.  The manager responsible for business has to do a risk assessment.  If he choses to accept the risk then it is out of your hands.  Your job, I believe, is to point out the problems and make recommendations.  (I am assuming that because you have not been able to just put the change in place.)

Go forth and do good things,
Cutaway

I had thought of signing up for LSO as I heard they hold some competitions but I just have not gotten around to it.  I now see they have posted something about the next "Rootwar" on March 10, 2007 but I don't see any information about what "Rootwar" entails so I never really went beyond the videos offered on the site (great resource BTW).

I might sign up and check it out tonight.

Ahh, I see now, the challenge servers are a paid for service.  That might have been what kept me from signing up.

Thanks,
Cutaway